Use EIP-7201 to define storage slots #166
Comments
|
As discussed on Discord (https://discord.com/channels/969993840318611476/1040352410087985182/1042896740975652945), I found a theoretical attack vector, but it would rely on the inclusion of ASCII control codes in a storage layout string. This seems unlikely to cause any issues. |
|
Proof of concept of the attack vector is here: https://github.com/solidstate-network/diamond-storage-preimage-attack/ |
|
Implementing EIP-7201 would solve this. |
ItsNickBarry
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This EIP uses
keccak256to generate storage slots, and subtracts 1 from the result to avoid preimage attacks. This works for the EIP because it uses only single-slot storage values, but not for SolidState because many of the storage layout structs are multi-slot.Should try to address this? It's not entirely clear what such a preimage attack would look like. If such an attack can be demonstrated, I would suggest using bitwise-not rather than subtraction of 1 to obscure the SolidState storage slots.
The text was updated successfully, but these errors were encountered: