SEC-17 VM out of memory DoS #419
Milestone
Comments
|
Stack has been limited to |
ngtuna
added a commit
to ngtuna/tomochain
that referenced
this issue
Jan 29, 2019
…et-snapshot-from-parent Tomochain: isMasterNode function gets snapshot at parent block
maoueh
pushed a commit
to streamingfast/go-ethereum
that referenced
this issue
Dec 9, 2022
CLI improvements
garyschulte
pushed a commit
to garyschulte/go-ethereum
that referenced
this issue
Apr 17, 2024
* simplified gas accounting layer * integrate some review feedback * Apply suggestions from code review Co-authored-by: Ignacio Hagopian <[email protected]> * more suggestions from code review * don't charge creation gas + charge code chunks in create * A couple more fixes * make linter happy * fix create init gas consumption issue * fix: in gas funcs, use tx witness instead of global witness * fix linter issue * Apply suggestions from code review Co-authored-by: Ignacio Hagopian <[email protected]> * fix: EXTCODECOPY gas consumption * fix warm gas costs * fix the order gas is charged in during contract creation epilogue * fix selfdestruct * fix ethereum#365 in eip rewrite (ethereum#407) * fix: OOG type in code creation OOG (ethereum#408) * core/vm: charge BLOCKHASH witness cost (ethereum#409) * core/vm: charge BLOCKHASH witness cost Signed-off-by: Ignacio Hagopian <[email protected]> * remove gas optimization for now Signed-off-by: Ignacio Hagopian <[email protected]> --------- Signed-off-by: Ignacio Hagopian <[email protected]> * remove redundant logic for contract creation (ethereum#413) Signed-off-by: Ignacio Hagopian <[email protected]> * fix precompile address check for charging witness costs & fix missing value-bearing rule (ethereum#412) Signed-off-by: Ignacio Hagopian <[email protected]> * core/vm: fix wrong check (ethereum#416) Signed-off-by: Ignacio Hagopian <[email protected]> * charge for account creation if selfdestruct creates a new account (ethereum#417) * add key comparison test (ethereum#418) * core/vm: charge contract init before execution logic (ethereum#419) * core/vm: charge contract init before execution logic Signed-off-by: Ignacio Hagopian <[email protected]> * fix CREATE2 as well --------- Signed-off-by: Ignacio Hagopian <[email protected]> Co-authored-by: Guillaume Ballet <[email protected]> * quell linter --------- Signed-off-by: Ignacio Hagopian <[email protected]> Co-authored-by: Ignacio Hagopian <[email protected]>
mralj
pushed a commit
to NethermindEth/rollup-geth
that referenced
this issue
Nov 18, 2024
Co-authored-by: Adrian Sutton <[email protected]>
s1na
pushed a commit
to s1na/go-ethereum
that referenced
this issue
Dec 2, 2024
…m#419) Co-authored-by: wjrjerome <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
An attacker can cause the Go client to to crash with Out of Memory exception by e.g. contract code pushing a large enough value on the stack.
While the gas costs for this should provide enough economic incentive to discourage contract code pushing very large values on the stack, we should enforce a limit to be absolutely sure this cannot happen.
Fix: Add a hard gas limit resulting in maximum slice allocation of e.g. 256MB.
The text was updated successfully, but these errors were encountered: