Hardcoding string offset slot is not a good approach
Vulnerability Details
In our library Cairo.sol, we are getting the length of the string by reading the offset 0x20 directly without knowing if this is the correct memory slot that contains the length or not.
Encoding string variables always puts the length offset in the first slot 0x00 and in this slot (0x00) the length slot value is written, which always comes directly after it in most and normal encodings (i.e 0x20).
Although this is the normal encoding string method, the offset contains the length slot which can come after it directly, or after escaping on the slot, 2 slots, ... So we cannot guarantee that the string encoding is always putting the length value at slot 0x20.
This will result in a wrong encoding of the string. which will make incorrect results when encoding string values.
Recommendations
Retrieve the length slot from the offset first, and then use it to read the string value and pack it, instead of directly reading it from slot 0x20.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.