Clef: disallow invalid ABI #17632
Assignees
Labels
Comments
holiman
added a commit
to holiman/go-ethereum
that referenced
this issue
Sep 13, 2018
holiman
added a commit
to holiman/go-ethereum
that referenced
this issue
Sep 25, 2018
cryptomental
pushed a commit
to cryptomental/go-ethereum
that referenced
this issue
Jan 9, 2019
* signer: remove local path disclosure from extapi * signer: show more data in cli ui * rpc: make http server forward UA and Origin via Context * signer, clef/core: ui changes + display UA and Origin * signer: cliui - indicate less trust in remote headers, see ethereum#17637 * signer: prevent possibility swap KV-entries in aes_gcm storage, fixes ethereum#17635 * signer: remove ecrecover from external API * signer,clef: default reject instead of warn + valideate new passwords. fixes ethereum#17632 and ethereum#17631 * signer: check calldata length even if no ABI signature is present * signer: fix failing testcase * clef: remove account import from external api * signer: allow space in passwords, improve error messsage * signer/storage: fix typos
cryptomental
pushed a commit
to cryptomental/go-ethereum
that referenced
this issue
Jan 9, 2019
* signer: remove local path disclosure from extapi * signer: show more data in cli ui * rpc: make http server forward UA and Origin via Context * signer, clef/core: ui changes + display UA and Origin * signer: cliui - indicate less trust in remote headers, see ethereum#17637 * signer: prevent possibility swap KV-entries in aes_gcm storage, fixes ethereum#17635 * signer: remove ecrecover from external API * signer,clef: default reject instead of warn + valideate new passwords. fixes ethereum#17632 and ethereum#17631 * signer: check calldata length even if no ABI signature is present * signer: fix failing testcase * clef: remove account import from external api * signer: allow space in passwords, improve error messsage * signer/storage: fix typos
cryptomental
pushed a commit
to cryptomental/go-ethereum
that referenced
this issue
Jan 9, 2019
* signer: remove local path disclosure from extapi * signer: show more data in cli ui * rpc: make http server forward UA and Origin via Context * signer, clef/core: ui changes + display UA and Origin * signer: cliui - indicate less trust in remote headers, see ethereum#17637 * signer: prevent possibility swap KV-entries in aes_gcm storage, fixes ethereum#17635 * signer: remove ecrecover from external API * signer,clef: default reject instead of warn + valideate new passwords. fixes ethereum#17632 and ethereum#17631 * signer: check calldata length even if no ABI signature is present * signer: fix failing testcase * clef: remove account import from external api * signer: allow space in passwords, improve error messsage * signer/storage: fix typos
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Ref: NCC-EF-Clef-007
Clef currently allows (but warns) several cases of malformed transactions. Clef should reject instead of warn, unless configured explicitly to allow non-standard calls, (e.g. through
--devflag or similar, maybe--advanced)Cases include:
datapresent, but shorter than4bytes (no method selector)datapresent, and method selector, but calldata not a multiple of32(not properly formatted parameters)The text was updated successfully, but these errors were encountered: