feat: add detector for invalid memory-safe assembly annotations#2943
Open
ep0chzer0 wants to merge 2 commits intocrytic:masterfrom
Open
feat: add detector for invalid memory-safe assembly annotations#2943ep0chzer0 wants to merge 2 commits intocrytic:masterfrom
ep0chzer0 wants to merge 2 commits intocrytic:masterfrom
Conversation
ep0chzer0
force-pushed
the
feature/invalid-memory-safe-assembly
branch
3 times, most recently
from
4dadb52 to
f4dbc5c
Compare
Adds a new detector that identifies incorrect usage of the `@solidity memory-safe-assembly` annotation: - Detects annotations in regular comments (// or /* */) instead of NatSpec comments (/// or /** */), which the compiler ignores - Detects common typos in the annotation text (e.g., "memory-sage-assembly", "memory safe assembly" with spaces instead of hyphens) - Provides clear guidance on how to fix the issue The `@solidity memory-safe-assembly` annotation only works in NatSpec comments. Using it in regular comments means the compiler won't apply memory optimizations, leading to missed gas savings and false assumptions about code behavior. Fixes crytic#2780
- Add multi-line NatSpec block detection to avoid false positives - Add LANGUAGE = "solidity" to skip Vyper contracts - Remove unused filename parameter - Add deterministic result sorting - Increase search window from 10 to 20 lines - Add test cases for: - Multi-line regular comment with continuation (/* ... */) - Multi-line NatSpec with continuation (/** ... */) - Assembly in modifiers
ep0chzer0
force-pushed
the
feature/invalid-memory-safe-assembly
branch
from
f4dbc5c to
7ddb78e
Compare
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new detector (
incorrect-memory-safe) that identifies incorrect usage of the@solidity memory-safe-assemblyannotation.What it detects:
Regular comments instead of NatSpec - Annotations in
//or/* */comments are ignored by the compiler. Only NatSpec comments (///or/** */) work.Common typos - Detects misspellings like:
memory-sage-assembly(typo: 'sage' instead of 'safe')memory safe assembly(spaces instead of hyphens)memory_safe_assembly(underscores instead of hyphens)Why this matters:
The
@solidity memory-safe-assemblyannotation tells the compiler that inline assembly code follows Solidity's memory model. When valid, the compiler can apply memory optimizations. However://) instead of NatSpec (///) means the annotation is silently ignoredExample
Test Coverage
Fixes #2780
🤖 Generated with Claude Code