You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The openEthereum (Parity) client however does not have this issue. A possible attacker could use this to spoof transfers to a 3rd party that solely relies on the debug_traceTransaction (callTracer) to check for internal txn transfers ether transfers taking place. This issue also affects any other explorers/exchanges/projects that rely on the same tracer
The text was updated successfully, but these errors were encountered:
For context when we did a similar trace_transaction via OE (Parity) for the same transaction hash and the result shows a correct 0 value Eth transfer instead of 10k
mtbitcoin
changed the title
Possible exploit issue with the way Geth handles the "internals transaction" tracing
Possible exploit issue with the way Geth displays the "internals transaction" tracing
Aug 26, 2020
Geth version:
1.9.18
OS & Version: Windows
This is related to the issue reported on https://twitter.com/r_ross_campbell/status/1297508597958692865?s=20
A user was able to spoof a call showing a 10k ether transfer on Rinkeby via https://rinkeby.etherscan.io/address/0x0c62da719a00659661e8c08c629897eddc72067f#code
To trace "internal txns" in geth we use the call tracer
(https://rinkeby.etherscan.io/vmtrace?txhash=0x7f8deeaff1618c372f14f3153b154d8bdd0f11816c85b2c9b3dca32cc042cf02&type=gethtrace2) which show an incorrect value of 10k ether.
The openEthereum (Parity) client however does not have this issue. A possible attacker could use this to spoof transfers to a 3rd party that solely relies on the debug_traceTransaction (callTracer) to check for internal txn transfers ether transfers taking place. This issue also affects any other explorers/exchanges/projects that rely on the same tracer
The text was updated successfully, but these errors were encountered: