solidity_CVE-2021-42574-POC

Jan 31 2023, Altin (tin-z), github.com/tin-z

PoC

POC of CVE-2021-42574 for solidity and solc compiler.

• install

# solc and select 0.8.17 version (https://github.com/crytic/solc-select)
# foundry (https://github.com/foundry-rs/foundry)

• deploy contract

SOLV=0.8.17
folder_t=test_open

mkdir $folder_t && \
cd $folder_t && \
forge init && \
forge install brockelmore/forge-std && \
rm test/Counter.t.sol

cp ../poc.sol src/
cp ../poc.t.sol test/

• launch the poc

forge build  && \
forge test -vv

• So for example chrome does show that x = 42 is inside the comment

• But in vim we see the right position of the text

details

• https://nvd.nist.gov/vuln/detail/CVE-2021-42574
• https://www.scyon.nl/post/trojans-in-your-source-code
• ethereum/solidity#10254