Skip to main content
Ethereum

Questions tagged [call-depth-attacks]

Ask Question

No longer possible with EIP 150. Questions related to "call depth attacks", sometimes called "call stack attack", that uses the EVM's depth limit of 1024 calls to trick contracts into believing something that may not have happened. https://github.com/LeastAuthority/ethereum-analyses/blob/master/GasEcon.md#callstack-depth-limit-errors

10 questions
Newest Active Bountied Unanswered
8 votes
1 answer
1k views

From the solidity docs: Calls are limited to a depth of 1024, which means that for more complex operations, loops should be preferred over recursive calls. Furthermore, only 63/64th of the gas can ...
Paul Razvan Berg's user avatar
  • 19.6k
0 votes
1 answer
1k views

I cannot find any good source on this. The "normal" stack is where all PUSH opcodes put their bytes on. The "call stack" could be some other stack where either call data or addresses are put on - ...
JBrouwer's user avatar
  • 1,072
0 votes
1 answer
647 views

In the past it was possible to reach call stack depth 1024 in EVM. However I heard that now it is impossible due to gas costs. Is this true?
JBrouwer's user avatar
  • 1,072
3 votes
1 answer
1k views

I was reading the paper at http://www.comp.nus.edu.sg/~loiluu/papers/oyente.pdf and it mentions callstack bugs where since the call depth is set at 1024, a contract may be able to call itself 1023 ...
ZhouW's user avatar
  • 1,358
6 votes
1 answer
323 views

I am trying to replicate the attack I found here: Reproducing stack depth attack contract Attacker { Victim public victimContract; uint x; function Attacker(){ victimContract = (new Victim)....
Gawnie's user avatar
  • 331
4 votes
2 answers
496 views

Victim contract allows one time withdraw only. I want to attack it using stack depth attack to withdraw everything it has. I've tried different things, but can't get the desired result. Here's where I'...
manidos's user avatar
  • 4,308
2 votes
1 answer
119 views

This post What was the second vulnerability used in The DAO attack on 17 June 2016? say : And from the Q&A [...], each of the transactions (the first and second at least from my manual ...
ltheron's user avatar
  • 183
8 votes
1 answer
3k views

If my contract has a payout function like this address bossAddress; address employeeAddress; uint256 bossSalary; uint256 employeeSalary; function payout (){ if (msg.sender==bossAddress){ ...
shiso's user avatar
  • 1,036
50 votes
3 answers
10k views

What is a recursive calling vulnerability exactly? When creating smart contracts, DAOs or DAPPs, what measures can I take to ensure I am not vulnerable?
user36100's user avatar
  • 603
12 votes
1 answer
3k views

From a blogpost on security from Christian Reitwiessner: Because of the maximal stack depth of 1024 the new bidder can always increase the stack size to 1023 and then call bid() which will cause the ...
mKoeppelmann's user avatar
  • 7,656