CVE-2022-31111

Name: CVE-2022-31111
Creator: NVD / NIST
Published: 2022-07-06T18:15:19.217+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 1.03%

Last modified Jun 17, 2026

CVE-2022-31111 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. EPSS estimates a 1.03% chance of exploitation in the next 30 days.

Description

Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value transferred. It is recommended that an emergency upgrade to be planned and EVM execution temporarily paused in the mean time. The issue is patched in Frontier master branch commit fed5e0a9577c10bea021721e8c2c5c378e16bf66 and polkadot-v0.9.22 branch commit e3e427fa2e5d1200a784679f8015d4774cedc934. This vulnerability affects only EVM internal states, but not Substrate balance states or node. You can temporarily pause EVM execution (by setting up a Substrate `CallFilter` that disables `pallet-evm` and `pallet-ethereum` calls before the patch can be applied.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Probability

1.03%

59.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-670

Affected Software

Vendor	Product	Versions
Parity	Frontier	All versions

References

https://github.com/paritytech/frontier/commit/e3e427fa2e5d1200a784679f8015d4774cedc934Patch, Third Party Advisory
https://github.com/paritytech/frontier/commit/fed5e0a9577c10bea021721e8c2c5c378e16bf66Patch, Third Party Advisory
https://github.com/paritytech/frontier/pull/753Issue Tracking, Patch, Third Party Advisory
https://github.com/paritytech/frontier/security/advisories/GHSA-hc8w-mx86-9fcjPatch, Third Party Advisory
https://github.com/paritytech/frontier/commit/e3e427fa2e5d1200a784679f8015d4774cedc934Patch, Third Party Advisory
https://github.com/paritytech/frontier/commit/fed5e0a9577c10bea021721e8c2c5c378e16bf66Patch, Third Party Advisory
https://github.com/paritytech/frontier/pull/753Issue Tracking, Patch, Third Party Advisory
https://github.com/paritytech/frontier/security/advisories/GHSA-hc8w-mx86-9fcjPatch, Third Party Advisory

Timeline

Published: Jul 6, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-31111?

How severe is CVE-2022-31111?

CVE-2022-31111 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 1.03% probability of exploitation in the next 30 days.

How do I fix CVE-2022-31111?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-31111?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST