{"id":8737,"date":"2025-02-19T11:53:27","date_gmt":"2025-02-19T10:53:27","guid":{"rendered":"https:\/\/wsj-crypto.com\/?p=8737"},"modified":"2025-02-19T11:53:27","modified_gmt":"2025-02-19T10:53:27","slug":"beware-solidity-storage-vulnerability-your-variables-might-be-at-risk","status":"publish","type":"post","link":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/19\/beware-solidity-storage-vulnerability-your-variables-might-be-at-risk\/","title":{"rendered":"Beware! Solidity Storage Vulnerability: Your Variables Might Be at Risk"},"content":{"rendered":"

<\/p>\n

\n

Overview:<\/strong> In certain circumstances, variables may overwrite others in storage.<\/p>\n

<\/p>\n

Affected versions of Solidity compiler: <\/strong>0.1.6 up to 0.4.3 (inclusive of 0.4.4 pre-release versions)<\/p>\n

<\/p>\n

In-depth explanation:<\/strong><\/p>\n

<\/p>\n

Storage variables smaller than 256 bits are grouped within the same 256 bit slot if they can fit together. When a value exceeding the allowed range of the type is assigned to the first variable, that value overwrites the subsequent variable.<\/p>\n

<\/p>\n

Consequently, if an adversary manages to induce an overflow in the value of the first variable, the second variable could be altered. An overflow can be triggered in the first variable through arithmetic operations or by directly supplying a value from the call data (as call data values align to 32 bytes, padding is not checked or enforced).<\/p>\n

<\/p>\n

Contracts exclusively utilizing the types specified below for state variables are not<\/strong> impacted. Arrays, mappings, and structs (constructed from those specified types) are also not<\/strong> impacted:<\/p>\n

<\/p>\n