Skip to content

Integer underflow in the MODEXP precompile

Moderate
sorpaas published GHSA-cjg2-2fjg-fph4 Jan 14, 2022

Package

cargo Frontier (Rust)

Affected versions

<= commit 6dd07a4

Patched versions

>= commit 8a93fdc

Description

Impact

A bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. It is recommended that you apply the patch as soon as possible.

If you do not use MODEXP precompile in your runtime, then you are not impacted.

Patches

Patches are applied in PR #549.

Workarounds

None.

References

Patch PR: #549

Credits

Thanks to SR-Labs for discovering the security vulnerability, and thanks to PureStake team for the patches.

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2022-21685

Weaknesses

No CWEs