A short analysis of the wild exploitation of CVE-2021–39137
CVE-2021–39137 is a vulnerability which has been reported and fixed a few days ago. However, not all Ethereum nodes have applied the patch. We observe this vulnerability has been exploited by a malicious transaction.
This transaction has a
STATICCALL with the address 0x4. This is a pre-compiled smart contract
dataCopy. The argument is as follows.
inOffset = 0, inSize = 32, retOffset = 7 and retSize = 32.
The 0x4 smart contract
Since the target of the
STATICCALL is the 0x4 pre-compiled contract, it will execute the
RunPrecompiledContract function in Figure 1.
According to Figure 2/3, the 0x4 smart contract is simply returning the reference of the
Figure 4 is the code for the opcode
STATICCALL. In line 751,
args points to [inOffset ~ inOffset + inSize ] of the EVM memory, which is Mem[0:32].
According to Figure 5 and the analysis of the code logic of 0x04 (Figure 2/3), the return value (
ret) is a reference to the same memory as
args. That is to say, it also points to Mem[0:32].
In the vulnerable code (version 1.10.7), line 762 copies the content of
ret to Mem[retOffset : retOffset + retOffset], i.e., copy Mem[0:32] to Mem [7:7+32]. This operation accidently changes the content of
ret. This means the return value of the 0x4 pre-compiled contract has been modified.
In the fixed version (1.10.8), it makes a copy of
ret (line 766). This can fix the vulnerability since the copy in line 767 cannot modify the content of
The attack is analyzed by Siwei Wu, Yufeng Hu, Lei Wu, Yajin Zhou@BlockSec