-
Notifications
You must be signed in to change notification settings - Fork 334
/
Copy pathcalldatacopyFiller.yml
342 lines (265 loc) · 7.75 KB
/
calldatacopyFiller.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
calldatacopy:
env:
currentCoinbase: 2adc25665018aa1fe0e6bc666dac8fc2697ff9ba
currentDifficulty: 0x20000
currentGasLimit: 100000000
currentNumber: 1
currentTimestamp: 1000
_info:
comment: Ori Pomerantz qbzzt1@gmail.com
pre:
0000000000000000000000000000000000001000:
balance: '0x0ba1a9ce0ba1a9ce'
code: |
{
; Copy data from calldata locations [1:(1+2)-1] to memory
; locations [0:(0+2)-1]. So we skip the 0'th byte (the 0x12),
; and write the second and third bytes into memory locations zero
; and one.
;
; When put into a 256 bit storage cell, this gives us 0x3456....0
(calldatacopy 0 1 2)
[[0]] @0
(return 0 (msize))
}
nonce: '0'
storage: {}
# Same as 0x100, but with a length of one
0000000000000000000000000000000000001001:
balance: '0x0ba1a9ce0ba1a9ce'
code: |
{
(calldatacopy 0 1 1)
[[0]] @0
(return 0 (msize))
}
nonce: '0'
storage: {}
# Same as 0x100, but with a length of zero
0000000000000000000000000000000000001002:
balance: '0x0ba1a9ce0ba1a9ce'
code: |
{
(calldatacopy 0 1 0)
[[0]] @0
(return 0 (msize))
}
nonce: '0'
storage: {}
# ZeroMemExpansion
0000000000000000000000000000000000001003:
balance: '0x0ba1a9ce0ba1a9ce'
code: |
{
(calldatacopy 0 0 0)
[[0]] @0
(return 0 (msize))
}
nonce: '0'
storage: {}
# DataIndexTooHigh
0000000000000000000000000000000000001004:
balance: '0x0ba1a9ce0ba1a9ce'
code: |
{
(calldatacopy 0
0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa 0xff)
[[0]] @0
(return 0 (msize))
}
nonce: '0'
storage: {}
# DataIndexTooHigh 2
0000000000000000000000000000000000001005:
balance: '0x0ba1a9ce0ba1a9ce'
code: |
{
(calldatacopy 0
0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa 0x09)
[[0]] @0
(return 0 (msize))
}
nonce: '0'
storage: {}
# Underflow
0000000000000000000000000000000000001010:
balance: '0x0ba1a9ce0ba1a9ce'
#
# 0 PUSH1 1
# 2 PUSH1 1
# 4 SSTORE (to have a value that will appear unless we revert)
# 5 PUSH1 1
# 7 PUSH1 2
# 9 CALLDATACOPY
code: :raw 0x60016001556001600237
nonce: '0'
storage: {}
# sec, provided as bytecode, disassembled by https://etherscan.io/opcode-tool
0000000000000000000000000000000000001011:
balance: '0x0ba1a9ce0ba1a9ce'
