Impact
Denial-of-service (crash) during block processing
Details
Affected versions suffer from a vulnerability which can be exploited through the MULMOD
operation, by specifying a modulo of 0
: mulmod(a,b,0)
, causing a panic
in the underlying library.
The crash was in the uint256
library, where a buffer underflowed.
if `d == 0`, `dLen` remains `0`
and https://github.com/holiman/uint256/blob/4ce82e695c10ddad57215bdbeafb68b8c5df2c30/uint256.go#L451 will try to access index [-1]
.
The uint256
library was first merged in this commit, on 2020-06-08.
Exploiting this vulnerabilty would cause all vulnerable nodes to drop off the network.
The issue was brought to our attention through a bug report, showing a panic
occurring on sync from genesis on the Ropsten network.
It was estimated that the least obvious way to fix this would be to merge the fix into uint256
, make a new release of that library and then update the geth-dependency.
Patches
Upgrade to v1.9.18 or higher
For more information
If you have any questions or comments about this advisory:
References
Impact
Denial-of-service (crash) during block processing
Details
Affected versions suffer from a vulnerability which can be exploited through the
MULMOD
operation, by specifying a modulo of0
:mulmod(a,b,0)
, causing apanic
in the underlying library.The crash was in the
uint256
library, where a buffer underflowed.and https://github.com/holiman/uint256/blob/4ce82e695c10ddad57215bdbeafb68b8c5df2c30/uint256.go#L451 will try to access index
[-1]
.The
uint256
library was first merged in this commit, on 2020-06-08.Exploiting this vulnerabilty would cause all vulnerable nodes to drop off the network.
The issue was brought to our attention through a bug report, showing a
panic
occurring on sync from genesis on the Ropsten network.It was estimated that the least obvious way to fix this would be to merge the fix into
uint256
, make a new release of that library and then update the geth-dependency.Patches
Upgrade to v1.9.18 or higher
For more information
If you have any questions or comments about this advisory:
References