CVE-2021-41138

Name of the Vulnerable Software and Affected Versions Substrate's Frontier (affected versions not specified)

Description The issue concerns Substrate's Ethereum compatibility layer, Frontier. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. This allows malicious validators to put invalid transactions into a block. Although the signature is always validated and the majority of the validation is done again in the subsequent pallet-evm execution logic, a chain ID replay attack was possible. Additionally, spamming attacks are a concern but are limited by Substrate block size limits and other factors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.