Tuesday, July 1, 2025
No Result
View All Result
Shop
WORTH BITCOIN
  • Home
  • Blockchain
  • Crypto
  • Bitcoin
  • Altcoin
  • DeFi
  • NFTs
  • More
    • Market & Analysis
    • Dogecoin
    • Ethereum
    • XRP
    • Regulations
  • Shop
WORTH BITCOIN
No Result
View All Result
Home Ethereum

Solidity Storage Array Bugs | Ethereum Foundation Blog

n70products by n70products
October 1, 2024
in Ethereum
0
Solidity Storage Array Bugs | Ethereum Foundation Blog
152
SHARES
1.9k
VIEWS
Share on FacebookShare on Twitter


Solidity Storage Array Bug Announcement

This weblog put up is about two bugs related to storage arrays that are in any other case unrelated. Each have been current within the compiler for a very long time and have solely been found now though a contract containing them ought to very possible present malfunctions in checks.

Daenam Kim with assist from Nguyen Pham, each from Curvegrid found a difficulty the place invalid knowledge is saved in reference to arrays of signed integers.

This bug has been current since Solidity 0.4.7 and we think about it the extra severe of the 2. If these arrays use unfavourable integers in a sure state of affairs, it would trigger knowledge corruption and thus the bug needs to be simple to detect.

Via the Ethereum bug bounty program, we acquired a report a few flaw throughout the new experimental ABI encoder (known as ABIEncoderV2). The brand new ABI encoder remains to be marked as experimental, however we nonetheless suppose that this deserves a outstanding announcement since it’s already used on mainnet.
Credit to Ming Chuan Lin (of https://www.secondstate.io) for each discovering and fixing the bug!

The 0.5.10 release incorporates the fixes to the bugs.
In the meanwhile, we don’t plan to publish a repair to the legacy 0.4.x sequence of Solidity, however we would if there may be widespread demand.

Each bugs needs to be simply seen in checks that contact the related code paths.

Particulars concerning the two bugs may be discovered under.

Signed Integer Array Bug

Who needs to be involved

When you have deployed contracts which use signed integer arrays in storage and both immediately assign

  • a literal array with at the least one unfavourable worth in it (x = [-1, -2, -3];) or
  • an current array of a completely different signed integer sort

to it, this may result in knowledge corruption within the storage array.

Contracts that solely assign particular person array components (i.e. with x[2] = -1;) should not affected.

Methods to examine if contract is susceptible

In the event you use signed integer arrays in storage, attempt to run checks the place you utilize unfavourable values. The impact needs to be that the precise worth saved is constructive as a substitute of unfavourable.

When you have a contract that meets these circumstances, and wish to confirm whether or not the contract is certainly susceptible, you possibly can attain out to us through security@ethereum.org.

Technical particulars

Storage arrays may be assigned from arrays of various sort. Throughout this copy and project operation, a kind conversion is carried out on every of the weather. Along with the conversion, particularly if the signed integer sort is shorter than 256 bits, sure bits of the worth must be zeroed out in preparation for storing a number of values in the identical storage slot.

Which bits to zero out was incorrectly decided from the supply and never the goal sort. This results in too many bits being zeroed out. Specifically, the signal bit can be zero which makes the worth constructive.

ABIEncoderV2 Array Bug

Who needs to be involved

When you have deployed contracts which use the experimental ABI encoder V2, then these is likely to be affected. Which means solely contracts which use the next directive throughout the supply code may be affected:

pragma experimental ABIEncoderV2;

Moreover, there are a variety of necessities for the bug to set off. See technical particulars additional under for extra info.

Methods to examine if contract is susceptible

The bug solely manifests itself when the entire following circumstances are met:

  • Storage knowledge involving arrays or structs is distributed on to an exterior perform name, to abi.encode or to occasion knowledge with out prior project to an area (reminiscence) variable AND
  • this knowledge both incorporates an array of structs or an array of statically-sized arrays (i.e. at the least two-dimensional).

Along with that, within the following state of affairs, your code is NOT affected:

  • for those who solely return such knowledge and don’t use it in abi.encode, exterior calls or occasion knowledge.

Potential penalties

Naturally, any bug can have wildly various penalties relying on this system management move, however we count on that that is extra more likely to result in malfunction than exploitability.

The bug, when triggered, will below sure circumstances ship corrupt parameters on technique invocations to different contracts.

Technical particulars

Through the encoding course of, the experimental ABI encoder doesn’t correctly advance to the subsequent factor in an array in case the weather occupy greater than a single slot in storage.

