search
Active Boosts

#37186 [BC-Insight] Missing Validation for Fixed-Size bytes Types in ABI Parsing

Submitted on Nov 27th 2024 at 22:43:54 UTC by @CertiK for Attackathon | Ethereum Protocolarrow-up-right

  • Report ID: #37186

  • Report Type: Blockchain/DLT

  • Report severity: Insight

  • Target: https://github.com/ledgerwatch/erigon

  • Impacts:

    • (Specifications) A bug in specifications with no direct impact on client implementations

hashtag
Description

hashtag
Brief/Intro

In the NewType function within type.go, there is a lack of validation for the size of fixed-length bytes types.

hashtag
Vulnerability Details

According to the argument encoding for the solidity, the bytes should limited to 32 bytes: https://docs.soliditylang.org/en/v0.8.23/abi-spec.html

| bytes: binary type of M bytes, 0 < M <= 32.

However, such limitation is missing in the accounts/abi/type.go:

Also, it should be noted the validation has been added in Geth: https://github.com/ethereum/go-ethereum/pull/26075

hashtag
Impact Details

Without validation, the code might accept invalid bytes types with sizes outside the allowed range and break the spec.

hashtag
References

  • https://docs.soliditylang.org/en/v0.8.23/abi-spec.html

  • https://github.com/ethereum/go-ethereum/pull/26075

hashtag
Proof of Concept

hashtag
Proof of Concept

Previous#38319 [BC-Insight] Edge case difference for GETH and NETHERMIND when calculating memory expansion gasNext#38015 [BC-Insight] Violation of EIP-2681 in Create Transaction

Was this helpful?