浏览代码

Expand unchecked assembly description

master
Ivaylo Ivanov 1年前
父节点
当前提交
e0bffaf8fe
共有 2 个文件被更改,包括 8 次插入2 次删除
  1. 二进制
      SemSEpaper/exercises.pdf
  2. 8
    2
      SemSEpaper/exercises.tex

二进制
SemSEpaper/exercises.pdf 查看文件


+ 8
- 2
SemSEpaper/exercises.tex 查看文件

@@ -215,8 +215,14 @@ The contract has a manager mapping, which should be used as a stack.
215 215
 The developer has added the \texttt{setNextManager} function, which should set the top of the stack to the latest user as a manager.
216 216
 The issue is that the function is implemented in such a way, that the stack would not grow, but the first element would always be overwritten - this arises from the fact that the memory slot
217 217
 of the managers mapping does not point to the memory address on the top of the stack, but instead to the base of it.
218
-The function is then using this slot address directly, without calculating any offset, overwriting the base of the stack.
219
-
218
+The function is then using this slot address directly, without calculating any offset, overwriting the base of the stack. If social engineeering is applied, an attacker can persuade the
219
+owner to set them as a manager, which would result in the weakness being exploited directly and the owner giving up their own management rights.
220
+\subsection{Consequences}
221
+
222
+The consequences of exploiting an arbitrary storage access weakness can be of different types and severity.
223
+An attacker may gain read-write access to private contract data, which should only be accessible to owners, maintainers etc.
224
+They may also exploit the contract to circumvent authorization checks and drain the contract funds.
225
+%TODO: can we expand this?
220 226
 
221 227
 \section{Vulnerable contracts in literature}
222 228
 

正在加载...
取消
保存