CVE-2023-28431
7.50.25%
Discount DoS: Exploding Frontier Nodes with Even Numbers
Alon Barad
Software EngineerJan 5, 2026·5 min read·2 visits
PoC Available
Executive Summary (TL;DR)
Frontier's implementation of the `modexp` precompile underpriced operations involving even numbers. Because the underlying math library is significantly slower at processing even moduli than odd ones, attackers could spam cheap transactions that consumed massive amounts of CPU, effectively halting block production for a fraction of the intended cost.
A critical algorithmic complexity vulnerability in the Frontier Ethereum compatibility layer allowed attackers to trigger denial-of-service conditions by exploiting the performance discrepancy between odd and even moduli in modular exponentiation calculations.
Fix Analysis (1)
Technical Appendix
CVSS Score
7.5/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HEPSS Probability
0.25%
Top 52% most exploited
Affected Systems
Parity FrontierSubstrate-based chains with EVM compatibilityPolkadot Parachains using Frontier <= 0.1.0
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
Frontier Parity Technologies | <= 0.1.0 | PR #1017 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-682 (Incorrect Calculation) |
| Attack Vector | Network (Remote) |
| CVSS Score | 7.5 (High) |
| EPSS Score | 0.00249 (Low Prob) |
| Impact | Denial of Service (DoS) |
| Exploit Status | PoC / Trivial |
MITRE ATT&CK Mapping
CWE-682
Incorrect Calculation
The product performs a calculation that generates incorrect or inaccurate results that can be exploited to cause a denial of service.
Known Exploits & Detection
Vulnerability Timeline
Patch merged in PR #1017
2023-03-15
GHSA Advisory Published
2023-03-22
CVE-2023-28431 Assigned
2023-03-22