chiru-labs / ERC721A

https://ERC721A.org
MIT License
2.51k stars 842 forks source link

Slither detected an incorrect shift operation #428

Closed rpajunen closed 2 years ago

rpajunen commented 2 years ago

I ran Slither on a contract using ERC721A implementation and it detected incorrect shift in assembly

ERC721A._mint(address,uint256) (node_modules/erc721a/contracts/ERC721A.sol#733-797) contains an incorrect shift operation: _packedAddressData[to] += quantity * ((1 << _BITPOS_NUMBER_MINTED) | 1) (node_modules/erc721a/contracts/ERC721A.sol#748)
ERC721A._burn(uint256,bool) (node_modules/erc721a/contracts/ERC721A.sol#917-983) contains an incorrect shift operation: _packedAddressData[from] += (1 << _BITPOS_NUMBER_BURNED) - 1 (node_modules/erc721a/contracts/ERC721A.sol#950)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#shift-parameter-mixup

Slither marks this as high severity. Is this an issue or can someone explain why it is detected by slither?

Vectorized commented 2 years ago

Not an issue.

We are doing some bitwise dark arts here.