Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sha3 bypass panic #102

Closed
iVoider opened this issue Jul 3, 2023 · 2 comments · Fixed by #185
Closed

Sha3 bypass panic #102

iVoider opened this issue Jul 3, 2023 · 2 comments · Fixed by #185
Assignees

Comments

@iVoider
Copy link
Contributor

iVoider commented Jul 3, 2023

cli --sha3-bypass --work-dir /bsc/0x9bd7cd81B1dDd0f5F0c77A22f541AF24653aD129 -c BSC --onchain --onchain-block-number 29625908 -f --target 0x9bd7cd81B1dDd0f5F0c77A22f541AF24653aD129

gives:

thread 'main' panicked at 'index out of bounds: the len is 4 but the index is 18446744073709551615', /ityfuzz/src/evm/middlewares/sha3_bypass.rs:216:39

I guess it has connection to heimdall decompilation.

When running this without sha3-bypass, execution ends with:

memory allocation of 54043195528446112 bytes failed

@shouc shouc self-assigned this Jul 3, 2023
@iVoider
Copy link
Contributor Author

iVoider commented Jul 4, 2023

I'd also noticed that sha bypass makes almost any contract on BSC to hang on the step of infant testcases generation.
E.g:
/ityfuzz/cli/target/release/cli -c BSC --sha3-bypass --onchain --onchain-block-number 29668766 -f -i --selfdestruct-oracle -p --target 0xa5d0c46a8b29a44f099f034d4068921c5bf899c8

@shouc
Copy link
Contributor

shouc commented Jul 13, 2023

Thanks for reporting. It seems there is some issues in revm leading to this DoS. If we don't count gas during execution, revm can control to create a really large array.

shouc added a commit that referenced this issue Jul 13, 2023
@shouc shouc closed this as completed in #185 Sep 3, 2023
shouc pushed a commit that referenced this issue Sep 3, 2023
* set memory limit

* add test file

* Restore Cargo.toml format

* restore revm

* Supplement the missing opcode for sha3 middleware
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants