CVE-2025-54429

Name of the Vulnerable Software and Affected Versions Polkadot Frontier versions prior to 0822030

Description Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The implementation of CallableByContract incorrectly identified contract addresses running under CREATE or CREATE2 as externally owned accounts (EOA) instead of correctly identifying them as contract accounts. This issue affects users utilizing custom precompile implementations that rely on distinguishing between AddressType::EOA and AddressType::Contract. The vulnerability is not directly exploitable in the predefined precompiles within Frontier.

Recommendations Update Polkadot Frontier to version 0822030 or later.