Built-in `shift()` function will fail if passed a negative integer at compile time
Summary
The built-in shift() function accepts an INT256 as an input, which are accounted for and work fine at runtime. However, there is a compile time check that causes a revert if a negative literal is passed to the function.
Vulnerability Details
In the evaluate() method, which is used when shift() is evaluated at compile time, there is the following check:
However, the function is intended to accept INT256 as an argument:
This is properly handled in the build_IR() method, but fails when evaluate() is called at compile time.
Impact
Contracts that shift a negative literal and attempt to evaluate the expression at compile time will fail to compile.
Tools Used
Manual Review
Recommendations
The ideal option would be to update the evaluate() method to handle negative integers.
Alternatively, given the shift() function is deprecated and may not justify the extra work, the easiest solution is to simply raise UnfoldableNote for values between type(int256).min and 0, which will skip evaluation and leave the function to be evaluated at runtime.
Lead Judging Commences
Built-in `shift()` function will fail if passed a negative integer at compile time
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.