PT-2025-31151 · Unknown · Polkadot Frontier
Published
2025-07-28
·
Updated
2025-07-31
·
CVE-2025-54426
CVSS v4.0
9.9
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Polkadot Frontier versions prior to commit 36f70d1
Description
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The
Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invalid input bytes as the Ristretto identity element, potentially leading to incorrect cryptographic results.Recommendations
Update to commit 36f70d1 or a later version to address this issue.
Exploit
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Polkadot Frontier