core/vm: handle error if authorized is a contract address

maticnetwork · Apr 22, 2024 · 0c16e6d · 0c16e6d
1 parent 7077d0c
commit 0c16e6d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/core/vm/eips.go b/core/vm/eips.go
@@ -371,6 +371,12 @@ func opAuth(pc *uint64, interpreter *EVMInterpreter, scope *ScopeContext) ([]byt
 		copy(commit[:], data[65:])
 	}
 
+	// Verify if the provided authority address isn't a contract
+	if code := interpreter.evm.StateDB.GetCode(authority); len(code) != 0 {
+		scope.Stack.push(uint256.NewInt(0))
+		return nil, ErrAuthorizedIsContract
+	}
+
 	// Build original auth message.
 	msg := []byte{params.AuthMagic}
 	msg = append(msg, common.LeftPadBytes(interpreter.evm.chainConfig.ChainID.Bytes(), 32)...)

diff --git a/core/vm/errors.go b/core/vm/errors.go
@@ -37,6 +37,7 @@ var (
 	ErrGasUintOverflow          = errors.New("gas uint64 overflow")
 	ErrInvalidCode              = errors.New("invalid code: must not begin with 0xef")
 	ErrNonceUintOverflow        = errors.New("nonce uint64 overflow")
+	ErrAuthorizedIsContract     = errors.New("authcall with authorized as a contract address")
 	ErrAuthorizedNotSet         = errors.New("authcall without setting authorized")
 
 	// errStopToken is an internal token indicating interpreter loop termination,