瀏覽代碼

Expand unchecked assembly description

master
Ivaylo Ivanov 1 年之前
父節點
當前提交
e0bffaf8fe
共有 2 個檔案被更改,包括 8 行新增2 行删除
  1. 二進制
      SemSEpaper/exercises.pdf
  2. 8
    2
      SemSEpaper/exercises.tex

二進制
SemSEpaper/exercises.pdf 查看文件


+ 8
- 2
SemSEpaper/exercises.tex 查看文件

@@ -215,8 +215,14 @@ The contract has a manager mapping, which should be used as a stack.
215 215
 The developer has added the \texttt{setNextManager} function, which should set the top of the stack to the latest user as a manager.
216 216
 The issue is that the function is implemented in such a way, that the stack would not grow, but the first element would always be overwritten - this arises from the fact that the memory slot
217 217
 of the managers mapping does not point to the memory address on the top of the stack, but instead to the base of it.
218
-The function is then using this slot address directly, without calculating any offset, overwriting the base of the stack.
219
-
218
+The function is then using this slot address directly, without calculating any offset, overwriting the base of the stack. If social engineeering is applied, an attacker can persuade the
219
+owner to set them as a manager, which would result in the weakness being exploited directly and the owner giving up their own management rights.
220
+\subsection{Consequences}
221
+
222
+The consequences of exploiting an arbitrary storage access weakness can be of different types and severity.
223
+An attacker may gain read-write access to private contract data, which should only be accessible to owners, maintainers etc.
224
+They may also exploit the contract to circumvent authorization checks and drain the contract funds.
225
+%TODO: can we expand this?
220 226
 
221 227
 \section{Vulnerable contracts in literature}
222 228
 

Loading…
取消
儲存