Mask
Doppler Doppler 1626 59183 123 22059 64 41880 14304 161 17292

EIP4788 Beacon Root Audit

Neville Grech Profile Image
By Neville Grech
07.10.2023
Screenshot from 2023 10 07 12 13 43

Dedaub was commissioned by the Ethereum Foundation to perform a security audit of the bytecode of a smart contract that was introduced to the EIP-4877 in a recent change, enabling the on-chain storing and accessing of the beacon block roots of recent blocks.

The audited contract uses the block’s timestamp as a key for their parent beacon blocks’ roots. In order to bind the contract’s storage footprint, while retaining accurate information, a set of two ring buffers are used (using a HISTORY_BUFFER_LENGTH with a value of 98304):

  1. The first one stores the timestamp (i.e. the key) and is used to ensure that the result for the provided timestamp is the one that is currently stored on-chain. Its value will be stored at storage location timestamp % HISTORY_BUFFER_LENGTH.

  2. The second one is used to store the beacon root chain value for the timestamp. Ιts value will be stored at storage location HISTORY_BUFFER_LENGTH + timestamp % HISTORY_BUFFER_LENGTH.

The audited contract implements two methods, set() and get(). As the contract does not adhere to the contract ABI specification, the method to be executed is chosen based on the contract’s caller; if called by the special address 0xfffffffffffffffffffffffffffffffffffffffe, the set() function is called, while every other address the calls the get() function. Both methods accept the first 32 bytes of the call’s calldata as their arguments.


The highest severity vulnerability found during this audit is one where calling the get() function. More specifically, if this is called with a value of zero it will not fail and return the zero value back.

// get()
require(msg.data.length == 32);
require(calldata0_32 == STORAGE[calldata0_32 % 0x18000]);
return STORAGE[0x18000 + calldata0_32 % 0x18000];

Main body of the get() function

Although this does not affect the contract’s functionality for valid timestamps it can potentially lead to misuse, and funds stolen in projects that rely on this root to exist and valid. Therefore we suggested adding a special case for the zero value, in the get() function or invalidating it by storing a value in the 0th storage slot during the contract’s construction.

You can read the full audit report here.

19.02.2024

Dedaub Showcases its Web3 Security Technology at ETHDenver 2024

At ETHDenver, Dedaub will showcase its advanced security technology solutions, discuss the safety of Web3 applications, build partnerships, and share insights to enhance security standards within the Web3 ecosystem.

Start Reading
14.02.2024

Dedaub celebrates SEAL's public debut and the launch of the Safe Harbor initiative

SEAL | Dedaub, as a founding collaborator, celebrates SEAL's public debut, which marks a milestone in security. Read More.

Start Reading
07.02.2024

Bulk Storage Extraction

If you work with nodes on Ethereum or other EVM networks, you may have needed to extract storage contents for a contract.

Start Reading