Incorrect implementation with respect to Documentation in some parts of the code
Summary
The implementation of the huff code is not the same as commented, nor the same as the sol version in some parts.
Vulnerability Details
In huff versions, diff is desired to be calculated using the same formula as that in the .sol version. which is recipients.offset - amounts.offset), and it is commented to be that way.
But this is not the actual code implemented. as the huff code is retrieving diff by subtracting arrays length offsets. However, in the sol version it gets diff by subtracting the offset of the first array elements in both arrays (recipients and amounts).
ARRAY.offset in YUL gets the pointer of the first element of the array. and as we can see in the huff code, it buts the comment above it to match it. but the implementation of the huff code will not subtract the offsets of the first element of both arrays. Instead, it will subtract the offsets of the lengths of each, which is not what is written in the comment above the code, nor that in sol versions.
Since the first element comes after array length by 0x20, the calculations are correct. so there is no HIGH impacts.
Impact
Conflictions and Misunderstanding
Tools Used
Manual Review
Recommendations
Update the docs to mention that we are subtracting the length offsets not the first element offsets
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.