Back to search
CVE-2018-18920
Published: Nov 12, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://twitter.com/AlexanderFisher/status/1060923428641878019
x_refsource_MISC
https://github.com/ethereum/py-evm/issues/1448
x_refsource_MISC
https://twitter.com/NettaLab/status/1060889400102383617
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now