Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
🦀 crates.io

GHSA-853p-5678-hv8f

MEDIUM

ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

Also known asCVE-2023-34449
Published
Jun 14, 2023
Updated
Nov 8, 2023
Affected
2 pkgs
Patched
2 / 2
Exploits
3 known

EPSS Exploitation Probability

via FIRST.org ↗
1.0%probability of exploitation in next 30 days
Lower Risk57th percentile+0.73%
0.00%0.49%0.98%1.47%0.2%1.0%Dec 25Apr 26Jun 26

EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.

Blast Radius

2 pkgs affected
🦀ink🦀ink_env

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects crates.io packages — download data is not available via public APIs for these ecosystems.

Description

Summary

The return value when using delegate call mechanics, either through CallBuilder::delegate or ink_env::invoke_contract_delegate, is being decoded incorrectly.

Description

Consider this minimal example:

// First contract, this will be performing a delegate call to the `Callee`.
#[ink(storage)]
pub struct Caller {
    value: u128,
}

#[ink(message)]
pub fn get_value(&self, callee_code_hash: Hash) -> u128 {
    let result = build_call::<DefaultEnvironment>()
        .delegate(callee_code_hash)
        .exec_input(ExecutionInput::new(Selector::new(ink::selector_bytes!(
            "get_value"
        ))))
        .returns::<u128>()
        .invoke();

    result
}

// Different contract, using this code hash for the delegate call.
#[ink(storage)]
pub struct Callee {
    value: u128,
}

#[ink(message)]
pub fn get_value(&self) -> u128 {
    self.value
}

In this example we are executing the Callee code in the context of the Caller contract. This means we'll be using the storage values of the Caller contract.

Running this code we expect the delegate call to return value as it was stored in the Caller contract. However, due to the reported bug a different value is returned (for the case of uints it is 256 times the expected value).

Impact

After conducting an analysis of the on-chain deployments of ink! contracts on Astar, Shiden, Aleph Zero, Amplitude and Pendulum, we have found that no contracts on those chains have been affected by the issue.

This bug was related to the mechanics around decoding a call's return buffer, which was changed as part of https://github.com/paritytech/ink/pull/1450. Since this feature was only released in ink! 4.0.0 no previous versions are affected.

Mitigations

If you have an ink! 4.x series contract, please update it to the 4.2.1 patch release that we just published.

Credits

Thank you Facundo Lerena from CoinFabrik for reporting this problem in a well-structured and responsible way.

Affected Packages

2 total 2 fixed
EcosystemPackageVulnerable rangeFix
🦀crates.ioink4.0.0&&< 4.2.14.2.1
🦀crates.ioink_env4.0.0&&< 4.2.14.2.1
Exploits & PoCs
3

Research use only. For defensive security, authorized penetration testing, and academic research only. Never execute exploit code against systems without explicit written authorization.

ink! is an embedded domain specific language to write smart contracts in…

docs.rsNVDJun 2023

ink! is an embedded domain specific language to write smart contracts in…

github.comNVDJun 2023

ink! is an embedded domain specific language to write smart contracts in…

docs.rsNVDJun 2023

Detection & mitigation playbook

Open-source dependency

  1. Detect

    Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for ink. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

  2. Fix

    Update ink to 4.2.1 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-853p-5678-hv8f is resolved across your whole dependency graph.

  3. Workarounds

    If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

  4. How O3 protects you

    O3 pinpoints whether GHSA-853p-5678-hv8f is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-853p-5678-hv8f. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

### Summary The return value when using delegate call mechanics, either through [`CallBuilder::delegate`](https://docs.rs/ink_env/4.2.0/ink_env/call/struct.CallBuilder.html#method.delegate) or [`ink_env::invoke_contract_delegate`](https://docs.rs/ink_env/4.2.0/ink_env/fn.invoke_contract_delegate.html), is being decoded incorrectly. ### Description Consider this minimal example: ```rust // First contract, this will be performing a delegate call to the `Callee`. #[ink(storage)] pub struct Caller { value: u128, } #[ink(message)] pub fn get_value(&self, callee_code_hash: Hash) -> u128 {
O3 Security · Impact-Aware SCA

Is GHSA-853p-5678-hv8f in your dependencies?

O3 detects GHSA-853p-5678-hv8f across crates.io dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.

Scan my dependencies How O3 SCA works