CVE-2023-28431

Discount DoS: Exploding Frontier Nodes with Even Numbers

Alon Barad
Alon Barad
Software Engineer

Jan 5, 2026·5 min read·1 visit

Executive Summary (TL;DR)

Frontier's implementation of the `modexp` precompile underpriced operations involving even numbers. Because the underlying math library is significantly slower at processing even moduli than odd ones, attackers could spam cheap transactions that consumed massive amounts of CPU, effectively halting block production for a fraction of the intended cost.

A critical algorithmic complexity vulnerability in the Frontier Ethereum compatibility layer allowed attackers to trigger denial-of-service conditions by exploiting the performance discrepancy between odd and even moduli in modular exponentiation calculations.

Official Patches

Parity TechnologiesPR #1017: Adjust modexp gas cost for even modulus

Fix Analysis (1)

Technical Appendix

CVSS Score
7.5/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Probability
0.25%
Top 52% most exploited

Affected Systems

Parity FrontierSubstrate-based chains with EVM compatibilityPolkadot Parachains using Frontier <= 0.1.0

Affected Versions Detail

Product
Affected Versions
Fixed Version
Frontier
Parity Technologies
<= 0.1.0PR #1017
AttributeDetail
CWE IDCWE-682 (Incorrect Calculation)
Attack VectorNetwork (Remote)
CVSS Score7.5 (High)
EPSS Score0.00249 (Low Prob)
ImpactDenial of Service (DoS)
Exploit StatusPoC / Trivial

MITRE ATT&CK Mapping

T1499Endpoint Denial of Service
Impact
T1496Resource Hijacking
Impact
CWE-682
Incorrect Calculation

The product performs a calculation that generates incorrect or inaccurate results that can be exploited to cause a denial of service.

Known Exploits & Detection

GitHubAdvisory containing technical details on the algorithmic discrepancy

Vulnerability Timeline

Patch merged in PR #1017
2023-03-15
GHSA Advisory Published
2023-03-22
CVE-2023-28431 Assigned
2023-03-22

Subscribe to updates

Get the latest CVE analysis reports delivered to your inbox.