search

code-423n4 / 2024-08-wildcat-findings

3 stars 1 forks source link

QA Report #112

Closed howlbot-integration[bot] closed 1 month ago

howlbot-integration[bot] commented 2 months ago

See the markdown file with the details of this report here.

3docSec commented 1 month ago

L-01 Informational, ignoring L-02 OK L-03 The explanation is very nice and convincing, but the suggested fix happens to break 26 of the protocol's unit tests L-04 It is sufficient to run the suggested code to show that the current implementation is correct and the suggestion is instead harmful:

  function test112() external {
    this.version();
    this.version2();
  }

  function version() external pure returns (string memory) {
    assembly {
      mstore(0x40, 0)
      mstore(0x41, 0x0132)
      mstore(0x20, 0x20)
      return(0x20, 0x60)
    }
  }
  function version2() external pure returns (string memory) {
    assembly {
      // Allocate memory for the string
      mstore(0x40, add(mload(0x40), 0x20))
      // Set the length of the string (1 byte for "2")
      mstore(0x20, 1)
      // Store the ASCII value of "2" at the correct position
      mstore8(0x21, 0x32) // ASCII for "2" is 0x32
      // Return the memory starting at 0x20 with a length of 0x21 bytes
      return(0x20, 0x21)
    }
  }
Traces:
  [2029] WildcatMarketTokenTest::test112()
    ├─ [262] WildcatMarketTokenTest::version() [staticcall]
    │   └─ ← [Return] "2"
    ├─ [312] WildcatMarketTokenTest::version2() [staticcall]
    │   └─ ← [Return] 0x003200000000000000000000000000000000000000000000000000000000000100
    └─ ← [Revert] EvmError: Revert

Stopping here, harmful suggestions are not welcome in QC reports, however cool they may look.

c4-judge commented 1 month ago

3docSec marked the issue as grade-c