Gas Price Manipulation Vulnerability in Polkadot Frontier by Parity Technologies
CVE-2025-54427

Currently unrated

Key Information:

Vendor: Parity Technologies
Status: Polkadot Frontier
Vendor: CVE Published:; 28 July 2025

🔔 Create Parity Technologies Vulnerability Alert

What is CVE-2025-54427?

The gas price manipulation vulnerability in Polkadot Frontier permits the block producer to set the target for MinGasPrice without verification due to a missing implementation of the check_inherent function for the note_min_gas_price_target. This flaw allows an attacker to exploit the target value, leading to inflated transaction fees and potentially a denial-of-service for users. The issue has been addressed in version a754b3d.

References

https://dotpal.io/assets/files/frontier-srlabs-2505-718c3...

https://github.com/polkadot-evm/frontier/commit/a754b3dc6...

https://github.com/polkadot-evm/frontier/security/advisor...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025