search

openethereum / parity-ethereum

The fast, light, and robust client for Ethereum-like networks.
Other
6.82k stars 1.69k forks source link

An corner test which contains "infinite loop" can cause potential denial of service in openethereum #11743

Open BattleBird opened 4 years ago

BattleBird commented 4 years ago

when we use a bytecode which contains an "infinite loop" to test the parity-evm binary, the EVM will keep running and consume the memory and CPU resources until the out of memory and crash. If we use the crafted bytecode to attack the "openethereum", is this a kind of denial of service? for example, we use this simple contract as follows, Screenshot from 2020-05-31 22-36-52

adria0 commented 4 years ago

@BattleBird, please, can you send the command line arguments used to test this case with parity-evm ?

BattleBird commented 4 years ago

bincode = "608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063f8a8fd6d146044575b600080fd5b348015604f57600080fd5b506056606c565b6040518082815260200191505060405180910390f35b6000806000809150600590505b60018111156094578181830201915080806001019150506079565b8192505050905600a165627a7a72305820312eb5b58f64ed74312b1ca78ec7ed036d4f11828abce1abdaa34a78b0cdef9e0029"

inputdata = "f8a8fd6d"

the complete command is ./parity-evm stats --json --code 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063f8a8fd6d146044575b600080fd5b348015604f57600080fd5b506056606c565b6040518082815260200191505060405180910390f35b6000806000809150600590505b60018111156094578181830201915080806001019150506079565b8192505050905600a165627a7a72305820312eb5b58f64ed74312b1ca78ec7ed036d4f11828abce1abdaa34a78b0cdef9e0029 --input f8a8fd6d

This is my running memory, we can see the memory consumption is gradually increasing Screenshot from 2020-06-01 15-00-07

adria0 commented 4 years ago

@BattleBird, sorry for the late response. In order to check if something could be a problem in mainnet the better option is to put the maximum amount of gas in a block (now is 12M), and to remove the --json flag, since openthereum does not stores in memory the trace in json of the transactions executed.

So, try again with stats --code 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063f8a8fd6d146044575b600080fd5b348015604f57600080fd5b506056606c565b6040518082815260200191505060405180910390f35b6000806000809150600590505b60018111156094578181830201915080806001019150506079565b8192505050905600a165627a7a72305820312eb5b58f64ed74312b1ca78ec7ed036d4f11828abce1abdaa34a78b0cdef9e0029 --input f8a8fd6d --gas B71B00