GalloDaSballo
commented
2 years ago I agree with the finding, however, the compiler will either refuse to compile, or simply use the data location from the actual implementation of the method (Auction).
As such, I will downgrade the finding to low severity, as it has to do with improper code / documentation more so than a functionality that can actually reduce protocol availability
Handle
pants
Vulnerability details
The function
Auction.settleAuction()claims to overrideIAuction.settleAuction(), but their arguments have different data locations.Impact
Mismatching data locations in overrides have unexpected behavior.
Proof of Concept
https://github.com/ethereum/solidity/issues/10900
Tool Used
Manual code review.
Recommended Mitigation Steps
Modify the data locations of the arguments to match between
Auction.settleAuction()andIAuction.settleAuction().