Solidity Attack Vector #22: Short Address Attack

This vulnerability exploitation targets the way the EVM handles ABI-encoded parameters of varying lengths.

The Mechanism

If an address is provided with trailing zeros missing, the EVM will 'pad' the end of the data with zeros from the next parameter.

Imagine a transfer function: transfer(address _to, uint256 _amount).

If _to is shortened, the EVM pulls the first byte of _amount into the address, and the remaining bytes of _amount are shifted, effectively multiplying the amount by 256.

Defense

Modern versions of Solidity and libraries like OpenZeppelin handle this automatically in the high-level transfer functions. However, if you are writing custom low-level calls, always validate the msg.data.length.