diff options
| author | chriseth <c@ethdev.com> | 2016-07-19 01:34:35 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-07-19 01:34:35 +0800 |
| commit | e10297a2efc5f8b37c7898391315eb7551522d4c (patch) | |
| tree | 3d2b22468895ba5175c68feab078921dc44a26b9 /docs/security-considerations.rst | |
| parent | f24d70e914eeec1a3e51b0d118074ab68faa3bd3 (diff) | |
| parent | b71144dd537ec0df90c0fc3599d9c5178810a676 (diff) | |
| download | dexon-solidity-e10297a2efc5f8b37c7898391315eb7551522d4c.tar.gz dexon-solidity-e10297a2efc5f8b37c7898391315eb7551522d4c.tar.zst dexon-solidity-e10297a2efc5f8b37c7898391315eb7551522d4c.zip | |
Merge pull request #704 from ethereum/malleability
Expanded malleability risks.
Diffstat (limited to 'docs/security-considerations.rst')
| -rw-r--r-- | docs/security-considerations.rst | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/security-considerations.rst b/docs/security-considerations.rst index f1a5dc03..87ee567d 100644 --- a/docs/security-considerations.rst +++ b/docs/security-considerations.rst @@ -146,7 +146,11 @@ Minor Details Furthermore, it is not enforced by the EVM, so a contract function that "claims" to be constant might still cause changes to the state. - Types that do not occupy the full 32 bytes might contain "dirty higher order bits". - This is especially important if you access ``msg.data`` - it poses a malleability risk. + This is especially important if you access ``msg.data`` - it poses a malleability risk: + You can craft transactions that call a function ``f(uint8 x)`` with a raw byte argument + of ``0xff000001`` and with ``0x00000001``. Both are fed to the contract and both will + look like the number ``1`` as far as ``x`` is concerned, but ``msg.data`` will + be different, so if you use ``sha3(msg.data)`` for anything, you will get different results. *************** Recommendations |