[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Handle Invalid CapList Input #161

Open
Latrasis opened this issue Jun 10, 2019 · 1 comment
Open

Bug: Handle Invalid CapList Input #161

Latrasis opened this issue Jun 10, 2019 · 1 comment
Assignees
@Latrasis
Labels
A-code Area: Code C-bug Category: Bug T-evm Target system: Ethereum EVM

Comments

@Latrasis
Copy link
Member

From @17451k:

..possible integer overflow in _procRegSystemCall function from the Kernel.sol file. There is a piece of code that calculates the length of the capabilities array in bytes:

uint256 capsLengthBytes = msg.data.length - capsStartOffset;

In normal circumstances (when the system call is executed using proc_reg function of BeakerContract) msg.data.length is always greater or equal than capsStartOffset. But someone can try to make system call directly and compose incorrect message with smaller length than needed. What will happen in this case here, and how does kernel react to malformed system calls in general?
@Latrasis Latrasis added A-code Area: Code C-bug Category: Bug T-evm Target system: Ethereum EVM labels Jun 10, 2019
@Latrasis Latrasis self-assigned this Jun 10, 2019
@Latrasis
Copy link
Member Author
Latrasis commented Jun 10, 2019
edited
Loading

@17451k: Yes, the input should be checked. If the system call is malformed the kernel should call REVERT which sends false to the caller procedure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Latrasis Latrasis

Labels
A-code Area: Code C-bug Category: Bug T-evm Target system: Ethereum EVM
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Latrasis