SOLIDITY VERSION 0.8.13 HAS KNOWN ISSUES APPLICABLE TO frankendao due of the use of .push()
that lead to a Bug when Copying Dirty Bytes Arrays to Storage
Vulnerability Detail
Most instances of copying bytes arrays from memory or calldata to storage can be affected in the sense that they may write dirty values. Those dirty values in storage only become visible, if there are empty .push()es to the bytes array (in older version also assignments to its .length field) and the resulting elements are assumed to be zero without actually writing to them.
0xheynacho
medium
Bug when Copying Dirty Bytes Arrays to Storage
Summary
SOLIDITY VERSION 0.8.13 HAS KNOWN ISSUES APPLICABLE TO frankendao due of the use of .push() that lead to a Bug when Copying Dirty Bytes Arrays to Storage
Vulnerability Detail
Most instances of copying bytes arrays from memory or calldata to storage can be affected in the sense that they may write dirty values. Those dirty values in storage only become visible, if there are empty .push()es to the bytes array (in older version also assignments to its .length field) and the resulting elements are assumed to be zero without actually writing to them.
https://blog.soliditylang.org/2022/06/15/dirty-bytes-array-to-storage-bug/
Impact
legacy code generation pipeline to generate code that may write dirty values to storage when copying bytes arrays from calldata or memory.
Code Snippet
https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/ERC20PoolFactory.sol#L71 https://github.com/sherlock-audit/2023-01-ajna/blob/main/contracts/src/ERC721PoolFactory.sol#L97
Tool used
Manual Review
Recommendation
update version up to 0.8.15