Open hats-bug-reporter[bot] opened 2 weeks ago
I think you are referring to https://soliditylang.org/blog/2023/07/19/missing-side-effects-on-selector-access-bug/ From my understanding, the use of selectors does not fit the case where a bug can arise. This is also supported by the fact that the behaviour seems to be working. If you believe there is a bug, please show this selector being incorrect.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xfee5e29fa0689fb6e30d72e0fd7ea63c5ef4d2a07614fa45e5fcb1ab90f4cb37 Severity: low
Description:
Solidity Version Susceptible to .selector-related Optimizer Bug
Description
The
CrossChainProofOfHumanity
contract is using Solidity version 0.8.20, which is susceptible to a .selector-related optimizer bug. This bug can potentially lead to incorrect code generation when using .selector in certain contexts, particularly when a function call is used instead of a direct contract name for selector lookup. While the impact is generally low and affects uncommon code patterns, it's important to address this issue to ensure the contract functions correctly and securely in all scenarios.Attack Scenario
In the current implementation, the .selector is used in the
updateHumanity
andtransferHumanity
functions when encoding function calls for cross-chain communication. While the usage in this contract is likely safe, there's a small risk that the optimizer could generate incorrect code, potentially leading to unexpected behavior in edge cases or future modifications of the contract.Proof of Concept
The vulnerable code is present in two locations:
Revised Code File
By updating to Solidity 0.8.21 or later, we can eliminate the risk associated with the .selector-related optimizer bug, ensuring that the contract functions as intended in all scenarios, including potential future modifications or edge cases.