CVE-2021-41138: 
Rust vulnerability analysis and mitigation

A security vulnerability was discovered in Frontier (CVE-2021-41138) affecting versions >= 88cf884 and < 146bb48. The issue involved transaction validation logic in the pallet-ethereum module where validity checks for signed Frontier-specific extrinsics were not properly called during block execution. The vulnerability was discovered and disclosed in October 2021, and was patched in version 146bb48 (GitHub Advisory).

The vulnerability stemmed from a design flaw where a significant portion of transaction validation logic was only being executed during transaction pool validation, but not during actual block execution. This created a security gap where malicious validators could potentially insert invalid transactions into blocks. While signature validation was still performed and most validation occurred in the pallet-evm execution logic, the incomplete validation created potential attack vectors including chain ID replay attacks (GitHub Advisory).

The impact was considered moderate. While the vulnerability could allow malicious validators to include invalid transactions in blocks and enable chain ID replay attacks, the scope was limited by several factors: 1) signatures were still validated, 2) most validation was performed in pallet-evm execution, and 3) potential spam attacks were constrained by Substrate block size limits (GitHub Advisory).

The vulnerability was patched in commit 146bb48849e5393004be5c88beefe76fdf009aba. The fix involved ensuring that transaction validity controls are properly executed in the State Transition Function (STF) during block execution, not just during pool validation. Users were advised to upgrade to versions containing this patch (GitHub Advisory, GitHub Commit).

The vulnerability was responsibly disclosed and handled, with special acknowledgment given to @librelois, @nanocryk and the Moonbeam team for reporting and fixing the security vulnerability (GitHub Advisory).