The Move language has a security check that contains an integer overflow vulnerability, which may lead to a denial-of-service attack.

robot
Abstract generation in progress

A new integer overflow vulnerability discovered in Move language

Recently, a new integer overflow vulnerability in the Move language was discovered. This vulnerability exists during the reference safety check process in the code validation phase and could lead to denial of service attacks.

The Move language performs code verification before executing bytecode, which is divided into four steps. This vulnerability occurs during the reference safety (reference_safety) step. The reference safety check mainly verifies whether there are dangling references in the code, whether mutable reference access is safe, and whether global storage reference access is safe, among other issues.

Numen Cyber Exclusive Discovery: Another High-Risk Vulnerability in Move Language

During the verification process, each basic block will be analyzed. A basic block refers to a sequence of code that has no branch instructions except for entry and exit. Move identifies basic blocks by traversing the bytecode and looking for branch and loop instructions.

Numen Cyber exclusively discovered another high-risk vulnerability in the move language

The reference security check module scans the bytecode instructions of each basic block in the function to determine whether the reference operations are legal. The main process includes: executing the basic block code, generating the post-execution state, merging and updating the block state before and after execution, and propagating it to subsequent blocks.

Numen Cyber exclusive discovery of another high-risk vulnerability in the move language

The vulnerability occurs during the merge state process. When the sum of the number of function parameters and local variables exceeds 256, an integer overflow occurs due to the use of u8 type storage. This leads to accessing non-existent local variables in subsequent execution, resulting in a panic.

Numen Cyber exclusive discovery of another high-risk vulnerability in the move language

An attacker can construct a looping basic block to exploit this overflow and change the state of the block. When executed again, accessing a non-existent local variable index will lead to a denial of service.

Numen Cyber exclusive discovery of another high-risk vulnerability in move language

This vulnerability reflects that even the strictly designed Move language may have security loopholes that can be bypassed. It is recommended that Move language designers add more checks at runtime to prevent similar unexpected situations. Further research on the security of the Move language needs to be strengthened in the future.

Numen Cyber exclusively discovered another critical vulnerability in the move language

Numen Cyber Exclusive Discovery: Another High-Risk Vulnerability in Move Language

Numen Cyber exclusively discovered another high-risk vulnerability in the move language

Numen Cyber exclusive discovery of another high-risk vulnerability in Move language

Numen Cyber exclusively discovered another high-risk vulnerability in the move language

Numen Cyber exclusively discovered another critical vulnerability in the move language

Numen Cyber exclusively discovered another critical vulnerability in the Move language

Numen Cyber Exclusive Discovery of Another High-Risk Vulnerability in Move Language

Numen Cyber exclusive discovery of another high-risk vulnerability in move language

Numen Cyber exclusive discovery of another high-risk vulnerability in move language

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 7
  • Share
Comment
0/400
AirdropFreedomvip
· 22h ago
The vulnerability is quite serious.
View OriginalReply0
PretendingSeriousvip
· 22h ago
Code is king, inspection is paramount.
View OriginalReply0
NFTRegretDiaryvip
· 22h ago
Need to urgently fix the vulnerability.
View OriginalReply0
DefiEngineerJackvip
· 22h ago
*sigh* trivial u8 overflow issue
Reply0
WinterWarmthCatvip
· 22h ago
No wonder the plate is unstable.
View OriginalReply0
ForkPrincevip
· 22h ago
The overflow vulnerability is very deadly.
View OriginalReply0
DeFiAlchemistvip
· 22h ago
Numerics reveal mystic flaws.
Reply0
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)