From 969886c3764514c0342b7458341975493dbb8c4e Mon Sep 17 00:00:00 2001 From: Vladislav Volosnikov Date: Fri, 3 Jan 2025 12:23:45 +0100 Subject: [PATCH] fix(EVM): Check the bytecode length on call (L-05) (#1181) --- system-contracts/contracts/EvmEmulator.yul | 6 +++++- system-contracts/evm-emulator/EvmEmulator.template.yul | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/system-contracts/contracts/EvmEmulator.yul b/system-contracts/contracts/EvmEmulator.yul index fa1ecab2b..38cf0a9be 100644 --- a/system-contracts/contracts/EvmEmulator.yul +++ b/system-contracts/contracts/EvmEmulator.yul @@ -2973,8 +2973,12 @@ object "EvmEmulator" { getCodeAddress(), BYTECODE_OFFSET(), // destination offset 0, // source offset - MAX_POSSIBLE_DEPLOYED_BYTECODE_LEN() + add(MAX_POSSIBLE_DEPLOYED_BYTECODE_LEN(), 1) // so we can check that bytecode isn't too big ) + + if gt(codeLen, MAX_POSSIBLE_DEPLOYED_BYTECODE_LEN()) { + panic() + } mstore(EMPTY_CODE_OFFSET(), 0) mstore(BYTECODE_LEN_OFFSET(), codeLen) diff --git a/system-contracts/evm-emulator/EvmEmulator.template.yul b/system-contracts/evm-emulator/EvmEmulator.template.yul index c7083e839..b9bc96a2b 100644 --- a/system-contracts/evm-emulator/EvmEmulator.template.yul +++ b/system-contracts/evm-emulator/EvmEmulator.template.yul @@ -114,8 +114,12 @@ object "EvmEmulator" { getCodeAddress(), BYTECODE_OFFSET(), // destination offset 0, // source offset - MAX_POSSIBLE_DEPLOYED_BYTECODE_LEN() + add(MAX_POSSIBLE_DEPLOYED_BYTECODE_LEN(), 1) // so we can check that bytecode isn't too big ) + + if gt(codeLen, MAX_POSSIBLE_DEPLOYED_BYTECODE_LEN()) { + panic() + } mstore(EMPTY_CODE_OFFSET(), 0) mstore(BYTECODE_LEN_OFFSET(), codeLen)