Share 
## https://sploitus.com/exploit?id=C60ADEBE-644F-595D-8AD1-0EB70611C346
# solidity_CVE-2021-42574-POC
> Jan 31 2023, Altin (tin-z), github.com/tin-z

### PoC ###

POC of CVE-2021-42574 for solidity and solc compiler.

 - install

```
# solc and select 0.8.17 version (https://github.com/crytic/solc-select)
# foundry (https://github.com/foundry-rs/foundry)
```

 - deploy contract

```bash
SOLV=0.8.17
folder_t=test_open

mkdir $folder_t && \
cd $folder_t && \
forge init && \
forge install brockelmore/forge-std && \
rm test/Counter.t.sol

cp ../poc.sol src/
cp ../poc.t.sol test/
```

 - launch the poc

```bash
forge build  && \
forge test -vv
```

![t1.jpg](./img/t1.jpg)

<br>

- So for example chrome does show that `x = 42` is inside the comment

![t2.jpg](./img/t2.jpg)

<br>

- But in vim we see the right position of the text

![t3.jpg](./img/t3.jpg)

<br>

### details ###

 - https://nvd.nist.gov/vuln/detail/CVE-2021-42574
 - https://www.scyon.nl/post/trojans-in-your-source-code
 - https://github.com/ethereum/solidity/issues/10254