Constantinople SSTORE vulnerability


#1

Whats the correct way to address this ?


#2

The article:

I think the proper way to fix this is to put the following restrictions on calls made without forwarding gas:

  • Changing a state variable reverts.
  • Making another call reverts.

This way we could ensure that send and transfer only move ETH (and eventually leads to some logs) and do not modify the state.
With current gas metering this is already the case.


#3

There is an in-depth discussion currently happening over on the Magicians Forum about this…


#4

Another solution would keep the old mechanics until the last step of transaction where the amount will be refunded. This means that the old sstore gas mechanics dictates how much gas must be available before and during the transaction, but the new mechanics determine how much will be available after the transaction.