The mulWad(uint256 x, uint256 y)
and mulWadUp(uint256 x, uint256 y)
functions use an invalid pointer to error selector in revert
.
In functions mulWad(uint256 x, uint256 y)
and mulWadUp(uint256 x, uint256 y)
we store error selector start from 0x40 (which is also incorrect, as described in the previous finding )
This means that we write 32 bytes: 28 left bytes of which are filled with zeros, because the error selector occupies only 4 right bytes.
When we want to read error selector in revert function
https://github.com/Cyfrin/2024-01-math-master/blob/84c149baf09c1558d7ba3493c7c4e68d83e7b3aa/src/MathMasters.sol#L41
we need to add 28 bytes for the pointer that we used in mstore.
Therefore, we see that pointer 0x1c
does not conform to this logic and does not point to the beginning of the error selector location.
Uninformative output when an error occurs.
Manual review.
These recommendations take into account the recommendations from the previous finding (about rewriting free memory pointer).
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.