Fixed: Cadence Vulnerability 2023-03-30

Issue Overview

  • Current Status: Issue Fixed
  • Affected Network: Testnet, Mainnet

Summary of Impact

A high-impact vulnerability that could crash an execution node when trying to return a cyclic storage reference from a script.

Technical Summary of Issue

When a reference value is returned from a script, it is first de-referenced, and that de-referenced value is returned. If the returned reference is an ephemeral reference, then Cadence checks for cyclic references before the value is returned, because de-referencing a cyclic reference can cause infinite recursion. However, this check was not available for storage references, and hence the dereferencing caused Cadence to get stuck in infinite recursion and eventually to stack overflow.

Mitigation

The security report was immediately acknowledged and reproduced. A fix was developed and deployed to all networks.

Recognition

As core contributors to the Flow ecosystem, we take reported issues very seriously and would like to thank @bluesign for reporting the following issue responsibly through our Responsible Disclosure Policy.

2 Likes