Tuesday, July 1, 2025
No Result
View All Result
Shop
WORTH BITCOIN
  • Home
  • Blockchain
  • Crypto
  • Bitcoin
  • Altcoin
  • DeFi
  • NFTs
  • More
    • Market & Analysis
    • Dogecoin
    • Ethereum
    • XRP
    • Regulations
  • Shop
WORTH BITCOIN
No Result
View All Result
Home Ethereum

Security Alert – Solidity – Variables can be overwritten in storage

n70products by n70products
November 29, 2024
in Ethereum
0
Security Alert – Solidity – Variables can be overwritten in storage
152
SHARES
1.9k
VIEWS
Share on FacebookShare on Twitter


Abstract: In some conditions, variables can overwrite different variables in storage.

Affected Solidity compiler variations: 0.1.6 to 0.4.3 (together with 0.4.4 pre-release variations)

Detailed description:

Storage variables which can be smaller than 256 bits are packed collectively into the identical 256 bit slot if they’ll match. If a worth bigger than what’s allowed by the sort is assigned to the primary variable, that worth will overwrite the second variable.

This implies if an attacker may cause an overflow within the worth of the primary variable, then the second variable may be modified. Creating an overflow within the first variable is feasible utilizing arithmetics or by instantly passing in a worth from the decision information (values in name information are aligned to 32 bytes, and padding is neither verified nor enforced).

Contracts that solely use the kinds listed beneath for state variables are not affected. Arrays, mappings and structs (based mostly on these following sorts) are additionally not affected:

  • signed integers, together with sizes smaller than 256 bits
  • bytesNN sorts, together with sizes smaller than 256 bits
  • unsigned integers (uint) of 256 bits

Contracts with sorts smaller than 256 bits which can be by no means subsequent to one another (observe that state variables of base contracts are “pulled in”) are not affected.

The Ethereum multisignature pockets contract is not affected.
Observe that addresses take up 160 bits, so contracts that solely use addresses and 256-bit sorts are protected. Moreover, addresses and booleans are nearly by no means manipulated by way of arithmetic operations in observe, so contracts utilizing solely addresses, booleans and 256 bit sorts must also be protected.

The next contracts could also be affected:
Contracts containing two or extra contiguous state variables the place the sum of their sizes is lower than 256 bits and the primary state variable isn’t a signed integer and never of bytesNN kind.

Varieties smaller than 256 bits embody:
bool, enums, uint8, …, uint248, int8, …, int248, deal with, any contract kind

Beneficial motion:

  • Recompile contracts that haven’t but been deployed utilizing at the least Solidity launch 0.4.4 (not the pre-release or nightly model).
  • Deactivate, take away funds from, or improve already deployed contracts.

This vulnerability was discovered by [github.com/catageek](https://github.com/catageek): [https://github.com/ethereum/solidity/issues/1306](https://github.com/ethereum/solidity/points/1306)



Source link

Tags: AlertoverwrittenSecuritySolidityStorageVariables
  • Trending
  • Comments
  • Latest
dYdX to Unlock Over 33 Million Tokens: Will Price Crash?

dYdX to Unlock Over 33 Million Tokens: Will Price Crash?

December 19, 2024
XRP Price Reclaims Momentum: Is a Bigger Rally Ahead?

Bitcoin: What stablecoin flows tell you about BTC’s next move

December 19, 2024
Ted Cruz, Cynthia Lummis and 16 Other US Senators Now Aligned With Coinbase ‘Stand With Crypto’ Group

Ted Cruz, Cynthia Lummis and 16 Other US Senators Now Aligned With Coinbase ‘Stand With Crypto’ Group

December 19, 2024
AI for the little guy – Hypergrid Business

AI for the little guy – Hypergrid Business

December 19, 2024
4 Top Professional Crypto Trading Terminals- Better Way To Trade

4 Top Professional Crypto Trading Terminals- Better Way To Trade

0
Celsius CEO Requests to Drop Two Charges Linked to Fraud and Manipulation

Celsius CEO Requests to Drop Two Charges Linked to Fraud and Manipulation

0
Top Analyst Anticipates Dogecoin Surge To $0.10, But There’s A Catch

Top Analyst Anticipates Dogecoin Surge To $0.10, But There’s A Catch

0
Ethereum Bloodbath Incoming? Celsius’ $125 Million Move Threatens ETH Price

Ethereum Bloodbath Incoming? Celsius’ $125 Million Move Threatens ETH Price

0
Ripple Vs. SEC Lawsuit Nears End — Why The July 3rd Date Is Important

Ripple Vs. SEC Lawsuit Nears End — Why The July 3rd Date Is Important

July 1, 2025
Bitcoin To $1 Million? ‘Rich Dad’ Kiyosaki Says He’s Ready

Bitcoin To $1 Million? ‘Rich Dad’ Kiyosaki Says He’s Ready

July 1, 2025
Crypto PAC-Backed Candidate Wins Virginia Democratic Primary

Crypto PAC-Backed Candidate Wins Virginia Democratic Primary

July 1, 2025
Ethereum Price Readies for Takeoff — Bulls Eye Fresh Highs

Ethereum Price Readies for Takeoff — Bulls Eye Fresh Highs

July 1, 2025

Recent News

Ripple Vs. SEC Lawsuit Nears End — Why The July 3rd Date Is Important

Ripple Vs. SEC Lawsuit Nears End — Why The July 3rd Date Is Important

July 1, 2025
Bitcoin To $1 Million? ‘Rich Dad’ Kiyosaki Says He’s Ready

Bitcoin To $1 Million? ‘Rich Dad’ Kiyosaki Says He’s Ready

July 1, 2025
Crypto PAC-Backed Candidate Wins Virginia Democratic Primary

Crypto PAC-Backed Candidate Wins Virginia Democratic Primary

July 1, 2025

Tags

Altcoin ALTCOINS analyst Binance Bitcoin Bitcoins Blog Breakout BTC Bullish Bulls Coinbase Crash Crypto DOGE Dogecoin ETF ETFs ETH Ethereum Foundation Heres Key Major market Memecoin Million Move Outlook Predicts Price Rally REPORT Ripple SEC Solana Support Surge Target Top Trader Trump Updates Whales XRP

Categories

  • Altcoin
  • Bitcoin
  • Blockchain
  • Crypto
  • Dogecoin
  • Ethereum
  • Market & Analysis
  • NFTs
  • Regulations
  • XRP

Follow Us

© 2023 Worth-Bitcoin | All Rights Resered

No Result
View All Result
  • Home
  • Blockchain
  • Crypto
  • Bitcoin
  • Altcoin
  • DeFi
  • NFTs
  • More
    • Market & Analysis
    • Dogecoin
    • Ethereum
    • XRP
    • Regulations
  • Shop

© 2023 Worth-Bitcoin | All Rights Resered

Go to mobile version