Summary: Under certain conditions, it is possible to overwrite variables in storage.
Affected Solidity compiler versions: 0.1.6 to 0.4.3 (including preview versions from 0.4.4)
Detailed description:
If Storage Variables are smaller than 256 bits, they can be stored in one 256-bit slot, if possible. In such cases, if the type does not allow for a higher value, the first variable will obtain it. This value will override the second variable.
This means that an attacker could cause an overflow on the first variable. Consequently, the second variable could be modified. It is possible to create an overflow on the first variable through arithmetic or by directly passing a value from the call data (values in the call data are aligned to 32 bytes and padding is not checked or applied).
You can only use the following types to determine state variables. Not affected. ArraysStructures, assignments, as well as structures (based upon the following types) are also available. Not affected:
- Signed integers that are smaller than 256 bits.
- Types up to NN bytes, which includes sizes smaller than 256 bits
- Unsigned integers at 256-bits (uint).
Contracts with the following types must not be placed next to one another (remember that the state variables for the base contracts are important). “attract”( Not affected.
Ethereum Multi-signature wallet contracts are available Not affected. Note Addresses occupy 160 bits so contracts that use only type and addresses with 256 bits are safe. Also, practically speaking, addresses and booleans cannot be manipulated using arithmetic. This means that contracts that use only addresses, buoleans and 256 bit types are safe.
The following contracts could be affected: Contracts that contain two or more contiguous states variables whose sum is less than 256 bits. The first statevariable is not signed and is not of type bytesNN.
Types smaller than 256 bits: bool, address, enums and uint8 uint248, …, address, any type of contract
Suggested action:
- Rebuild Contracts that haven’t been used at least once Solidity Version 0.4.4 (not Preview or Nightly).
- Deactivate or Remove funds from or update contracts that have already been implemented.
This information was provided by [github.com/catageek](https://github.com/catageek): [https://github.com/ethereum/solidity/issues/1306](https://github.com/ethereum/solidity/issues/1306)
