{"id":18649,"date":"2026-03-25T14:32:48","date_gmt":"2026-03-25T14:32:48","guid":{"rendered":"https:\/\/cryptoted.net\/index.php\/2026\/03\/25\/analysis-of-storage-corruption-bug\/"},"modified":"2026-03-25T14:32:48","modified_gmt":"2026-03-25T14:32:48","slug":"analysis-of-storage-corruption-bug","status":"publish","type":"post","link":"https:\/\/cryptoted.net\/index.php\/2026\/03\/25\/analysis-of-storage-corruption-bug\/","title":{"rendered":"Analysis of Storage Corruption Bug"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"\">\n<p class=\"chakra-text css-gi02ar\">This blog post provides\u00a0an update on\u00a0our findings following the discovery of the storage corruption bug last week. In\u00a0summary, the bug\u00a0was\u00a0much less severe than we initially thought. The small number of affected contracts we found is either only exploitable by the owner, or the exploit can only cause a disruption in the user interface and not in the actual contract logic. All exploitable contracts\/dapps we reviewed can be fixed without having to upgrade the contract itself. Of course, please still check your contracts to be safe.<\/p>\n<p class=\"chakra-text css-gi02ar\">Following the discovery of the storage corruption bug in the Solidity compiler and the realization that it may\u00a0have serious effects on already-deployed contracts\u00a0that\u00a0cannot be updated, we started analyzing how common the bug is and how exploitable contracts can be addressed.<\/p>\n<p class=\"chakra-text css-gi02ar\">We focused on contracts with source code published on etherscan because important or popular smart contracts usually have their source code published there in order to gain trust from their users, who can then verify the compilation. Furthermore, if the source code is not available, it is also much harder for an attacker to find a suitable exploit. Finally, contracts that are privately used (and thus do not require publishing their source code) usually check that they are called from a certain address, and thus an attacker has no means to write to their storage.<\/p>\n<p class=\"chakra-text css-gi02ar\">In order to automate the process of checking all contracts on etherscan, we created a modified version of the Solidity compiler that can automatically detect the conditions for triggering the bug. This technique\u00a0has already reduced the number of potentially vulnerable contracts\u00a0to 167. We then manually checked\u00a0those contracts for\u00a0potential corruption of storage that would make them vulnerable to attacks.<\/p>\n<p class=\"chakra-text css-gi02ar\">It turns out that only ten\u00a0contracts were\u00a0vulnerable, so\u00a0we were able to contact most of the contract owners\/developers. Seven out of ten\u00a0of those contracts\u00a0are only exploitable by the owner in that they are allowed to change certain parameters outside their permitted\u00a0range,\u00a0or allowed to unlock a previously locked contract. One contract is exploitable by unprivileged users but have other major flaws in its design. The other two\u00a0contracts found to be\u00a0exploitable by unprivileged users either provided no advantages if exploited or only\u00a0affected\u00a0the user interface.<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"why-are-only-so-few-contracts-exploitable\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"why are only so few contracts exploitable permalink\" href=\"#why-are-only-so-few-contracts-exploitable\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a><strong>Why are only so few contracts exploitable?<\/strong><\/h2>\n<p>First, let us define what we mean by &#8220;exploitable&#8221;:<\/p>\n<p class=\"chakra-text css-gi02ar\">The storage corruption bug is exploitable if it can be used to modify a variable in storage in a way that would not be possible without the bug, and this modification has consequences for the behaviour and use of the smart contract. For example,\u00a0we do not consider a contract exploitable in the following situations:<\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\">The same account would be able to overwrite the variable in the same state of the contract by regular means.<\/li>\n<li class=\"css-0\">Overwriting can only happen at construction time (note that\u00a0we did not check whether overwriting occurred\u00a0at that time).<\/li>\n<li class=\"css-0\">Overwriting is only triggered in unlikely situations where the contract logic was\u00a0broken anyway\u00a0(for example, a 32-bit counter that is incremented once per block, oveflows).<\/li>\n<li class=\"css-0\">Variables can be overwritten that are unused in the smart contract and look non-critical,\u00a0but may be part of the\u00a0public interface.<\/li>\n<\/ul>\n<p>Why is\u00a0this critical bug only exploitable in so few cases?<\/p>\n<p class=\"chakra-text css-gi02ar\">It\u00a0is\u00a0a combination of the following factors that together multiply and dramatically reduce the probability of exploitability.<\/p>\n<ol role=\"list\" class=\"css-vgl4zd\">\n<li class=\"css-0\">Since small types only provide an advantage in very rare cases, they are seldomly used.<\/li>\n<li class=\"css-0\">Small types must\u00a0be adjacent to each other in storage \u2013\u00a0a single large type in between them prevents the bug from being triggered.<\/li>\n<li class=\"css-0\">State variables are often assigned one after the other, which removes the corruption at the second assignment.<\/li>\n<li class=\"css-0\">The combination of &#8220;address&#8221; and &#8220;bool&#8221; is most common among the cases that are left, but here, the address variable is often an &#8220;owner&#8221; that\u00a0is assigned from <span class=\"chakra-text css-ons8vw\">msg.sender<\/span> and thus not exploitable. Even if the owner can be changed, the flag is often a flag that can be still be set by the owner through other means.<\/li>\n<\/ol>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"how-to-fix-affected-contracts\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"how to fix affected contracts permalink\" href=\"#how-to-fix-affected-contracts\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>How to fix affected contracts<\/h2>\n<p>A large majority of the exploitable contracts are only exploitable by the contract owner, administrator or developer, particularly though a single function that allows the owner to be changed. The exploit allows a further escalation of privileges for the owner. In order to prevent the owner from taking advantage of this exploit,\u00a0a\u00a0proxy contract can be installed between the owner and the affected contract. This proxy contract forwards calls from the owner, but\u00a0disallows calling the exploitable functions. If calling the exploitable functions is still necessary, the proxy contract\u00a0can prevent malicious data from\u00a0being forwarded to the contract.<\/p>\n<p class=\"chakra-text css-gi02ar\">If you have specific questions or concerns regarding your contracts, please contact us on <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/gitter.im\/ethereum\/solidity\">gitter<\/a>.<\/p>\n<hr aria-orientation=\"horizontal\" class=\"chakra-divider css-1e6gg7n\"\/>\n<p class=\"chakra-text css-gi02ar\"><strong>A FRIENDLY IMPORTANT NOTE\u00a0FROM LEGAL<\/strong><br \/>\nThe statements in this post are recommendations to address the storage corruption bug in the Solidity compiler. As you know, we are working in an emergent and evolving technical space. The same elements that make this work exciting \u2013 the innovation, the impact, the growing understanding of how contracts function \u2013 are the same ones that make it risky. If you choose to implement the recommendations in this post and continue to participate, you should make sure you understand how it impacts your specific contract and you should understand that there are risks involved. By choosing to implement these recommendations, you alone assume the risks of the consequences.<\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/blog.ethereum.org\/en\/2016\/11\/09\/analysis-storage-corruption-bug\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog post provides\u00a0an update on\u00a0our findings following the discovery of the storage corruption bug last week. In\u00a0summary, the bug\u00a0was\u00a0much less severe than we initially thought. The small number of affected contracts we found is either only exploitable by the owner, or the exploit can only cause a disruption in the user interface and not [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":18498,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[24],"tags":[],"kronos_expire_date":[],"class_list":["post-18649","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethereum"],"_links":{"self":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/18649","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/comments?post=18649"}],"version-history":[{"count":0,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/18649\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media\/18498"}],"wp:attachment":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media?parent=18649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/categories?post=18649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/tags?post=18649"},{"taxonomy":"kronos_expire_date","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/kronos_expire_date?post=18649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}