CVE-2022-39354: Incorrect is_static Parameter in SputnikVM Custom Precompiles

SputnikVM, also referred to as "evm", is an Ethereum Virtual Machine (EVM) implementation written in the Rust programming language. It serves as a core component of various Ethereum-related projects, including blockchain platforms and smart contract development tools. Using custom stateful precompiles with SputnikVM allows developers to integrate complex functionality and optimized execution into their smart contracts.

A new vulnerability, identified as CVE-2022-39354, has been discovered in SputnikVM versions prior to .36.. This vulnerability stems from an incorrect is_static parameter when using custom stateful precompiles. The potential impact of this issue is the possibility of incorrect state transitions in affected precompiles.

Details

The is_static parameter in custom stateful precompiles is meant to determine if the call is being executed in a static context (i.e., via the STATICCALL opcode). This information allows developers to control whether or not stateful operations should be performed. Unfortunately, in SputnikVM versions prior to .36., the is_static parameter was not set correctly.

Specifically, is_static was only set to true if the call came directly from the STATICCALL opcode. However, when a static call context is entered, it should remain static. This improper handling of the is_static flag can cause custom stateful precompiles that rely on it to execute irregular state transitions.

An example of incorrect is_static parameter handling can be seen in the following code snippet

fn example_precompile(
    input: &[u8],
    gas_limit: &Gas,
    is_static: bool,
    params: &ActionParams, // more parameters
) -> Result<PrecompileOutput, Error> {
    if is_static {
        // do some static operation
    } else {
        // do some stateful operation, expecting this to be a non-static context
    }
}

In this example, the is_static parameter is improperly set, which could lead to incorrect behavior in both the static and stateful operations.

Mitigation

The issue has been addressed in SputnikVM version .36. through a patch that properly handles the is_static parameter. Users are urged to update their SputnikVM installations to this latest version to protect against this security vulnerability. There are no known workarounds for this issue in earlier versions.

To learn more about SputnikVM, its usage in Ethereum projects, and the specific details of this vulnerability, refer to the following original references:

1. SputnikVM project page: https://github.com/rust-blockchain/evm
2. Rust programming language: https://www.rust-lang.org

Exploit details

No specific exploit code has been provided as this issue only affects custom precompiles using the is_static parameter. The misuse of this parameter could lead to incorrect state transitions, affecting the integrity of smart contracts relying on such precompiles. Users must update their SputnikVM installations to version .36. to protect their systems.

In conclusion, the CVE-2022-39354 vulnerability in SputnikVM demonstrates the importance of proper parameter handling when dealing with critical functions and state transitions in blockchain platforms like Ethereum. Ensuring accurate and reliable execution of smart contract operations is crucial to maintain trust and reliability in decentralized applications. Developers should always remain vigilant and keep their tools up-to-date to maintain the highest levels of security in their projects.

Timeline

Published on: 10/25/2022 19:15:00 UTC
Last modified on: 10/28/2022 19:37:00 UTC