Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VM has a lot of consensus breaking bugs 🐞 #167

Closed
axic opened this issue Aug 11, 2017 · 2 comments · Fixed by #174
Closed

VM has a lot of consensus breaking bugs 🐞 #167

axic opened this issue Aug 11, 2017 · 2 comments · Fixed by #174
Assignees
@axic
Labels
package: vm type: bug

Comments

@axic
Copy link
Member

axic commented Aug 11, 2017

While doing #159 I've realised that all the opcodes using memory locations are very likely consensus-broken because they are straight converted using utils.bufferToInt to Javascript numbers.

If the input number is >= 53 bits it will not behave correctly - old ethereumjs-util truncated it silently, while the new one properly throws an exception.

In many of the cases, if such a large number is encountered, it should result on an OOG, but in our case it can fail very likely with INVALID_OPCODE.

Makes me wonder if the state tests have a good coverage (because we do pass them...) or they are left to the VM tests to check these bounds?
@axic
Copy link
Member Author

axic commented Aug 11, 2017

Simple test case 0 <54 bit number> MSTORE.

@axic
Copy link
Member Author

axic commented Aug 11, 2017
edited
Loading

Affected opcodes:

  • ISZERO
  • BYTE
  • SHA3
  • CALLDATALOAD
  • CALLDATACOPY
  • CODECOPY
  • EXTCODECOPY
  • BLOCKHASH
  • MLOAD
  • MSTORE
  • MSTORE8
  • JUMP
  • JUMPI
  • LOG
  • CREATE
  • CALL
  • CALLCODE
  • DELEGATECALL
  • RETURN

This was referenced Aug 11, 2017
Merged
Merged
Merged
@axic axic self-assigned this Aug 14, 2017
@axic axic added the type: bug label Sep 7, 2017
@cdetrio cdetrio mentioned this issue Dec 15, 2017
Closed
holgerd77 pushed a commit that referenced this issue Dec 1, 2020
@ryanio
Merge pull request #167 from ethereumjs/fix-missing-pull-pair
796cfd8 
Fix missing pull-pair
@Woodpile37 Woodpile37 mentioned this issue Aug 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@axic axic

Labels
package: vm type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Rework memory expansion/access in opFns ethereumjs/ethereumjs-monorepo
3 participants
@axic @evertonfraga @wanderer