Daohub-io / cap9

Capability-based security protocol for smart contracts
Apache License 2.0
22 stars 10 forks source link

Bug: Handle Invalid CapList Input #161

Open Latrasis opened 5 years ago

Latrasis commented 5 years ago

From @17451k:

..possible integer overflow in _procRegSystemCall function from the Kernel.sol file. There is a piece of code that calculates the length of the capabilities array in bytes:

uint256 capsLengthBytes = msg.data.length - capsStartOffset;

In normal circumstances (when the system call is executed using proc_reg function of BeakerContract) msg.data.length is always greater or equal than capsStartOffset. But someone can try to make system call directly and compose incorrect message with smaller length than needed. What will happen in this case here, and how does kernel react to malformed system calls in general?

Latrasis commented 5 years ago

@17451k: Yes, the input should be checked. If the system call is malformed the kernel should call REVERT which sends false to the caller procedure.