Librelois

**Name of the Vulnerable Software and Affected Versions** Substrate's Frontier (affected versions not specified) **Description** The issue concerns Substrate's Ethereum compatibility layer, Frontier. In the newly introduced signed Frontier-specific extrinsic for `pallet-ethereum`, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. This allows malicious validators to put invalid transactions into a block. Although the signature is always validated and the majority of the validation is done again in the subsequent `pallet-evm` execution logic, a chain ID replay attack was possible. Additionally, spamming attacks are a concern but are limited by Substrate block size limits and other factors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.