Attackathon _ Fuel Network 33171 - [Smart Contract - Insight] panic on unwrapping in decl_to_type_in
Submitted on Sat Jul 13 2024 11:23:54 GMT-0400 (Atlantic Standard Time) by @InquisitorScythe for Attackathon | Fuel Network
Report ID: #33171
Report type: Smart Contract
Report severity: Insight
Target: https://github.com/FuelLabs/sway/tree/v0.61.2
Impacts:
Compiler bug
Description
Brief/Intro
The identified bug is a panic in the Sway compiler's semantic analysis module, specifically in the root namespace processing. This occurs due to an unexpected None value being unwrapped, likely indicating a failure to properly handle certain code structures or declarations. If exploited in production, this bug could lead to compiler crashes, preventing developers from building their Fuel projects.
Vulnerability Details
The bug is in decl_to_type_info
at https://github.com/FuelLabs/sway/blob/28db326a2ef7447d451d9a0b371b04557e1275ea/sway-core/src/semantic_analysis/namespace/root.rs#L934
if type_decl.ty.clone()
is None
, it will cause unexpected unwrap panic like:
Possible fix
A possible fix is checking whether type_decl.ty
is None before return.
Impact Details
While this bug doesn't directly put funds at risk, its potential to introduce vulnerabilities and disrupt the development process makes it a severe issue. The compiler is a critical component of the blockchain development stack, and its reliability is paramount for the security and success of the entire ecosystem. Addressing this vulnerability is crucial to maintain the integrity and trustworthiness of the Fuel platform.
References
Add any relevant links to documentation or code
Proof of concept
Proof of Concept
Step1
Step2
write minimized code to main.sw
Step3
It return panic like:
Last updated