漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Polkadot Frontier's constructing smart contract can bypass precompile address bounding
Vulnerability Description
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for safety. For precompiles to be callable by smart contracts they must be explicitly configured as CallableByContract. If this configuration is absent, then the precompile should be unreachable via smart contract accounts. In commits prior to 0822030, the underlying implementation of CallableByContract which returned the AddressType was incorrect. It considered the contract address running under CREATE or CREATE2 to be AddressType::EOA rather than correctly as AddressType::Contract. The issue only affects users who use custom precompile implementations that utilize AddressType::EOA and AddressType::Contract. It's not directly exploitable in any of the predefined precompiles in Frontier. This is fixed in version 0822030.
CVSS Information
N/A
Vulnerability Type
不正确的类型转换
Vulnerability Title
Polkadot Frontier 代码问题漏洞
Vulnerability Description
Polkadot Frontier是Polkadot EVM开源的一个提供以太坊虚拟机兼容层的应用程序。 Polkadot Frontier 0822030之前版本存在代码问题漏洞,该漏洞源于CallableByContract实现错误,可能导致预编译调用不当。
CVSS Information
N/A
Vulnerability Type
N/A