CVE-2020-26241: Shallow copy bug in geth

June 29, 2021 (updated January 30, 2025)

This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain.

Geth’s pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that

writes X to an EVM memory region R,
calls 0x00..04 with R as an argument,
overwrites R to Y,
and finally invokes the RETURNDATACOPY opcode.

When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y.

References

blog.ethereum.org/2020/11/12/geth_security_release
github.com/advisories/GHSA-69v6-xc2j-r2jf
github.com/ethereum/go-ethereum
github.com/ethereum/go-ethereum/commit/295693759e5ded05fec0b2fb39359965b60da785
github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf
nvd.nist.gov/vuln/detail/CVE-2020-26241

Detect and mitigate CVE-2020-26241 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →