CVE-2023-28431: 
Rust vulnerability analysis and mitigation

Frontier is an Ethereum compatibility layer for Substrate. A vulnerability was discovered in Frontier's modexp precompile that uses the num-bigint crate. Prior to pull request 1017, the implementation treated cases for modulus being even and modulus being odd separately, where odd modulus uses fast Montgomery multiplication while even modulus uses slow plain power algorithm. This gas cost discrepancy was not accounted for in the modexp precompile, leading to potential denial of service attacks (GitHub Advisory).

The vulnerability stems from the different performance characteristics between even and odd modulus calculations in the num-bigint implementation. When the modulus is odd, the system uses the efficient Montgomery multiplication algorithm, but when the modulus is even, it falls back to a significantly slower plain power algorithm. This performance difference was not reflected in the gas costs, creating an exploitable discrepancy (GitHub Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (NVD).

The vulnerability could be exploited to perform denial of service attacks by deliberately using even modulus values, which would consume significantly more computational resources than accounted for by the gas costs. This could potentially affect the performance and availability of systems implementing the Frontier Ethereum compatibility layer.

A short-term fix has been implemented in Frontier pull request 1017, which increases the gas costs for even modulus by a factor of 20 to account for the performance difference. For networks anticipating malicious validators, an emergency runtime upgrade is recommended. For networks without anticipated malicious validators, a normal runtime upgrade is sufficient due to Substrate's built-in timeout protection during block building. No other workarounds are available (GitHub Advisory).