Missing check for TRANSIENT in codegen

vyperlang / vyper

Pythonic Smart Contract Language for the EVM

https://vyperlang.org

Other

4.87k stars 796 forks source link

Missing check for TRANSIENT in codegen #4020

Closed chen-robert closed 5 months ago

chen-robert commented 6 months ago

When validating if a @view/@pure function writes to state in _get_target, it is only validated that the location isn't STORAGE. In cancun, it should also check if the location is TRANSIENT. We didn't find this to be currently exploitable because this is caught by the semantic analyzer, but if the check in get_target is still to be used, it might be a good idea to fix it.

charles-cooper commented 6 months ago

the check in get_target is never supposed to be tripped (TypeCheckFailure is classified as a kind of panic), but yea we should probably update

charles-cooper commented 5 months ago

resolved in #4015