Vyper - Compiler
Vyper
Updates
160,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

crash due to missing var_info in struct attribute

cyberthirst

Summary

Compiler crashes due to missing var_info in struct attribute when it validates modifications for immutable variables.

Vulnerability Details

For immutable variables, the number of modifications is tracked. If the surpasses 1, an exception is raised:
https://github.com/vyperlang/vyper/blob/3b310d5292c4d1448e673d7b3adb223f9353260e/vyper/semantics/analysis/base.py#L249-L253

The tracking is done using the attribute var_info. In certain scenarios this attribute is missing and the compiler crashes.

PoC

Suppose the following contract:

#@version ^0.3.9
struct B:
v1: int128
v2: decimal
struct A:
v: B
val: public(immutable(A))
@external
def __init__():
val = A({v: B({v1: 0, v2: 0.0})})
val.v.v1 += 666

When compiling the compiler crashes with:

AttributeError: 'NoneType' object has no attribute '_modification_count'

Impact

The compiler doesn't handle the modification checks (and possibly the var_info assignments) correctly for all contracts, this could lead to undefined behavior. However, we didn't find such a scenario. As such, the impact is mainly a confusing error for the developer, which can slow down the development process.

Tools Used

Manual testing.

Recommendations

The semantic analyzer most likely doesn't properly annotate all the relevant nodes with var_info (or annotates them too late). Ensure that the nodes have the necessary info needed to perform all the semantic passes.

Updates

Lead Judging Commences

patrickalphac Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

missing var_info in struct attribute

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.