That is solely the case for components which might be structs or statically-sized arrays. Arrays of dynamically-sized arrays or of elementary datatypes should not affected.

The precise impact you will note is that knowledge is “shifted” within the encoded array: When you have an array of sort uint[2][] and it incorporates the information
[[1, 2], [3, 4], [5, 6]], then will probably be encoded as [[1, 2], [2, 3], [3, 4]] as a result of the encoder solely advances by a single slot between components as a substitute of two.

This put up was collectively composed by @axic, @chriseth, @holiman



Source link

Tags: ArrayBlogBugsEthereumFoundationSolidityStorage
  • Trending
  • Comments
  • Latest
dYdX to Unlock Over 33 Million Tokens: Will Price Crash?

dYdX to Unlock Over 33 Million Tokens: Will Price Crash?

December 19, 2024
XRP Price Reclaims Momentum: Is a Bigger Rally Ahead?

Bitcoin: What stablecoin flows tell you about BTC’s next move

December 19, 2024
Ted Cruz, Cynthia Lummis and 16 Other US Senators Now Aligned With Coinbase ‘Stand With Crypto’ Group

Ted Cruz, Cynthia Lummis and 16 Other US Senators Now Aligned With Coinbase ‘Stand With Crypto’ Group

December 19, 2024
AI for the little guy – Hypergrid Business

AI for the little guy – Hypergrid Business

December 19, 2024
4 Top Professional Crypto Trading Terminals- Better Way To Trade

4 Top Professional Crypto Trading Terminals- Better Way To Trade

0
Celsius CEO Requests to Drop Two Charges Linked to Fraud and Manipulation

Celsius CEO Requests to Drop Two Charges Linked to Fraud and Manipulation

0
Top Analyst Anticipates Dogecoin Surge To $0.10, But There’s A Catch

Top Analyst Anticipates Dogecoin Surge To $0.10, But There’s A Catch

0
Ethereum Bloodbath Incoming? Celsius’ $125 Million Move Threatens ETH Price

Ethereum Bloodbath Incoming? Celsius’ $125 Million Move Threatens ETH Price

0
Ripple Vs. SEC Lawsuit Nears End — Why The July 3rd Date Is Important

Ripple Vs. SEC Lawsuit Nears End — Why The July 3rd Date Is Important

July 1, 2025
Bitcoin To $1 Million? ‘Rich Dad’ Kiyosaki Says He’s Ready

Bitcoin To $1 Million? ‘Rich Dad’ Kiyosaki Says He’s Ready

July 1, 2025
Crypto PAC-Backed Candidate Wins Virginia Democratic Primary

Crypto PAC-Backed Candidate Wins Virginia Democratic Primary

July 1, 2025
Ethereum Price Readies for Takeoff — Bulls Eye Fresh Highs

Ethereum Price Readies for Takeoff — Bulls Eye Fresh Highs

July 1, 2025

Recent News

Ripple Vs. SEC Lawsuit Nears End — Why The July 3rd Date Is Important

Ripple Vs. SEC Lawsuit Nears End — Why The July 3rd Date Is Important

July 1, 2025
Bitcoin To $1 Million? ‘Rich Dad’ Kiyosaki Says He’s Ready

Bitcoin To $1 Million? ‘Rich Dad’ Kiyosaki Says He’s Ready

July 1, 2025
Crypto PAC-Backed Candidate Wins Virginia Democratic Primary

Crypto PAC-Backed Candidate Wins Virginia Democratic Primary

July 1, 2025

Tags

Altcoin ALTCOINS analyst Binance Bitcoin Bitcoins Blog Breakout BTC Bullish Bulls Coinbase Crash Crypto DOGE Dogecoin ETF ETFs ETH Ethereum Foundation Heres Key Major market Memecoin Million Move Outlook Predicts Price Rally REPORT Ripple SEC Solana Support Surge Target Top Trader Trump Updates Whales XRP

Categories

  • Altcoin
  • Bitcoin
  • Blockchain
  • Crypto
  • Dogecoin
  • Ethereum
  • Market & Analysis
  • NFTs
  • Regulations
  • XRP

Follow Us

© 2023 Worth-Bitcoin | All Rights Resered

No Result
View All Result
  • Home
  • Blockchain
  • Crypto
  • Bitcoin
  • Altcoin
  • DeFi
  • NFTs
  • More
    • Market & Analysis
    • Dogecoin
    • Ethereum
    • XRP
    • Regulations
  • Shop

© 2023 Worth-Bitcoin | All Rights Resered

Go to mobile version