Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Purity checker does not filter STATICCALL opcode

See original GitHub issue

As defined in EIP214, the STATICCALL opcode allows a contract to read the mutable state of another contract.

The purity checker does not blacklist this opcode. I think it should.

EDIT: STATICCALL should not be blacklisted - instead filtered so that it may only be used upon pre-approved addresses.

Issue Analytics

  • State:open
  • Created 5 years ago
  • Reactions:3
  • Comments:7 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
paulhaunercommented, Jun 7, 2018

Oh, sorry I think I misunderstood!

Yes, I think STATICCALL should be added to that code you linked. ☺️

0reactions
ChihChengLiangcommented, Jun 7, 2018

ah sorry, I mean 0xfa are treated differently from other CALLs. Is that what you want?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Issues · ethereum/casper - GitHub
Casper contract, and related software and tests. ... Purity checker does not filter STATICCALL opcode bug. #170 opened on Jun 7, 2018 by...
Read more >
EVM STATICCALL opcode - Medium
It means a subset of reentrancy vulnerabilities is prevented. How it is related to Solidity. Solidity already has the so-calledpure and view ...
Read more >
Contracts — Solidity 0.8.17 documentation
The deployed code does not include the constructor code or internal functions only ... the compiler did not use the STATICCALL opcode for...
Read more >
Disclosure: geth/parity DoS transactions - HackMD
The EVM-opcodes BALANCE , EXTCODEHASH , EXTCODESIZE , and CALL/STATICCALL/DELEGATECALL/CALLCODE are implemented in geth and parity to lookup their values ...
Read more >
Security Pitfalls & Best Practices 101 - Secureum | Substack
Check if the constructor is implemented or remove call if not. ... >=0.5.0 (work in prior versions) because of the use of STATICCALL...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Use of BTCRelay without paying fees

Next page

Add vyper compiling instructions to README