CVE-2022-31111

Name of the Vulnerable Software and Affected Versions Frontier (affected versions not specified)

Description The issue is related to the truncation done when converting between EVM balance type and Substrate balance type in Frontier, Substrate's Ethereum compatibility layer. This incorrect implementation leads to a possible discrepancy between the appeared EVM transfer value and the actual Substrate value transferred. The vulnerability affects only EVM internal states, but not Substrate balance states or node.

Recommendations To resolve the issue, it is recommended to plan an emergency upgrade. As a temporary workaround, consider setting up a Substrate CallFilter that disables pallet-evm and pallet-ethereum calls before the patch can be applied. For versions prior to the fixed version in the Frontier master branch commit fed5e0a9577c10bea021721e8c2c5c378e16bf66 and polkadot-v0.9.22 branch commit e3e427fa2e5d1200a784679f8015d4774cedc934, apply the patch to fix the issue.