Frontier
CVE-2021-41138
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block. The attack is limited in that the signature is always validated, and the majority of the validation is done again in the subsequent pallet-evm execution logic. However, do note that a chain ID replay attack was possible. In addition, spamming attacks are of main concerns, while they are limited by Substrate block size limits and other factors. The issue is patched in commit 146bb48849e5393004be5c88beefe76fdf009aba.
AnalysisAI
Frontier is Substrate's Ethereum compatibility layer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-20. Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block. The attack is limited in that the signature is always validated, and the majority of the validation is done again in the subsequent pallet-evm execution logic. However, do note that a chain ID replay attack was possible. In addition, spamming attacks are of main concerns, while they are limited by Substrate block size limits and other factors. The issue is patched in commit 146bb48849e5393004be5c88beefe76fdf009aba. Affected products include: Parity Frontier.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Frontier is Substrate's Ethereum compatibility layer. Rated high severity (CVSS 7.5), this vulnerability is remotely exp
Frontier is an Ethereum compatibility layer for Substrate. Rated high severity (CVSS 7.5), this vulnerability is remotel
Frontier is Substrate's Ethereum compatibility layer. Rated medium severity (CVSS 6.5), this vulnerability is remotely e
Frontier is an Ethereum compatibility layer for Substrate. Rated medium severity (CVSS 5.3), this vulnerability is remot
Frontier is Substrate's Ethereum compatibility layer. Rated medium severity (CVSS 5.3), this vulnerability is remotely e
Frontier is Substrate's Ethereum compatibility layer. Rated medium severity (CVSS 5.3), this vulnerability is remotely e
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today