Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mitigate potential overflow. ethereum/eth2.0-specs#2129 #7795

Merged
merged 1 commit into from
Nov 12, 2020
Merged

Mitigate potential overflow. ethereum/eth2.0-specs#2129 #7795

merged 1 commit into from
Nov 12, 2020

Conversation

prestonvanloon
Copy link
Member

@prestonvanloon prestonvanloon commented Nov 12, 2020
edited

What type of PR is this?

Bug fix

What does this PR do? Why is it needed?

There is a potential, albeit unlikely, risk of an overflow for get_block_root_at_slot.
compute_start_slot_at_epoch already had overflow protection, so this exploit is probably not reproducable in any production code path.

Which issues(s) does this PR fix?

Fixes ethereum/consensus-specs#2129 for Prysm.

Other notes for review

I did not test at runtime or sync with this change.

@prestonvanloon prestonvanloon requested a review from a team as a code owner November 12, 2020 20:00
@prestonvanloon prestonvanloon changed the title Mitigate potential overflow. eth2.0-specs#2129 Mitigate potential overflow. ethereum/eth2.0-specs#2129 Nov 12, 2020
@codecov
Copy link

codecov bot commented Nov 12, 2020

Codecov Report

Merging #7795 (20fc1ea) into master (47daeda) will decrease coverage by 0.05%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #7795      +/-   ##
==========================================
- Coverage   62.04%   61.99%   -0.06%     
==========================================
  Files         430      430              
  Lines       30473    30475       +2     
==========================================
- Hits        18908    18894      -14     
- Misses       8624     8637      +13     
- Partials     2941     2944       +3

@prylabs-bulldozer prylabs-bulldozer bot merged commit 5f92395 into master Nov 12, 2020
@delete-merged-branch delete-merged-branch bot deleted the overflow-fix branch November 12, 2020 20:28
@franck44 franck44 mentioned this pull request Nov 29, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rauljordan rauljordan rauljordan approved these changes

@terencechain terencechain Awaiting requested review from terencechain

@rkapka rkapka Awaiting requested review from rkapka

@nisdas nisdas Awaiting requested review from nisdas

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security vulnerabilities (possible overflows) in helper functions of Beacon Chain
2 participants
@prestonvanloon @rauljordan