KronosSlott
  • Altcoin
  • Bitcoin
  • Blockchain
  • Ethereum
  • Litecoin
  • Gambling

Subscribe to Updates

Get the latest Crypto news from kronosslott.

What's Hot

Hackers Hijack RobinHood Twitter To Push Scam Crypto Coin

January 27, 2023

FTM/USD Moves Bullishly Above $0.476

January 26, 2023

Biggest Crypto Gainers Today – January 26

January 26, 2023
Facebook Twitter Instagram
  • Affiliate Disclosure
  • Anti Spam Policy
  • Cookie Policy
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram
KronosSlott
  • Altcoin
  • Bitcoin
  • Blockchain
  • Ethereum
  • Litecoin
  • Gambling
KronosSlott
Home » Security Alert – Solidity – Variables can be overwritten in storage

Security Alert – Solidity – Variables can be overwritten in storage

adminBy adminOctober 11, 2022No Comments2 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
The Devcon VI Manual | Ethereum Foundation Blog
Share
Facebook Twitter LinkedIn Pinterest Email


Summary: In some situations, variables can overwrite other variables in storage.

Affected Solidity compiler versions: 0.1.6 to 0.4.3 (including 0.4.4 pre-release versions)

Detailed description:

Storage variables that are smaller than 256 bits are packed together into the same 256 bit slot if they can fit. If a value larger than what is allowed by the type is assigned to the first variable, that value will overwrite the second variable.

This means if an attacker can cause an overflow in the value of the first variable, then the second variable can be modified. Creating an overflow in the first variable is possible using arithmetics or by directly passing in a value from the call data (values in call data are aligned to 32 bytes, and padding is neither verified nor enforced).

Contracts that only use the types listed below for state variables are not affected. Arrays, mappings and structs (based on those following types) are also not affected:

  • signed integers, including sizes smaller than 256 bits
  • bytesNN types, including sizes smaller than 256 bits
  • unsigned integers (uint) of 256 bits

Contracts with types smaller than 256 bits that are never next to each other (note that state variables of base contracts are “pulled in”) are not affected.

The Ethereum multisignature wallet contract is not affected.
Note that addresses take up 160 bits, so contracts that only use addresses and 256-bit types are safe. Additionally, addresses and booleans are almost never manipulated via arithmetic operations in practice, so contracts using only addresses, booleans and 256 bit types should also be safe.

The following contracts may be affected:
Contracts containing two or more contiguous state variables where the sum of their sizes is less than 256 bits and the first state variable is not a signed integer and not of bytesNN type.

Types smaller than 256 bits include:
bool, enums, uint8, …, uint248, int8, …, int248, address, any contract type

Recommended action:

  • Recompile contracts that have not yet been deployed using at least Solidity release 0.4.4 (not the pre-release or nightly version).
  • Deactivate, remove funds from, or upgrade already deployed contracts.

This vulnerability was found by [github.com/catageek](https://github.com/catageek): [https://github.com/ethereum/solidity/issues/1306](https://github.com/ethereum/solidity/issues/1306)



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
admin
  • Website

Related Posts

EF-Supported Teams: Research & Development Roundup

December 29, 2022

KZG Ceremony Grant Round | Ethereum Foundation Blog

December 15, 2022

Merge Data Challenge Results | Ethereum Foundation Blog

December 5, 2022

Comments are closed.

Don't Miss

Hackers Hijack RobinHood Twitter To Push Scam Crypto Coin

Blockchain January 27, 2023

Join Our Telegram channel to stay up to date on breaking news coverage In a…

FTM/USD Moves Bullishly Above $0.476

January 26, 2023

Biggest Crypto Gainers Today – January 26

January 26, 2023

Aptos (APT) Rises 500% as Bitcoin Stabilises Around $23,000

January 26, 2023
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Our Picks

Hackers Hijack RobinHood Twitter To Push Scam Crypto Coin

January 27, 2023

FTM/USD Moves Bullishly Above $0.476

January 26, 2023

Biggest Crypto Gainers Today – January 26

January 26, 2023

Aptos (APT) Rises 500% as Bitcoin Stabilises Around $23,000

January 26, 2023

Subscribe to Updates

Get the latest Crypto news from kronosslott.

About Us
About Us

Your source for the serious news. This website is crafted specifically to for crazy and hot cryptonews. Visit our main page for more tons of news.

We're social. Connect with us:

Facebook Twitter Pinterest YouTube WhatsApp
Categories
  • Altcoin (4)
  • Bitcoin (2,020)
  • Blockchain (757)
  • Ethereum (320)
  • Gambling (2,082)
  • Litecoin (53)
  • NFTs (2)
Our Picks

Hackers Hijack RobinHood Twitter To Push Scam Crypto Coin

January 27, 2023

FTM/USD Moves Bullishly Above $0.476

January 26, 2023

Biggest Crypto Gainers Today – January 26

January 26, 2023
©2022 –Kronosslott. All Rights Reserved. Kronosslott.com is an independent i-Gaming news site and casino comparison service. Every effort is made to ensure that the bonus offers listed here are accurate and up-to-date. However, we accept no responsibility for inaccuracies or errors. It is your responsibility to confirm the terms of any promotion you choose to accept. Looking to Advertise with us? Kronosslott is always looking for new partnerships. To Inquire please email kronosslott@gmail.com

Type above and press Enter to search. Press Esc to cancel.