CVE-2023-28431: Frontier's modexp precompile is slow for even modulus
(updated )
Frontier’s modexp
precompile uses num-bigint
crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost discrepancy was not accounted for in the modexp
precompile, leading to possible denial of service attacks.
References
- github.com/advisories/GHSA-fcmm-54jp-7vf6
- github.com/paritytech/frontier
- github.com/paritytech/frontier/commit/5af12e94d7dfc8a0208a290643a800f55de7b219
- github.com/paritytech/frontier/pull/1017
- github.com/paritytech/frontier/security/advisories/GHSA-fcmm-54jp-7vf6
- github.com/rust-num/num-bigint/blob/6f2b8e0fc218dbd0f49bebb8db2d1a771fe6bafa/src/biguint/power.rs
- nvd.nist.gov/vuln/detail/CVE-2023-28431
Detect and mitigate CVE-2023-28431 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →