CVE-2018-18920
N/A
N/A
Summary
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://twitter.com/AlexanderFisher/status/1060923428641878019
- https://github.com/ethereum/py-evm/issues/1448
- https://twitter.com/NettaLab/status/1060889400102383617
- https://www.reddit.com/r/ethereum/comments/9vkk2g/netta_labs_claim_to_have_found_a_vulnerability_in/e9d3wyx/
References
- https://twitter.com/AlexanderFisher/status/1060923428641878019
- https://github.com/ethereum/py-evm/issues/1448
- https://twitter.com/NettaLab/status/1060889400102383617
- https://www.reddit.com/r/ethereum/comments/9vkk2g/netta_labs_claim_to_have_found_a_vulnerability_in/e9d3wyx/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.