Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/finding #18 Prevent Memory Overwrite in withdrawDepositTo Function #125

Conversation

Aboudjem
Copy link
Contributor

@Aboudjem Aboudjem commented Aug 1, 2024

This PR addresses the memory overwrite issue identified in finding #18. The problem arises in the withdrawDepositTo function where the amount argument overwrites part of the free memory pointer, leading to potential out-of-gas reverts due to quadratic memory expansion costs. Additionally, this could prevent the actual revert return data from bubbling up.

Changes Made:

  1. Updated the withdrawDepositTo function to store the free memory pointer at the beginning of the assembly block.
  2. Modified the return data handling to use the stored free memory pointer, ensuring accurate return data copying and reverting.

Copy link

openzeppelin-code bot commented Aug 1, 2024

Fix/finding #18 Prevent Memory Overwrite in withdrawDepositTo Function

Generated at commit: ec1d3b027dae7523af68da33326df06c649d14cd

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total
0
1
0
6
24
31

For more details view the full report in OpenZeppelin Code Inspector

Copy link

codecov bot commented Aug 1, 2024

Codecov Report

Attention: Patch coverage is 61.53846% with 10 lines in your changes missing coverage. Please review.

Project coverage is 75.60%. Comparing base (80d3913) to head (902c284).
Report is 38 commits behind head on remediations/cantina-spearbit.

Files Patch % Lines
contracts/base/BaseAccount.sol 0.00% 8 Missing ⚠️
contracts/base/ExecutionHelper.sol 87.50% 2 Missing ⚠️
Additional details and impacted files
@@                        Coverage Diff                        @@
##           remediations/cantina-spearbit     #125      +/-   ##
=================================================================
+ Coverage                          72.19%   75.60%   +3.41%     
=================================================================
  Files                                 13       13              
  Lines                                694      664      -30     
  Branches                             150      153       +3     
=================================================================
+ Hits                                 501      502       +1     
+ Misses                               193      162      -31     
Files Coverage Δ
contracts/Nexus.sol 63.06% <100.00%> (ø)
contracts/base/ModuleManager.sol 83.73% <100.00%> (+0.09%) ⬆️
contracts/base/ExecutionHelper.sol 58.16% <87.50%> (+1.78%) ⬆️
contracts/base/BaseAccount.sol 59.45% <0.00%> (-1.66%) ⬇️

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0070740...902c284. Read the comment docs.

@livingrockrises
Copy link
Contributor

the linked issue is wrong ser. #18 goes to github issue number 18

@livingrockrises
Copy link
Contributor

shouldn't you/we open an issue on solady repo and validate and discuss this there as well?

Copy link
Contributor

@livingrockrises livingrockrises left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

review i

Base automatically changed from fix/finding-2-salt-determinism to remediations/cantina-spearbit August 16, 2024 13:30
Copy link

🤖 Slither Analysis Report 🔎

Slither report

# Slither report

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary
🟡 - locked-ether (1 results) (Medium)

locked-ether

🟡 Impact: Medium
🔴 Confidence: High

utils/RegistryBootstrap.sol#L33-L165

constable-states

Impact: Optimization
🔴 Confidence: High

base/RegistryAdapter.sol#L12

factory/RegistryFactory.sol#L39

_This comment was automatically generated by the GitHub Actions workflow._

@livingrockrises livingrockrises merged commit 45feee0 into remediations/cantina-spearbit Aug 19, 2024
7 of 10 checks passed
@livingrockrises livingrockrises deleted the fix/finding-18-withdraw-deposit-memory branch August 19, 2024 03:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants