Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: low
Invalid

mulWad() and mulWadUp() overwrites the free memory pointer and are not memory safe

Summary

mulWad() and mulWadUp() overwrites the free memory pointer and are not memory safe

Vulnerability Details

mulWad() and mulWadUp() claims to be memory-safe-assembly, but they are not memory safe. They store the error selector hash to memory 0x40 before reverting, and does not change it back

Impact

Free memory pointer will be overwrite to a large value 0xbac65e5b, if it is being used in Solidity it will tries to access memory 0xbac65e5b which will cause out of gas revert. However it revert with Yul after overwriting the free memory pointer in the contract, so it does not have such impact.

Tools Used

Manual review

Recommendations

Read from free memory pointer to check where is the free memory, and only store data to the free memory and increment the free memory pointer after storing data to the memory.

Updates

Lead Judging Commences

inallhonesty Lead Judge
over 1 year ago
patrickalphac Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.