CVE-2025-54427

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Polkadot Frontier versions prior to a754b3d

Description Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The note min gas price target extrinsic is an inherent extrinsic, callable only by the block producer. Prior to commit a754b3d, the check inherent function was not implemented for this extrinsic, allowing the block producer to set the target value without verification. This target value is used to set the MinGasPrice, which has upper and lower bounds defined in the on initialize hook. An attacker could exploit this to continuously raise the gas price, potentially leading to inflated transaction fees and a denial-of-service condition for the network by making contract execution prohibitively expensive for users.

Recommendations Update Polkadot Frontier to version a754b3d or later.

Exploit

Fix

DoS

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-682

Related Identifiers

CVE-2025-54427

GHSA-R6RJ-GMQH-CV94

Affected Products

Polkadot Frontier

CVE-2025-54427

Weakness Enumeration

Related Identifiers

Affected Products

References · 9