search

dapphub / ds-guard

Whitelist DSAuthority for use with DSAuth
https://dapp.tools/dappsys/ds-guard.html
GNU General Public License v3.0
25 stars 25 forks source link

sig collision? #2

Open nmushegian opened 7 years ago

nmushegian commented 7 years ago

Looks like ANY trick is fine for src/dest, but is there some fuckery that could happen with a malicious function signature bytes4(uint32(-1))? @dbrock

dbrock commented 7 years ago

I think not because I use bytes32 for precisely this reason, such that in case of a would-be collision we would be still comparing these distinct values:

0xffffffff00000000000000000000000000000000000000000000000000000000 # sig 
0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff # ANY
nmushegian commented 7 years ago

Nice, I think that works as long as the previous bug where it wouldn't zero your bytes <32 args (because args are word aligned) isn't accidentally reverted with the loosey goosey solidity reference implentation