Impact
This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain.
Geth’s pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that
- writes
X to an EVM memory region R,
- calls
0x00..04 with R as an argument,
- overwrites
R to Y,
- and finally invokes the
RETURNDATACOPY opcode.
When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y.
Patches
No standalone patches have been made.
Workarounds
Upgrade to 1.9.17 or higher.
References
https://blog.ethereum.org/2020/11/12/geth_security_release/
For more information
If you have any questions or comments about this advisory:
johnyangk Analyst
Impact
This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain.
Geth’s pre-compiled
dataCopy(at0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract thatXto an EVM memory regionR,0x00..04withRas an argument,RtoY,RETURNDATACOPYopcode.When this contract is invoked, a consensus-compliant node would push
Xon the EVM stack, whereas Geth would pushY.Patches
No standalone patches have been made.
Workarounds
Upgrade to
1.9.17or higher.References
https://blog.ethereum.org/2020/11/12/geth_security_release/
For more information
If you have any questions or comments about this advisory: