Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

README.md

Ethereum Stack Depth checker

An ethereum library that provides a utility function that can be used to check whether it is possible to increase the stack depth by a specified amount.

This can help prevent a certain type of attack where a caller can cause a function to fail if she knows that the function performs an operation which increases the stack depth as well as knowing what depth the function is going to be called at.

She can then artificially increase the stack depth prior to entering into the function call, and the targeted function will fail due to exceeding the maximum stack depth (1024)

Credit goes to Martin Holst Swende @mhswende for teaching me about this attack vector.

API

StackDepthLib.check_depth(address me, uint depth) returns (bool)

Parameters:

  • self: This is the address of the deployed StackDepthLib library. This is necessary because the depth checking requires recursion and libraries are unable to determine their own addresses since they operate on other libraries storage.
  • depth: Integer stack depth increase you would like to check.

Returns a boolean as to whether the depth increase was successful or not.

This will use approximately 390 gas per stack depth level. The library reserves 400 gas per level, so if you want to check for 100 levels, it will cost around 40,000 gas.

As a Modifier

This library can be used with Solidity's modifier pattern.

modifier require_stack_depth(uint16 depth) {
    if (depth > 1023) throw;
    if (!StackDepthLib.check_depth(sdl, depth)) throw;
    _
}

function requires_depth() constant require_stack_depth(1000) {
    // do something
}

In this example, the requires_depth function will no be callable unless the stack depth can be increased by 1000.

About

Solidity library for checking whether the call stack can be increased by a certain amount.

Resources

Releases

No releases published

Languages

You can’t perform that action at this time.