dexon - DEXON full node (https://github.com/dexon-foundation/dexon)

diff options

author	Wei-Ning Huang <w@dexon.org>	2019-01-24 17:30:03 +0800
committer	Wei-Ning Huang <w@dexon.org>	2019-03-12 12:19:09 +0800
commit	3d667d1d4f8f5f317bc7a1f4bb3f20ed1244cdff (patch)
tree	734836b38c4a374ae7bf598642b7ab2b7fe216de /swarm/dev/Makefile
parent	6c3d02b7c43ee470938fb929f60336d151cf25ca (diff)
download	dexon-3d667d1d4f8f5f317bc7a1f4bb3f20ed1244cdff.tar dexon-3d667d1d4f8f5f317bc7a1f4bb3f20ed1244cdff.tar.gz dexon-3d667d1d4f8f5f317bc7a1f4bb3f20ed1244cdff.tar.bz2 dexon-3d667d1d4f8f5f317bc7a1f4bb3f20ed1244cdff.tar.lz dexon-3d667d1d4f8f5f317bc7a1f4bb3f20ed1244cdff.tar.xz dexon-3d667d1d4f8f5f317bc7a1f4bb3f20ed1244cdff.tar.zst dexon-3d667d1d4f8f5f317bc7a1f4bb3f20ed1244cdff.zip

core: vm: modify randomness calculation algorithm (#173)

The original algorithm used for calculating algorithm is vulnerable to cross context re-entry attack. Example as follows: contract B { event Value(uint256 value); uint256 public value; function call() public { value = rand; emit Value(value); } } contract A { function randTwice(address bAddr) public { B b = B(bAddr); b.call.gas(100000)(); b.call.gas(100000)(); } } The two `b.call` will result in the same randomness value. This commit fix the issue by recording a called index used to store how many times opRand is called, and use it as argument to the Keccak call.

Diffstat (limited to 'swarm/dev/Makefile')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: