AutoRoller.sol inherits solidity contracts from solmate FixedPointMathLib and ERC4626 , and both these uses inline assembly, and optimization is enabled while compiling.
Impact
This bug only occurs under very specific conditions: the legacy optimizer must be enabled rather than the IR pipeline (true for the current project configuration), and the affected assembly blocks must not refer to any local Solidity variables.
0xheynacho
medium
Vulnerability related to ‘Optimizer Bug Regarding Memory Side Effects of Inline Assembly’
Summary
Solidity versions 0.8.13 and 0.8.14 are vulnerable to a recently reported optimizer bug related to inline assembly. Solidity 0.8.15 has been released with a fix. https://blog.soliditylang.org/2022/06/15/inline-assembly-memory-side-effects-bug/
Vulnerability Detail
AutoRoller.sol inherits solidity contracts from solmate FixedPointMathLib and ERC4626 , and both these uses inline assembly, and optimization is enabled while compiling.
Impact
This bug only occurs under very specific conditions: the legacy optimizer must be enabled rather than the IR pipeline (true for the current project configuration), and the affected assembly blocks must not refer to any local Solidity variables.
Code Snippet
https://github.com/sherlock-audit/2023-01-ajna-0xheynacho/tree/main/contracts/src
Tool used
Manual Review
Recommendation
use Solidity versions 0.8.15