We recently found that the op-geth@3fa9e81 repository has a memory corruption vulnerability in EVM, which can cause a consensus error.
Specifically, vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead to the chain being split into two forks.
The consequence of this vulnerability is the same as CVE-2021-39137.
The problem lies in four functions, i.e., opCall, opCallCode, opDelegateCall, and opStaticCall of core/vm/instructions.go. A simple solution is to use common.CopyBytes to copy ret safely before use, e.g., add ret = common.CopyBytes(ret) before line 695.
Reported by 6004ed5feaa31ae9df36b5dbc60f0fa53255a5fb734334082c6d202405fc738c.
Other
The text was updated successfully, but these errors were encountered:
All reactions