New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unexpected runcode fail #386

Closed
dynamicAna opened this Issue Nov 10, 2018 · 4 comments

Comments

Projects
None yet
4 participants
@dynamicAna

dynamicAna commented Nov 10, 2018

  • I am using ethereumjs-vm vm.runCode function to run my contract bytecode, and I use the step event for trace output.

  • When I set the runcode attribute code: Buffer.from(my_code, 'hex'), and tried to run it, I got the output of REVERT opcode, It means runcode was failed.

  • REVERT output
    {"pc":44,"op":253,"gas":"0xffffb0a7","gasCost":"0x0","stack":["0x1","0x0","0x0"],"depth":0,"opName":"REVERT"}
    my_bytecode.zip

@holgerd77

This comment has been minimized.

Member

holgerd77 commented Nov 16, 2018

REVERT is just a normal bytecode which can be triggered from the high-level source code itself (e.g. from Solidity), so I would very much assume that this is the normal programmatic execution result and not a bug.

With the extensive code example you provide this is not really possible to recreate. Will close this for now, if you really think this is a bug please try extract a more straight forward and simpler code example which can then be traced and analyzed. Thanks!

@holgerd77 holgerd77 closed this Nov 16, 2018

@TylerAP

This comment has been minimized.

TylerAP commented Nov 21, 2018

@holgerd77 This is about to get a lot hotter.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19183
GitHub just sent out a panic due to; https://nvd.nist.gov/vuln/detail/CVE-2018-19183

ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute.

Does this even make sense?

@jwasinger

This comment has been minimized.

Member

jwasinger commented Nov 22, 2018

This library is not consensus-critical so it's not a big issue.

@holgerd77

This comment has been minimized.

Member

holgerd77 commented Nov 22, 2018

For giving some context for people coming from the outside and reading this:

This library is not used to run the Ethereum network. Its current purpose is to serve as a developer simulation tool, it e.g. runs within the online IDE Remix and library execution is triggered when developers test their code.

Even on assuming for a moment that the above filed issue is an exploitable bug, the worst "denial-of-service" attack which could be done in this context is to disturb a single separately-targeted developer in his/her online developer experience.

That said: one can very confidently say after first analysis that the described behavior is not a bug (see also comment above) but just normal runtime behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment