CVE-2023-28431: Frontier's modexp precompile is slow for even modulus
(updated )
Frontier’s modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost discrepancy was not accounted for in the modexp precompile, leading to possible denial of service attacks.
References
- github.com/advisories/GHSA-fcmm-54jp-7vf6
- github.com/paritytech/frontier/commit/5af12e94d7dfc8a0208a290643a800f55de7b219
- github.com/paritytech/frontier/pull/1017
- github.com/paritytech/frontier/security/advisories/GHSA-fcmm-54jp-7vf6
- github.com/polkadot-evm/frontier
- github.com/rust-num/num-bigint/blob/6f2b8e0fc218dbd0f49bebb8db2d1a771fe6bafa/src/biguint/power.rs
- nvd.nist.gov/vuln/detail/CVE-2023-28431
Detect and mitigate CVE-2023-28431 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →