Optimizer Bug Regarding Memory Side Effects of Inline Assembly

[code423n4]

Lines of code

https://github.com/ProjectOpenSea/seaport/blob/5de7302bc773d9821ba4759e47fc981680911ea0/contracts/conduit/Conduit.sol#L59

Vulnerability details

Impact

This bug only occurs under very specific conditions: the legacy optimizer must be enabled rather than the IR pipeline (true for the current project configuration), and the affected assembly blocks must not refer to any local Solidity variables

Proof of Concept

The solidity version 0.8.13 has some issues one of them is related to ‘Optimizer Bug Regarding Memory Side Effects of Inline Assembly’

Read more here Optimizer Bug Regarding Memory Side Effects of Inline Assembly

Exemple of writing in memory storage without reading after :

• Conduit.sol contract L59

The conditions are met , inline assembly are used and optimization is enabled while compiling.

Tools Used

Reading code

Recommended Mitigation Steps

Use recent Solidity version 0.8.15 (or 0.8.17 the same version used in Seaport.sol contract) which has the fix for these issues.

[0age]

contested; we use the IR pipeline on the core contracts and purposefully turn it off on the reference contracts for a point of comparison / more robust tests — the reference contracts do not contain any inline assembly!

[HickupHH3]

Looking at the HH and Foundry configs,

• core contracts are compiled on 0.8.17
• reference contracts are compiled on 0.8.13 (reference profiles) with IR off

Hence, the mentioned Conduit.sol contract does not have the specified compiler bug.

[c4-judge]

HickupHH3 marked the issue as unsatisfactory: Insufficient proof