You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(better in other browser session) Click on Add existing contract, upload ABI of normal contract, but specify the address of the malicious contract instance
Preferred behavior:
Compare the codeHash of contract at specified address with the one specified in ABI, and since it differs, return an error
Actual behavior:
UI shows everything is fine
The text was updated successfully, but these errors were encountered:
Currently it is possible to imperceptibly forge contract, i.e. add existing contract with
codeHash
other than that one specified in ABIContext
We have two contracts:
(both contract builds are attached to this issue)
Steps to reproduce:
Add existing contract
, upload ABI of normal contract, but specify the address of the malicious contract instancePreferred behavior:
Compare the
codeHash
of contract at specified address with the one specified in ABI, and since it differs, return an errorActual behavior:
UI shows everything is fine
The text was updated successfully, but these errors were encountered: