7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
29.5%
The storage allocator does not guard against allocation overflows. This can result in vulnerabilities like the following:
owner: public(address)
take_up_some_space: public(uint256[10])
buffer: public(uint256[max_value(uint256)])
@external
def initialize():
self.owner = msg.sender
@external
def foo(idx: uint256, data: uint256):
self.buffer[idx] = data
Per @toonvanhove, “An attacker can overwrite the owner variable by calling this contract with calldata: 0x04bc52f8 fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5 ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
(spaces inserted for readability)
0x04bc52f8
is the selector for foo(uint256, uint256)
, and the last argument fff...fff
is the new value for the owner variable.”
patched in 0bb7203b584e771b23536ba065a6efda457161bb
Is there a way for users to fix or remediate the vulnerability without upgrading?
Are there any links users can visit to find out more?