Browse Source

add why-this-works slide

master
nitowa 11 months ago
parent
commit
8180295b9f
3 changed files with 20 additions and 9 deletions
  1. BIN
      SemSEpresentation/slides.pdf
  2. 20
    9
      SemSEpresentation/slides.tex
  3. BIN
      SemSEreport/report.pdf

BIN
SemSEpresentation/slides.pdf View File


+ 20
- 9
SemSEpresentation/slides.tex View File

@@ -117,15 +117,17 @@
117 117
 pragma solidity 0.4.25;
118 118
 
119 119
 contract MyContract {
120
-  uint[] private arr;
121
-
122
-  constructor() public {
123
-    arr = new uint[](0);
124
-  }
125
-
126
-  function write(unit index, uint value) {
127
-    arr[index] = value;
128
-  }
120
+	address private owner;
121
+	uint[] private arr;
122
+	
123
+	constructor() public {
124
+		arr = new uint[](0);
125
+		owner = msg.sender;
126
+	}
127
+	
128
+	function write(unit index, uint value) {
129
+		arr[index] = value;
130
+	}
129 131
 }
130 132
   \end{lstlisting}
131 133
 \end{frame}
@@ -192,6 +194,15 @@ contract MyContract {
192 194
 	\end{lstlisting}
193 195
 \end{frame}
194 196
 
197
+\begin{frame}[fragile]
198
+	\frametitle{Why this works}
199
+	A dynamic array in storage slot $p$ stores its data at continuous addresses starting at $keccak(p)$. 
200
+	
201
+	For example, if the variable $x$ is a dynamic array occupying storage slot 3, $x[o]$ can be found at $keccak(0x3)+o$.
202
+	
203
+	An attacker can use this information to overwrite any storage slot by finding an appropriate offset value.
204
+\end{frame}
205
+
195 206
 \section{Detecting and Exploiting}
196 207
 \subsection[Detecting SWC-124]{Detecting SWC-124}
197 208
 \begin{frame}[fragile]

BIN
SemSEreport/exercises.pdf → SemSEreport/report.pdf View File


Loading…
Cancel
Save