Precompile Vulnerability in Polkadot Frontier Affects Ethereum Compatibility Layer
CVE-2025-54426
Currently unrated
What is CVE-2025-54426?
The Polkadot Frontier framework, designed to enhance Ethereum and EVM compatibility, contains a vulnerability in the Curve25519Add and Curve25519ScalarMul precompiles. In versions preceding commit 36f70d1, these precompiles fail to properly validate Ristretto point representations. Incorrect handling of invalid input bytes leads to the mistaken interpretation of these inputs as the Ristretto identity element, which can yield inaccurate cryptographic computations. This flaw necessitates immediate attention to ensure the integrity and security of cryptographic operations within the ecosystem.