This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain.
Geth’s pre-compiled dataCopy
(at 0x00...04
) contract did a shallow copy on invocation. An attacker could deploy a contract that
X
to an EVM memory region R
,0x00..04
with R
as an argument,R
to Y
,RETURNDATACOPY
opcode.When this contract is invoked, a consensus-compliant node would push X
on the EVM stack, whereas Geth would push Y
.
github.com/ethereum/go-ethereum/core/vm
If you have any questions or comments about this advisory:
CPE | Name | Operator | Version |
---|---|---|---|
github.com/ethereum/go-ethereum | lt | 1.9.17 |