CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

GHSA-FCMM-54JP-7VF6
7.50.25%

The Even Number DoS: Cooking a Blockchain with Bad Math

Alon Barad
Alon Barad
Software Engineer

Jan 4, 2026·7 min read·3 visits

PoC Available

Executive Summary (TL;DR)

A math function in Frontier's Ethereum layer is secretly 20x slower for even numbers than odd ones, but the gas fee was the same. Attackers could spam cheap transactions using even numbers to trigger this slow path, causing a Denial of Service and potentially halting the blockchain.

CVE-2023-28431 is a critical Denial of Service vulnerability in Frontier, an Ethereum compatibility layer for Substrate. The issue stems from a gross miscalculation in transaction costs for a cryptographic precompile. A specific mathematical operation, modular exponentiation, is dramatically slower when using even numbers as a modulus due to an underlying library's implementation. Frontier failed to charge extra for this slow path, allowing an attacker to submit cheap transactions that consume massive amounts of computational power, effectively grinding the entire network to a halt for pennies on the dollar.

Fix Analysis (1)

Technical Appendix

CVSS Score
7.5/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Probability
0.25%
Top 100% most exploited

Affected Systems

Frontier (Ethereum compatibility layer for Substrate)

Affected Versions Detail

Product
Affected Versions
Fixed Version
Frontier
paritytech
All versions before the inclusion of commit 5af12e94d7dfc8a0208a290643a800f55de7b219Not specified, but patched in commit 5af12e94d7dfc8a0208a290643a800f55de7b219
AttributeDetail
CWE IDCWE-682: Incorrect Calculation
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
CVSS v3.1 Score7.5 (High)
EPSS Score0.25% (0.00249)
ImpactDenial of Service
Exploit StatusProof-of-Concept

MITRE ATT&CK Mapping

T1499Endpoint Denial of Service
Impact
T1499.003Application Exhaustion Flood
Impact
CWE-682
Incorrect Calculation

The software performs a calculation that results in an incorrect value. In this case, the gas cost calculation did not accurately reflect the computational resources required for modular exponentiation operations with even moduli, creating an economic imbalance that leads to a Denial of Service condition.

Vulnerability Timeline

Fix is committed to the Frontier repository.
2023-03-15
CVE-2023-28431 is officially published by NVD.
2023-03-22
GitHub Security Advisory GHSA-fcmm-54jp-7vf6 is published.
2023-03-22

References & Sources

  • [1]GitHub Advisory: Frontier's modexp precompile is slow for even modulus
  • [2]Fix PR: Increase modexp gas cost when mod is even
  • [3]Fix Commit: Increase modexp gas cost when mod is even
  • [4]NVD Entry for CVE-2023-28431
Related Vulnerabilities
CVE-2023-28431

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.