Integer underflow in the MODEXP precompile
A bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. It is recommended that you apply the patch as soon as possible.
If you do not use MODEXP precompile in your runtime, then you are not impacted.
Patches are applied in PR #549.
Patch PR: #549
Thanks to SR-Labs for discovering the security vulnerability, and thanks to PureStake team for the patches.
For more information
If you have any questions or comments about this advisory:
- Open an issue in the Frontier repo