CVE-2025-54427

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-54427

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54427.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-54427

Aliases

GHSA-r6rj-gmqh-cv94

Published

2025-07-28T20:20:04.064Z

Modified

2026-04-10T05:29:34.937728Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator

Summary

Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price

Details

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic notemingaspricetarget is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each inherent, which includes the checkinherent call. This allows other nodes to verify if the input (in this case, the target value) is correct. However, prior to commit a754b3d, the checkinherent function has not been implemented for notemingaspricetarget. This lets the block producer set the target value without verification. The target is then used to set the MinGasPrice, which has an upper and lower bound defined in the on_initialize hook. The block producer can set the target to the upper bound. Which also increases the upper and lower bounds for the next block. Over time, this could result in continuously raising the gas price, making contract execution too expensive and ineffective for users. An attacker could use this flaw to manipulate the gas price, potentially leading to significantly inflated transaction fees. Such manipulation could render contract execution prohibitively expensive for users, effectively resulting in a denial-of-service condition for the network. This is fixed in version a754b3d.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54427.json",
    "cwe_ids": [
        "CWE-682",
        "CWE-754"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/polkadot-evm/frontier

Affected ranges

Type: GIT
Repo: https://github.com/polkadot-evm/frontier
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a754b3dc6e1b6da98f71aea7bb1fa08677b24186

Affected versions

fc-consensus-v1.*

fc-consensus-v1.0.0

fc-consensus-v2.*

fc-consensus-v2.0.0

fc-db-v1.*

fc-db-v1.0.0

fc-mapping-sync-v1.*

fc-mapping-sync-v1.0.0

fc-rpc-core-v1.*

fc-rpc-core-v1.0.0

fc-rpc-v1.*

fc-rpc-v1.0.0

fp-consensus-v1.*

fp-consensus-v1.0.0

fp-evm-v1.*

fp-evm-v1.0.0

fp-evm-v2.*

fp-evm-v2.0.0

fp-rpc-v1.*

fp-rpc-v1.0.0

fp-rpc-v2.*

fp-rpc-v2.0.0

fp-rpc-v2.1.0

fp-storage-v1.*

fp-storage-v1.0.0

fp-storage-v1.0.1

fp-storage-v2.*

fp-storage-v2.0.0

Other

frontier-stable2503-1

pallet-dynamic-fee-v1.*

pallet-dynamic-fee-v1.0.0

pallet-dynamic-fee-v2.*

pallet-dynamic-fee-v2.0.0

pallet-dynamic-fee-v3.*

pallet-dynamic-fee-v3.0.0

pallet-ethereum-v1.*

pallet-ethereum-v1.0.0

pallet-ethereum-v2.*

pallet-ethereum-v2.0.0

pallet-ethereum-v3.*

pallet-ethereum-v3.0.0

pallet-evm-precompile-blake2-v1.*

pallet-evm-precompile-blake2-v1.0.0

pallet-evm-precompile-bn128-v1.*

pallet-evm-precompile-bn128-v1.0.0

pallet-evm-precompile-dispatch-v1.*

pallet-evm-precompile-dispatch-v1.0.0

pallet-evm-precompile-ed25519-v1.*

pallet-evm-precompile-ed25519-v1.0.0

pallet-evm-precompile-modexp-v1.*

pallet-evm-precompile-modexp-v1.0.0

pallet-evm-precompile-sha3fips-v1.*

pallet-evm-precompile-sha3fips-v1.0.0

pallet-evm-precompile-simple-v1.*

pallet-evm-precompile-simple-v1.0.0

pallet-evm-v3.*

pallet-evm-v3.0.0

pallet-evm-v4.*

pallet-evm-v4.0.0

pallet-evm-v5.*

pallet-evm-v5.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54427.json"