Pārlūkot izejas kodu

Expand unchecked assembly description

master
Ivaylo Ivanov 1 gadu atpakaļ
vecāks
revīzija
e0bffaf8fe
2 mainītis faili ar 8 papildinājumiem un 2 dzēšanām
  1. Binārs
      SemSEpaper/exercises.pdf
  2. 8
    2
      SemSEpaper/exercises.tex

Binārs
SemSEpaper/exercises.pdf Parādīt failu


+ 8
- 2
SemSEpaper/exercises.tex Parādīt failu

@@ -215,8 +215,14 @@ The contract has a manager mapping, which should be used as a stack.
215 215
 The developer has added the \texttt{setNextManager} function, which should set the top of the stack to the latest user as a manager.
216 216
 The issue is that the function is implemented in such a way, that the stack would not grow, but the first element would always be overwritten - this arises from the fact that the memory slot
217 217
 of the managers mapping does not point to the memory address on the top of the stack, but instead to the base of it.
218
-The function is then using this slot address directly, without calculating any offset, overwriting the base of the stack.
219
-
218
+The function is then using this slot address directly, without calculating any offset, overwriting the base of the stack. If social engineeering is applied, an attacker can persuade the
219
+owner to set them as a manager, which would result in the weakness being exploited directly and the owner giving up their own management rights.
220
+\subsection{Consequences}
221
+
222
+The consequences of exploiting an arbitrary storage access weakness can be of different types and severity.
223
+An attacker may gain read-write access to private contract data, which should only be accessible to owners, maintainers etc.
224
+They may also exploit the contract to circumvent authorization checks and drain the contract funds.
225
+%TODO: can we expand this?
220 226
 
221 227
 \section{Vulnerable contracts in literature}
222 228
 

Notiek ielāde…
Atcelt
Saglabāt