Open BattleBird opened 4 years ago
@BattleBird, please, can you send the command line arguments used to test this case with parity-evm
?
bincode = "608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063f8a8fd6d146044575b600080fd5b348015604f57600080fd5b506056606c565b6040518082815260200191505060405180910390f35b6000806000809150600590505b60018111156094578181830201915080806001019150506079565b8192505050905600a165627a7a72305820312eb5b58f64ed74312b1ca78ec7ed036d4f11828abce1abdaa34a78b0cdef9e0029"
inputdata = "f8a8fd6d"
the complete command is ./parity-evm stats --json --code 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063f8a8fd6d146044575b600080fd5b348015604f57600080fd5b506056606c565b6040518082815260200191505060405180910390f35b6000806000809150600590505b60018111156094578181830201915080806001019150506079565b8192505050905600a165627a7a72305820312eb5b58f64ed74312b1ca78ec7ed036d4f11828abce1abdaa34a78b0cdef9e0029 --input f8a8fd6d
This is my running memory, we can see the memory consumption is gradually increasing
@BattleBird, sorry for the late response. In order to check if something could be a problem in mainnet the better option is to put the maximum amount of gas in a block (now is 12M), and to remove the --json
flag, since openthereum does not stores in memory the trace in json of the transactions executed.
So, try again with stats --code 608060405260043610603f576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063f8a8fd6d146044575b600080fd5b348015604f57600080fd5b506056606c565b6040518082815260200191505060405180910390f35b6000806000809150600590505b60018111156094578181830201915080806001019150506079565b8192505050905600a165627a7a72305820312eb5b58f64ed74312b1ca78ec7ed036d4f11828abce1abdaa34a78b0cdef9e0029 --input f8a8fd6d --gas B71B00
when we use a bytecode which contains an "infinite loop" to test the parity-evm binary, the EVM will keep running and consume the memory and CPU resources until the out of memory and crash. If we use the crafted bytecode to attack the "openethereum", is this a kind of denial of service? for example, we use this simple contract as follows,