Ethereum

Security Alert – Solidity – Variables can be overwritten in storage

Photo of DailyBlockchain.News Admin DailyBlockchain.News AdminApril 13, 2024
1 minute read
Geth V1.13.0

Abstract: In some conditions, variables can overwrite different variables in storage.

Affected Solidity compiler variations: 0.1.6 to 0.4.3 (together with 0.4.4 pre-launch variations)

Detailed description:

Storage variables which might be smaller than 256 bits are packed collectively into the identical 256 bit slot in the event that they can match. If a worth bigger than what’s allowed by the sort is assigned to the primary variable, that worth will overwrite the second variable.

This implies if an attacker can trigger an overflow in the worth of the primary variable, then the second variable can be modified. Creating an overflow in the primary variable is feasible utilizing arithmetics or by instantly passing in a worth from the decision knowledge (values in name knowledge are aligned to 32 bytes, and padding is neither verified nor enforced).

Contracts that solely use the kinds listed beneath for state variables are not affected. Arrays, mappings and structs (based mostly on these following varieties) are additionally not affected:

  • signed integers, together with sizes smaller than 256 bits
  • bytesNN varieties, together with sizes smaller than 256 bits
  • unsigned integers (uint) of 256 bits

Contracts with varieties smaller than 256 bits which might be by no means subsequent to one another (be aware that state variables of base contracts are “pulled in”) are not affected.

The Ethereum multisignature pockets contract is not affected.
Be aware that addresses take up 160 bits, so contracts that solely use addresses and 256-bit varieties are protected. Moreover, addresses and booleans are nearly by no means manipulated through arithmetic operations in apply, so contracts utilizing solely addresses, booleans and 256 bit varieties must also be protected.

The next contracts could be affected:
Contracts containing two or extra contiguous state variables the place the sum of their sizes is lower than 256 bits and the primary state variable will not be a signed integer and never of bytesNN sort.

Varieties smaller than 256 bits embrace:
bool, enums, uint8, …, uint248, int8, …, int248, tackle, any contract sort

Really helpful motion:

  • Recompile contracts that haven’t but been deployed utilizing a minimum of Solidity launch 0.4.4 (not the pre-launch or nightly model).
  • Deactivate, take away funds from, or improve already deployed contracts.

This vulnerability was discovered by [github.com/catageek]( [

Tags
Photo of DailyBlockchain.News Admin DailyBlockchain.News AdminApril 13, 2024
1 minute read
Photo of DailyBlockchain.News Admin

DailyBlockchain.News Admin

Our Mission is to bridge the knowledge gap and foster an informed blockchain community by presenting clear, concise, and reliable information every single day. Join us on this exciting journey into the future of finance, technology, and beyond. Whether you’re a blockchain novice or an enthusiast, DailyBlockchain.news is here for you.
Back to top button