🌟 Photo Sharing Tips: How to Stand Out and Win?
1.Highlight Gate Elements: Include Gate logo, app screens, merchandise or event collab products.
2.Keep it Clear: Use bright, focused photos with simple backgrounds. Show Gate moments in daily life, travel, sports, etc.
3.Add Creative Flair: Creative shots, vlogs, hand-drawn art, or DIY works will stand out! Try a special [You and Gate] pose.
4.Share Your Story: Sincere captions about your memories, growth, or wishes with Gate add an extra touch and impress the judges.
5.Share on Multiple Platforms: Posting on Twitter (X) boosts your exposure an
The Move language has a security check that contains an integer overflow vulnerability, which may lead to a denial-of-service attack.
A new integer overflow vulnerability discovered in Move language
Recently, a new integer overflow vulnerability in the Move language was discovered. This vulnerability exists during the reference safety check process in the code validation phase and could lead to denial of service attacks.
The Move language performs code verification before executing bytecode, which is divided into four steps. This vulnerability occurs during the reference safety (reference_safety) step. The reference safety check mainly verifies whether there are dangling references in the code, whether mutable reference access is safe, and whether global storage reference access is safe, among other issues.
During the verification process, each basic block will be analyzed. A basic block refers to a sequence of code that has no branch instructions except for entry and exit. Move identifies basic blocks by traversing the bytecode and looking for branch and loop instructions.
The reference security check module scans the bytecode instructions of each basic block in the function to determine whether the reference operations are legal. The main process includes: executing the basic block code, generating the post-execution state, merging and updating the block state before and after execution, and propagating it to subsequent blocks.
The vulnerability occurs during the merge state process. When the sum of the number of function parameters and local variables exceeds 256, an integer overflow occurs due to the use of u8 type storage. This leads to accessing non-existent local variables in subsequent execution, resulting in a panic.
An attacker can construct a looping basic block to exploit this overflow and change the state of the block. When executed again, accessing a non-existent local variable index will lead to a denial of service.
This vulnerability reflects that even the strictly designed Move language may have security loopholes that can be bypassed. It is recommended that Move language designers add more checks at runtime to prevent similar unexpected situations. Further research on the security of the Move language needs to be strengthened in the future.