CVE-2025-54427

{"id": "CVE-2025-54427", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-28T21:15:27.080", "references": [{"url": "https://dotpal.io/assets/files/frontier-srlabs-2505-718c3bfa5df9fed1862fed05de506859.pdf", "source": "security-advisories@github.com"}, {"url": "https://github.com/polkadot-evm/frontier/commit/a754b3dc6e1b6da98f71aea7bb1fa08677b24186", "source": "security-advisories@github.com"}, {"url": "https://github.com/polkadot-evm/frontier/security/advisories/GHSA-r6rj-gmqh-cv94", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-682"}, {"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic note_min_gas_price_target is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which includes the check_inherent call. This allows other nodes to verify if the input (in this case, the target value) is correct. However, prior to commit a754b3d, the check_inherent function has not been implemented for note_min_gas_price_target. This lets the block producer set the target value without verification. The target is then used to set the MinGasPrice, which has an upper and lower bound defined in the on_initialize hook. The block producer can set the target to the upper bound. Which also increases the upper and lower bounds for the next block. Over time, this could result in continuously raising the gas price, making contract execution too expensive and ineffective for users. An attacker could use this flaw to manipulate the gas price, potentially leading to significantly inflated transaction fees. Such manipulation could render contract execution prohibitively expensive for users, effectively resulting in a denial-of-service condition for the network. This is fixed in version a754b3d."}, {"lang": "es", "value": "Polkadot Frontier es una capa de compatibilidad con Ethereum y EVM para Polkadot y Substrate. La funci\u00f3n extr\u00ednseca note_min_gas_price_target es inherente, lo que significa que solo el productor del bloque puede invocarla. Para garantizar la correcci\u00f3n, se debe implementar el atributo ProvideInherent para cada inherente, lo que incluye la llamada check_inherent. Esto permite que otros nodos verifiquen si la entrada (en este caso, el valor objetivo) es correcta. Sin embargo, antes del commit a754b3d, la funci\u00f3n check_inherent no se hab\u00eda implementado para note_min_gas_price_target. Esto permite al productor del bloque establecer el valor objetivo sin verificaci\u00f3n. El objetivo se utiliza entonces para establecer el MinGasPrice, que tiene un l\u00edmite superior e inferior definidos en el gancho on_initialize. El productor del bloque puede establecer el objetivo en el l\u00edmite superior. Esto tambi\u00e9n aumenta los l\u00edmites superior e inferior para el siguiente bloque. Con el tiempo, esto podr\u00eda resultar en un aumento continuo del precio del gas, encareciendo la ejecuci\u00f3n del contrato e ineficaz para los usuarios. Un atacante podr\u00eda usar esta vulnerabilidad para manipular el precio del gas, lo que podr\u00eda resultar en tarifas de transacci\u00f3n significativamente infladas. Dicha manipulaci\u00f3n podr\u00eda encarecer la ejecuci\u00f3n del contrato de forma prohibitiva para los usuarios, lo que resultar\u00eda en una denegaci\u00f3n de servicio para la red. Esto se corrigi\u00f3 en la versi\u00f3n a754b3d."}], "lastModified": "2025-07-29T14:14:29.590", "sourceIdentifier": "security-advisories@github.com"}