CVE-2021-41138: Validity check missing in Frontier
In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block.
The attack is limited in that the signature is always validated, and the majority of the validation is done again in the subsequent pallet-evm execution logic. However, do note that a chain ID replay attack was possible. In addition, spamming attacks are of main concerns, while they are limited by Substrate block size limits and other factors.
References
- github.com/advisories/GHSA-vj62-g63v-f8mf
- github.com/paritytech/frontier
- github.com/paritytech/frontier/commit/146bb48849e5393004be5c88beefe76fdf009aba
- github.com/paritytech/frontier/pull/495
- github.com/paritytech/frontier/pull/497
- github.com/paritytech/frontier/security/advisories/GHSA-vj62-g63v-f8mf
- nvd.nist.gov/vuln/detail/CVE-2021-41138
Detect and mitigate CVE-2021-41138 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →