search

sherlock-audit / 2022-11-nounsdao-judging

4 stars 0 forks source link

0xSmartContract - Vulnerability related to 'Optimizer Bug Regarding Memory Side Effects of Inline Assembly’ #33

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

0xSmartContract

medium

Vulnerability related to 'Optimizer Bug Regarding Memory Side Effects of Inline Assembly’

Summary

Vulnerability related to 'Optimizer Bug Regarding Memory Side Effects of Inline Assembly’

Ref : https://blog.soliditylang.org/2022/06/15/solidity-0.8.15-release-announcement/

Nounsdao inherits solidity contracts from solady use inline assembly, and optimization is enabled while compiling

Vulnerability Detail

assembly-memory-side-effects-bug

Impact

Code Snippet

A potentially severely affected pattern would be to reserve static memory at the beginning of the transaction by a write to the free memory pointer (which will be removed due to the bug):

LibClone.sol#L96-L102

lib/solady/src/utils/LibClone.sol:
   95              mstore(0x00, 0x602c3d8160093d39f33d3d3d3d363d3d37363d73)
   96:             instance := create(0, 0x0c, 0x35)
   97:             // Restore the part of the free memory pointer that has been overwritten.
   98:             mstore(0x21, 0)
   99:             // If `instance` is zero, revert.
  100:             if iszero(instance) {
  101:                 // Store the function selector of `DeploymentFailed()`.
  102:                 mstore(0x00, 0x30116425)
  103:                 // Revert with (offset, size).
  104:                 revert(0x1c, 0x04)
  105:             }

Tool used

Manual Review

Recommendation

Use recent Solidity version 0.8.17 which has the fix for issue

davidbrai commented 1 year ago

the project is already configured to use solc 0.8.17: https://github.com/sherlock-audit/2022-11-nounsdao/blob/main/foundry.toml#L5

is this issue still relevant?