Lines of code

Vulnerability details

Chain split caused by memory corruption in EVM

We recently found that the op-geth@3fa9e81 repository has a memory corruption vulnerability in EVM, which can cause a consensus error.

Specifically, vulnerable nodes obtain a different stateRoot when processing a maliciously crafted transaction. This, in turn, would lead to the chain being split into two forks.

The consequence of this vulnerability is the same as CVE-2021-39137.

The problem lies in four functions, i.e., opCall, opCallCode, opDelegateCall, and opStaticCall of core/vm/instructions.go. A simple solution is to use common.CopyBytes to copy ret safely before use, e.g., add ret = common.CopyBytes(ret) before line 695.

Reported by 6004ed5feaa31ae9df36b5dbc60f0fa53255a5fb734334082c6d202405fc738c.

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions