Merge pull request #704 from ethereum/malleability

Expanded malleability risks.
2023-10-03 13:03:40 +00:00 · 2016-07-18 19:34:35 +02:00 · 2016-07-18 19:34:35 +02:00 · e10297a2ef
commit e10297a2ef
parent f24d70e914 b71144dd53
1 changed files with 5 additions and 1 deletions
--- a/docs/security-considerations.rst
+++ b/docs/security-considerations.rst
@ -146,7 +146,11 @@ Minor Details
  Furthermore, it is not enforced by the EVM, so a contract function that "claims"
  to be constant might still cause changes to the state.
 - Types that do not occupy the full 32 bytes might contain "dirty higher order bits".
-  This is especially important if you access ``msg.data`` - it poses a malleability risk.
+  This is especially important if you access ``msg.data`` - it poses a malleability risk:
+  You can craft transactions that call a function ``f(uint8 x)`` with a raw byte argument
+  of ``0xff000001`` and with ``0x00000001``. Both are fed to the contract and both will
+  look like the number ``1`` as far as ``x`` is concerned, but ``msg.data`` will
+  be different, so if you use ``sha3(msg.data)`` for anything, you will get different results.

 ***************
 Recommendations