🎉 [Gate 30 Million Milestone] Share Your Gate Moment & Win Exclusive Gifts!
Gate has surpassed 30M users worldwide — not just a number, but a journey we've built together.
Remember the thrill of opening your first account, or the Gate merch that’s been part of your daily life?
📸 Join the #MyGateMoment# campaign!
Share your story on Gate Square, and embrace the next 30 million together!
✅ How to Participate:
1️⃣ Post a photo or video with Gate elements
2️⃣ Add #MyGateMoment# and share your story, wishes, or thoughts
3️⃣ Share your post on Twitter (X) — top 10 views will get extra rewards!
👉
The Move language has a security check that contains an integer overflow vulnerability, which may lead to a denial-of-service attack.
A new integer overflow vulnerability discovered in Move language
Recently, a new integer overflow vulnerability in the Move language was discovered. This vulnerability exists during the reference safety check process in the code validation phase and could lead to denial of service attacks.
The Move language performs code verification before executing bytecode, which is divided into four steps. This vulnerability occurs during the reference safety (reference_safety) step. The reference safety check mainly verifies whether there are dangling references in the code, whether mutable reference access is safe, and whether global storage reference access is safe, among other issues.
During the verification process, each basic block will be analyzed. A basic block refers to a sequence of code that has no branch instructions except for entry and exit. Move identifies basic blocks by traversing the bytecode and looking for branch and loop instructions.
The reference security check module scans the bytecode instructions of each basic block in the function to determine whether the reference operations are legal. The main process includes: executing the basic block code, generating the post-execution state, merging and updating the block state before and after execution, and propagating it to subsequent blocks.
The vulnerability occurs during the merge state process. When the sum of the number of function parameters and local variables exceeds 256, an integer overflow occurs due to the use of u8 type storage. This leads to accessing non-existent local variables in subsequent execution, resulting in a panic.
An attacker can construct a looping basic block to exploit this overflow and change the state of the block. When executed again, accessing a non-existent local variable index will lead to a denial of service.
This vulnerability reflects that even the strictly designed Move language may have security loopholes that can be bypassed. It is recommended that Move language designers add more checks at runtime to prevent similar unexpected situations. Further research on the security of the Move language needs to be strengthened in the future.