A potentially severely affected pattern would be to reserve static memory at the beginning of the transaction by a write to the free memory pointer (which will be removed due to the bug):
lib/solady/src/utils/LibClone.sol:
95 mstore(0x00, 0x602c3d8160093d39f33d3d3d3d363d3d37363d73)
96: instance := create(0, 0x0c, 0x35)
97: // Restore the part of the free memory pointer that has been overwritten.
98: mstore(0x21, 0)
99: // If `instance` is zero, revert.
100: if iszero(instance) {
101: // Store the function selector of `DeploymentFailed()`.
102: mstore(0x00, 0x30116425)
103: // Revert with (offset, size).
104: revert(0x1c, 0x04)
105: }
Tool used
Manual Review
Recommendation
Use recent Solidity version 0.8.17 which has the fix for issue
0xSmartContract
medium
Vulnerability related to 'Optimizer Bug Regarding Memory Side Effects of Inline Assembly’
Summary
Vulnerability related to 'Optimizer Bug Regarding Memory Side Effects of Inline Assembly’
Ref : https://blog.soliditylang.org/2022/06/15/solidity-0.8.15-release-announcement/
Nounsdao inherits solidity contracts from solady use inline assembly, and optimization is enabled while compiling
Vulnerability Detail
assembly-memory-side-effects-bug
Impact
Code Snippet
A potentially severely affected pattern would be to reserve static memory at the beginning of the transaction by a write to the free memory pointer (which will be removed due to the bug):
LibClone.sol#L96-L102
Tool used
Manual Review
Recommendation
Use recent Solidity version 0.8.17 which has the fix for issue