# [1] PUSH1 0x05
# [2] JUMP Jump to 5
# [3] JUMPDEST If we got here, failure
# [4] STOP
# [5] JUMPDEST
# [7] PUSH1 0x42
# [9] PUSH1 0x1f
# [10] MSTORE8 mem[0x1f] = 0x42
# [13] PUSH2 0x0103
# [15] PUSH1 0x00
# [17] PUSH1 0x1f
# [18] CALLDATACOPY calldatacopy of 0x0103 bytes to memory 0x1f (and later)
# [20] PUSH1 0x00
# [21] MLOAD ; Should be zero
# [22] DUP1
# [24] PUSH1 0x60
# [25] EQ ; Is zero equal to 0x60?
# [27] PUSH1 0x03 ; If so, fail
# [28] JUMPI
# [34] PUSH5 0x0badc0ffee If we got here, success
# [36] PUSH1 0xff
# [37] SSTORE
code: :raw 0x6005565b005b6042601f536101036000601f3760005180606014600357640badc0ffee60ff55
nonce: '0'
storage: {}
cccccccccccccccccccccccccccccccccccccccc:
balance: '0x0ba1a9ce0ba1a9ce'
code: |
{
; Put a 0x10 byte long value in zero (each byte is two hex digits)
; Then call a contract with just that data. In evm the most
; significant byte comes first, so the value ends up in memory
; locations 0x10-0x1F
[0] 0x1234567890abcdef01234567890abcdef0
(call 0xffffff (+ 0x1000 $4) 0
0x0F 0x10 ; arg offset and length to get the 0x1234...f0 value
0x20 0x40) ; return offset and length
; Preserve the return data
[[0]] @0x20
[[1]] @0x40
}
nonce: '0'
storage: {}
a94f5374fce5edbc8e2a8697c15331677e6ebf0b:
balance: '0x0ba1a9ce0ba1a9ce'
code: '0x'
nonce: '0'
storage: {}
transaction:
data:
- :label cdc_0_1_2 :abi f(uint) 0
- :label cdc_0_1_1 :abi f(uint) 1
- :label cdc_0_1_0 :abi f(uint) 2
- :label cdc_0_0_0 :abi f(uint) 3
- :label cdc_0_neg6_ff :abi f(uint) 4
- :label cdc_0_neg6_9 :abi f(uint) 5
- :label underflow :abi f(uint) 0x10
- :label sec :abi f(uint) 0x11
gasLimit:
- '80000000'
gasPrice: '10'
nonce: '0'
to: cccccccccccccccccccccccccccccccccccccccc
value:
- '1'
secretKey: "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8"
expect:
- indexes:
data: :label cdc_0_1_2
gas: !!int -1
value: !!int -1
network:
- '>=Cancun'
result:
0000000000000000000000000000000000001000:
storage:
0: 0x3456000000000000000000000000000000000000000000000000000000000000
# The return value of the call, which is the memory content
cccccccccccccccccccccccccccccccccccccccc:
storage:
0: 0x3456000000000000000000000000000000000000000000000000000000000000
- indexes:
data: :label cdc_0_1_1
gas: !!int -1
value: !!int -1
network:
- '>=Cancun'
result:
0000000000000000000000000000000000001001:
storage:
0: 0x3400000000000000000000000000000000000000000000000000000000000000
cccccccccccccccccccccccccccccccccccccccc:
storage:
0: 0x3400000000000000000000000000000000000000000000000000000000000000
- indexes:
data: :label cdc_0_1_0
gas: !!int -1
value: !!int -1
network:
- '>=Cancun'
result:
0000000000000000000000000000000000001002:
storage:
0: 0
cccccccccccccccccccccccccccccccccccccccc:
storage:
0: 0
- indexes:
data: :label cdc_0_0_0
gas: !!int -1
value: !!int -1
network:
- '>=Cancun'
result:
0000000000000000000000000000000000001003:
storage:
0: 0
cccccccccccccccccccccccccccccccccccccccc:
storage:
0: 0
- indexes:
data: :label cdc_0_neg6_ff
gas: !!int -1
value: !!int -1
network:
- '>=Cancun'
result:
0000000000000000000000000000000000001004:
storage:
0: 0
cccccccccccccccccccccccccccccccccccccccc:
storage:
0: 0
- indexes:
data: :label cdc_0_neg6_9
gas: !!int -1
value: !!int -1
network:
- '>=Cancun'
result:
0000000000000000000000000000000000001005:
storage:
0: 0
cccccccccccccccccccccccccccccccccccccccc:
storage:
0: 0
- indexes:
data: :label underflow
gas: !!int -1
value: !!int -1
network:
- '>=Cancun'
result:
0000000000000000000000000000000000001010:
storage:
1: 0
- indexes:
data: :label sec
gas: !!int -1
value: !!int -1
network:
- '>=Cancun'
result:
0000000000000000000000000000000000001011:
storage:
0xff: 0x0badc0ffee