Lines of code

Vulnerability details

Impact

the low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed.

Proof of Concept

    function ecMul(Point memory point, uint256 scalar) internal view returns (Point memory) {
        bytes memory data = abi.encode(point, scalar);
        if (scalar == 0 || (point.x == 0 && point.y == 0)) return Point(1, 1);
        (bool res, bytes memory ret) = address(0x07).staticcall{gas: 6000}(data);
        if (!res) return Point(1, 1);
        return abi.decode(ret, (Point));
    }

Tools Used

Recommended Mitigation Steps

Check before any low-level call that the address actually exists, for example before the low level call in the ecMul function you can check that the address is a contract by checking its code size.

The text was updated successfully, but these errors were encountered:

All reactions