пре 6 месеци · 622a68524b
--- a/README.md
+++ b/README.md
@@ -1,8 +1,39 @@
 
				
				-# TODO
			
 
				
				-- Describe the various forms it may take and construct minimal sample contracts for each variant. Also describe variants that look similar but are not a weakness, and construct minimal contracts for these non-weaknesses.
			
 
				
				-- Describe the consequences if the weakness is exploited.
			
 
				
				-- Collect vulnerable contracts used by the papers to motivate/illustrate the weakness.
			
 
				
				-- Summarize the code properties that tools are looking for so that they can detect the weakness.
			
 
				
				-- Sketch ways to potentially exploit the different variants of the weakness.
			
 
				
				+# SWC-124: Write to Arbitrary Storage Location
			
 
				
				 
			
 
				
				+## Introduction
			
 
				
				+
			
 
				
				+The aim of this paper is to introduce the SWC-124 smart contract weakness.
			
 
				
				+In order to do that, the paper will:
			
 
				
				+- describe weakness itself and the consequences if the weakness is exploited;
			
 
				
				+- describe the various forms it may take and construct minimal sample contracts for each variant. It will also describe variants that look similar but are not a weakness, and construct minimal contracts for these non-weaknesses;
			
 
				
				+- collect vulnerable contracts used by different papers to motivate/illustrate the weakness;
			
 
				
				+- summarize the code properties that tools are looking for so that they can detect the weakness;
			
 
				
				+- sketch ways to potentially exploit the different variants of the weakness.
			
 
				
				+
			
 
				
				+## Weakness description
			
 
				
				+
			
 
				
				+Smart contracts in Ethereum support persistent storage on the EVM level. It is the contracts responsibility to implement access control to sensitive information
			
 
				
				+and doing so incorrectly may allow an attacker:
			
 
				
				+* to read and overwrite sensitive data that should only be accessible to contract owners, maintainers etc.;
			
 
				
				+* setting himself as the contract owner and circumventing authorization checks;
			
 
				
				+* draining the contract of its funds by, for example, overwriting the address that collects the received tokens;
			
 
				
				+* TODO: add more
			
 
				
				+
			
 
				
				+## Various forms
			
 
				
				+
			
 
				
				+1. Arrays + integer underflow/overflow
			
 
				
				+2. Unchecked assembly calls
			
 
				
				+3. TODO: add more
			
 
				
				+
			
 
				
				+## Samples
			
 
				
				+
			
 
				
				+TODO
			
 
				
				+
			
 
				
				+## Code properties
			
 
				
				+
			
 
				
				+TODO
			
 
				
				+
			
 
				
				+## Potential exploits
			
 
				
				+
			
 
				
				+TODO