-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revert if calldata has wrong size #2109
Comments
Related #510. |
I assume this has been recently motivated by potential attacks as described here: Opt-in security like the one discussed in #510 is usually troublesome from my point of view, but with Solidity, it also costs quite a bit of money. How much overhead are we talking about if one would validate the calldata size for each function by default? |
On the other hand, I think there are good reasons to leave these checks to adequate tools for interfacing with contracts. No need to make every Ethereum node do more work to compensate for deficiencies in tooling. |
Something like |
Can be done together with a rewrite of the ABI decoder. |
Raised over at Remix (https://github.com/ethereum/remix/issues/585) is a good suggestion that this should be definitely enforced for constructors, because it is unlikely case to create something without passing calldata. And considering it is concatenated after the bytecode it does leave a bigger surface for errors than regular transactions. |
This is kind of enabled now with the new ABI decoder. Keep in mind: turned the new ABI decoder on by default is a breaking change because of that. |
The old and the new decoder now have options to revert if the data is too short. |
Will result in that all multisig wallets and other contracts that use |
@lastperson we probably won't check for input being too long, only for being too short, so it should be fine. The reason why we don't check for input being too long is that in order to do it properly (i.e. have a bijective decoding function), we also have to check whether there are no gaps between dynamically encoded data and that would be rather complicated. |
We actually have a check in place in the decoder, so it is easy to add this to 0.5.0. Do we want it? |
For "too short", I vote "yes". |
Closing after #4224 was merged. |
An external function should revert in the following additional situations:
The text was updated successfully, but these errors were encountered: