CVE-2020-26241: Shallow copy bug in geth
6.5
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
github.com/ethereum/go-ethereum | go | >= 1.9.7, < 1.9.17 | 1.9.17 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from the dataCopy
precompile (0x00..04) performing a shallow copy of its input. The dataCopy.Run
function in core/vm/contracts.go
returns the input slice directly, creating a reference to the original EVM memory. When this memory is later overwritten (as described in the attack scenario), the return data becomes corrupted. The RunPrecompiledContract
function in the same file exacerbated this by not making a defensive copy of the precompile's output before returning it. The combination of these two factors allowed memory aliasing to create consensus-critical discrepancies. The commit patched this by modifying gas handling and return data management patterns, though the direct fix for the shallow copy would require changes to dataCopy.Run
or its consumers.