Wei Tang

**Name of the Vulnerable Software and Affected Versions** Frontier (affected versions not specified) **Description** A security issue was discovered affecting the parsing of the RPC result of the exit reason in case of EVM reversion. This issue causes the exit reason to be incorrectly parsed and returned by RPC in release builds, and it causes an overflow panic in debug builds. The issue is relevant only if you have a bridge node that needs to distinguish different reversion exit reasons and you used RPC for this purpose. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Frontier (affected versions not specified) **Description** The issue is related to the truncation done when converting between EVM balance type and Substrate balance type in Frontier, Substrate's Ethereum compatibility layer. This incorrect implementation leads to a possible discrepancy between the appeared EVM transfer value and the actual Substrate value transferred. The vulnerability affects only EVM internal states, but not Substrate balance states or node. **Recommendations** To resolve the issue, it is recommended to plan an emergency upgrade. As a temporary workaround, consider setting up a Substrate `CallFilter` that disables `pallet-evm` and `pallet-ethereum` calls before the patch can be applied. For versions prior to the fixed version in the Frontier master branch commit fed5e0a9577c10bea021721e8c2c5c378e16bf66 and polkadot-v0.9.22 branch commit e3e427fa2e5d1200a784679f8015d4774cedc934, apply the patch to fix the issue.