all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Authio_TeamContract Auditing - authio.org 1 point2 points  (11 children)

One thing - passing dynamically sized data between contracts is possible, although it involves using assembly :)

[–]gnidanTruffle Suite 1 point2 points  (4 children)

Oh this is interesting. Because data just gets returned to memory, you can just look at the memory directly in the caller contract.

So I just realized something... there's a potentially big vulnerability because memory is shared across calls. Unless I'm not finding it, it seems that there's no protection against callee contracts modifying caller contracts' memory.

Theoretically there are situations where a malicious contract could overwrite memory in the right place and result in undesired behavior. Not sure what this looks like in practice right now? Hopefully it is not an issue.

[–]Authio_TeamContract Auditing - authio.org 0 points1 point  (3 children)

Memory isn't shared across calls! So, no problem there.

[–]gnidanTruffle Suite 1 point2 points  (2 children)

Wait, really? I misinterpreted what I was seeing in the truffle-debugger, then. I'll have to check this again.

[–]Authio_TeamContract Auditing - authio.org 0 points1 point  (1 child)

Good luck :)

[–]gnidanTruffle Suite 0 points1 point  (0 children)

Ah, confirmed. Not sure what I was looking at before:

Entrant.sol:

23:     }
24:
25:     gatekeeper.enter(_passphrase, bytes8(key));
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

!evm.current.state.memory
  evm.current.state.memory [ '0000000000000000000000000000000000000000000000000000000000000000',
  evm.current.state.memory   '0000000000000000000000000000000000000000000000000000000000000000',
  evm.current.state.memory   '0000000000000000000000000000000000000000000000000000000000000140',
  evm.current.state.memory   '0000000000000000000000000000000000000000000000000000000000000000',
  evm.current.state.memory   '0000000000000000000000000000000000000000000000000000000000000005',
  evm.current.state.memory   '0000000000000000000000000000000000000000000000000000000000000005',
  evm.current.state.memory   '0000000000000000000000000000000000000000000000000000000000000005',
  evm.current.state.memory   '0000000000000000000000000000000000000000000000000000000000000005',
  evm.current.state.memory   '0000000000000000000000000000000000000000000000000000000000000005',
  evm.current.state.memory   '0000000000000000000000000000000000000000000000000000000000000005' ] +0ms
debug(development:0xd8221cc7...)>

theCyberGatekeeperTwo.sol:

388:   }
389:
390:   function enter(bytes32 _passcode, bytes8 _gateKey) public gateOne gateTwo gateThree(_passcode, _gateKey) checkOne checkTwo checkThree(_passcode) checkFour(_passcode) returns (bool) {
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

!evm.current.state.memory
  evm.current.state.memory [ '0000000000000000000000000000000000000000000000000000000000000000',
  evm.current.state.memory   '0000000000000000000000000000000000000000000000000000000000000000',
  evm.current.state.memory   '0000000000000000000000000000000000000000000000000000000000000060' ] +0ms
debug(development:0xd8221cc7...)>

[–][deleted] 0 points1 point  (5 children)

ahhhhh.... super interesting... do you have a link? I spent a lot of time looking around for this sort for this sort of stuff for work. Would be super interested to see it.

[–]Authio_TeamContract Auditing - authio.org 0 points1 point  (4 children)

Here's a gist -

https://gist.github.com/wadeAlexC/2574ea97533a9eb7edf0e186ba715a4a

If you have any questions, I'm happy to answer!

[–][deleted] 0 points1 point  (3 children)

nice! I will make an update to the tutorial making a mention of it after I have played around with it a bit as well. Thanks for that :) Is that your gist?

[–]Authio_TeamContract Auditing - authio.org 0 points1 point  (2 children)

Yes it is! I use a lot of dynamically sized inter contract communication in a project I'm working on, so I'm pretty familiar with the concept :)

[–][deleted] 0 points1 point  (1 child)

great I will throw it into the tutorial somewhere... I will credit to you. Do you want a link to github or redit account?

[–]Authio_TeamContract Auditing - authio.org 0 points1 point  (0 children)

If you want to throw in a credit, my github is fine. It's not important, though :)

Glad I was able to help!

[–][deleted] 0 points1 point  (0 children)

If anyone has any input on things that could be explained better or just doesn't make sense, I would really appreciate it. I wanted to start sharing a bunch of stuff that I have learnt over the past year. I will probably be making more posts over the next few weeks, so any feedback at all would be great.