![]() ![]() Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. There are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. As of time of publication, a fixed version does not exist. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. For ints, the 2's complement representation is used. The vulnerability is present in different forms in all versions, including `0.3.10`. The typechecker allows the usage of signed integers to be used as indexes to arrays. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |