|
@@ -1,8 +1,39 @@
|
1
|
|
-# TODO
|
2
|
|
-- Describe the various forms it may take and construct minimal sample contracts for each variant. Also describe variants that look similar but are not a weakness, and construct minimal contracts for these non-weaknesses.
|
3
|
|
-- Describe the consequences if the weakness is exploited.
|
4
|
|
-- Collect vulnerable contracts used by the papers to motivate/illustrate the weakness.
|
5
|
|
-- Summarize the code properties that tools are looking for so that they can detect the weakness.
|
6
|
|
-- Sketch ways to potentially exploit the different variants of the weakness.
|
|
1
|
+# SWC-124: Write to Arbitrary Storage Location
|
7
|
2
|
|
|
3
|
+## Introduction
|
|
4
|
+
|
|
5
|
+The aim of this paper is to introduce the SWC-124 smart contract weakness.
|
|
6
|
+In order to do that, the paper will:
|
|
7
|
+- describe weakness itself and the consequences if the weakness is exploited;
|
|
8
|
+- describe the various forms it may take and construct minimal sample contracts for each variant. It will also describe variants that look similar but are not a weakness, and construct minimal contracts for these non-weaknesses;
|
|
9
|
+- collect vulnerable contracts used by different papers to motivate/illustrate the weakness;
|
|
10
|
+- summarize the code properties that tools are looking for so that they can detect the weakness;
|
|
11
|
+- sketch ways to potentially exploit the different variants of the weakness.
|
|
12
|
+
|
|
13
|
+## Weakness description
|
|
14
|
+
|
|
15
|
+Smart contracts in Ethereum support persistent storage on the EVM level. It is the contracts responsibility to implement access control to sensitive information
|
|
16
|
+and doing so incorrectly may allow an attacker:
|
|
17
|
+* to read and overwrite sensitive data that should only be accessible to contract owners, maintainers etc.;
|
|
18
|
+* setting himself as the contract owner and circumventing authorization checks;
|
|
19
|
+* draining the contract of its funds by, for example, overwriting the address that collects the received tokens;
|
|
20
|
+* TODO: add more
|
|
21
|
+
|
|
22
|
+## Various forms
|
|
23
|
+
|
|
24
|
+1. Arrays + integer underflow/overflow
|
|
25
|
+2. Unchecked assembly calls
|
|
26
|
+3. TODO: add more
|
|
27
|
+
|
|
28
|
+## Samples
|
|
29
|
+
|
|
30
|
+TODO
|
|
31
|
+
|
|
32
|
+## Code properties
|
|
33
|
+
|
|
34
|
+TODO
|
|
35
|
+
|
|
36
|
+## Potential exploits
|
|
37
|
+
|
|
38
|
+TODO
|
8
|
39
|
|