mulWad() and mulWadUp() overwrites the free memory pointer and are not memory safe
mulWad() and mulWadUp() claims to be memory-safe-assembly
, but they are not memory safe. They store the error selector hash to memory 0x40 before reverting, and does not change it back
Free memory pointer will be overwrite to a large value 0xbac65e5b
, if it is being used in Solidity it will tries to access memory 0xbac65e5b
which will cause out of gas revert. However it revert with Yul after overwriting the free memory pointer in the contract, so it does not have such impact.
Manual review
Read from free memory pointer to check where is the free memory, and only store data to the free memory and increment the free memory pointer after storing data to the memory.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.