SEC-15 Parent issue for all invalid data structures & missing type validations #417
Milestone
Comments
|
Fixed with |
jpeletier
pushed a commit
to epiclabs-io/go-ethereum
that referenced
this issue
Apr 28, 2018
swarm/api, swarm/storage: Multihash handling in swarm api for resource updates
ngtuna
added a commit
to ngtuna/tomochain
that referenced
this issue
Jan 29, 2019
Fixed reset head chain to block number for rollback block hash feature.
AusIV
pushed a commit
to NoteGio/go-ethereum
that referenced
this issue
Jan 18, 2022
…e-diff Fix trace_block for stateDiffTracer
tony-ricciardi
pushed a commit
to tony-ricciardi/go-ethereum
that referenced
this issue
Jan 20, 2022
maoueh
pushed a commit
to streamingfast/go-ethereum
that referenced
this issue
Dec 9, 2022
Fix default Dockerfile for new CLI
tanishqjasoria
pushed a commit
to tanishqjasoria/go-ethereum
that referenced
this issue
Apr 11, 2024
garyschulte
pushed a commit
to garyschulte/go-ethereum
that referenced
this issue
Apr 17, 2024
* simplified gas accounting layer * integrate some review feedback * Apply suggestions from code review Co-authored-by: Ignacio Hagopian <jsign.uy@gmail.com> * more suggestions from code review * don't charge creation gas + charge code chunks in create * A couple more fixes * make linter happy * fix create init gas consumption issue * fix: in gas funcs, use tx witness instead of global witness * fix linter issue * Apply suggestions from code review Co-authored-by: Ignacio Hagopian <jsign.uy@gmail.com> * fix: EXTCODECOPY gas consumption * fix warm gas costs * fix the order gas is charged in during contract creation epilogue * fix selfdestruct * fix ethereum#365 in eip rewrite (ethereum#407) * fix: OOG type in code creation OOG (ethereum#408) * core/vm: charge BLOCKHASH witness cost (ethereum#409) * core/vm: charge BLOCKHASH witness cost Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * remove gas optimization for now Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> --------- Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * remove redundant logic for contract creation (ethereum#413) Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * fix precompile address check for charging witness costs & fix missing value-bearing rule (ethereum#412) Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * core/vm: fix wrong check (ethereum#416) Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * charge for account creation if selfdestruct creates a new account (ethereum#417) * add key comparison test (ethereum#418) * core/vm: charge contract init before execution logic (ethereum#419) * core/vm: charge contract init before execution logic Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * fix CREATE2 as well --------- Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> Co-authored-by: Guillaume Ballet <3272758+gballet@users.noreply.github.com> * quell linter --------- Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> Co-authored-by: Ignacio Hagopian <jsign.uy@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently there are several opportunities for an attacker to advertise Ethereum data structures not conforming to the yellow paper specs. For example, by advertising a coinbase address longer than 32 bytes, an attacker can cause a contract using the coinbase op code to execute a negative value transaction, similar to #342
Fix: Enforce strict one-to-one mapping between types defined in the yellow paper and the Go types. All block chain / consensus related code should operate only on these types. E.g. strict length validation for all data types and clearly encapsulate operations on them to get better confidence for semantic completeness.
See #501
The text was updated successfully, but these errors were encountered: