-
Notifications
You must be signed in to change notification settings - Fork 19.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clef: disallow invalid ABI #17632
Labels
Comments
holiman
added a commit
to holiman/go-ethereum
that referenced
this issue
Sep 13, 2018
holiman
added a commit
to holiman/go-ethereum
that referenced
this issue
Sep 25, 2018
cryptomental
pushed a commit
to cryptomental/go-ethereum
that referenced
this issue
Jan 9, 2019
* signer: remove local path disclosure from extapi * signer: show more data in cli ui * rpc: make http server forward UA and Origin via Context * signer, clef/core: ui changes + display UA and Origin * signer: cliui - indicate less trust in remote headers, see ethereum#17637 * signer: prevent possibility swap KV-entries in aes_gcm storage, fixes ethereum#17635 * signer: remove ecrecover from external API * signer,clef: default reject instead of warn + valideate new passwords. fixes ethereum#17632 and ethereum#17631 * signer: check calldata length even if no ABI signature is present * signer: fix failing testcase * clef: remove account import from external api * signer: allow space in passwords, improve error messsage * signer/storage: fix typos
cryptomental
pushed a commit
to cryptomental/go-ethereum
that referenced
this issue
Jan 9, 2019
* signer: remove local path disclosure from extapi * signer: show more data in cli ui * rpc: make http server forward UA and Origin via Context * signer, clef/core: ui changes + display UA and Origin * signer: cliui - indicate less trust in remote headers, see ethereum#17637 * signer: prevent possibility swap KV-entries in aes_gcm storage, fixes ethereum#17635 * signer: remove ecrecover from external API * signer,clef: default reject instead of warn + valideate new passwords. fixes ethereum#17632 and ethereum#17631 * signer: check calldata length even if no ABI signature is present * signer: fix failing testcase * clef: remove account import from external api * signer: allow space in passwords, improve error messsage * signer/storage: fix typos
cryptomental
pushed a commit
to cryptomental/go-ethereum
that referenced
this issue
Jan 9, 2019
* signer: remove local path disclosure from extapi * signer: show more data in cli ui * rpc: make http server forward UA and Origin via Context * signer, clef/core: ui changes + display UA and Origin * signer: cliui - indicate less trust in remote headers, see ethereum#17637 * signer: prevent possibility swap KV-entries in aes_gcm storage, fixes ethereum#17635 * signer: remove ecrecover from external API * signer,clef: default reject instead of warn + valideate new passwords. fixes ethereum#17632 and ethereum#17631 * signer: check calldata length even if no ABI signature is present * signer: fix failing testcase * clef: remove account import from external api * signer: allow space in passwords, improve error messsage * signer/storage: fix typos
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Ref: NCC-EF-Clef-007
Clef currently allows (but warns) several cases of malformed transactions. Clef should reject instead of warn, unless configured explicitly to allow non-standard calls, (e.g. through
--dev
flag or similar, maybe--advanced
)Cases include:
data
present, but shorter than4
bytes (no method selector)data
present, and method selector, but calldata not a multiple of32
(not properly formatted parameters)The text was updated successfully, but these errors were encountered: