jtoman

jtoman@jtoman-Latitude-E5440 ~/sources/soot $ mvn -X package
Apache Maven 3.3.9
Maven home: /usr/share/maven
Java version: 1.8.0_162, vendor: Oracle Corporation
Java home: /usr/lib/jvm/java-8-openjdk-amd64/jre
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "4.13.0-37-generic", arch: "amd64", family: "unix"
[DEBUG] Created new class realm maven.api
[DEBUG] Importing foreign packages into class realm maven.api
[DEBUG]   Imported: javax.enterprise.inject.* < plexus.core

jtoman

package edu.washington.cse.instrumentation.dacapo;

/*
This is free and unencumbered software released into the public domain.

Anyone is free to copy, modify, publish, use, compile, sell, or
distribute this software, either in source code form or as a compiled
binary, for any purpose, commercial or non-commercial, and by any
means.

jtoman

# This is free and unencumbered software released into the public domain.

# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
# binary, for any purpose, commercial or non-commercial, and by any
# means.

# In jurisdictions that recognize copyright laws, the author or authors
# of this software dedicate any and all copyright interest in the
# software to the public domain. We make this dedication for the benefit

jtoman

Incorrect Calldata Validation in Inter-Contract Communication - Certora Bug Disclosure

John Toman, VP of R&D at Certora, discovered a previously unknown code generation bug in the Solidity compiler (version 8.13 and lower). This bug allows maliciously crafted calldata buffers to cause victim contracts to incorrectly introduce extra information into their own external calls.

Background

Inter-Contract Communication