Vulnerability in Ethereum Compatibility Layer for Polkadot and Substrate by Parity Technologies
CVE-2025-54429
What is CVE-2025-54429?
The Polkadot Frontier ecosystem, which facilitates Ethereum and EVM compatibility, is affected by a vulnerability related to the handling of account address types. Specifically, the CallableByContract configuration for precompiled contracts was not correctly implemented in versions prior to 0822030, leading to a scenario where certain EVM mechanisms could be incorrectly accessed by smart contract accounts. This is particularly relevant for users utilizing custom precompile implementations. The vulnerability manifests when the address type is misidentified, allowing smart contracts to potentially interact with precompiled contracts that should remain inaccessible. The issue does not impact predefined precompiles within Frontier and has been resolved in the latest version.