Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect function modifier used leads to wrong data return

kwakudr

Summary

Incorrect function modifier used leads to wrong data returned. There are other functions with the same root cause of using pure modifier instead of view

Vulnerability Details

function load(string memory customReferralCode)
internal
pure
returns (Data storage customReferralConfigurationTestnet)
{
bytes32 slot = keccak256(abi.encode(CUSTOM_REFERRAL_CONFIGURATION_DOMAIN, customReferralCode));
assembly {
customReferralConfigurationTestnet.slot := slot
}
}

this function is marked as pure, but it's actually reading from and potentially writing to storage. Here are the issues:

  1. pure Function Modifier: The pure modifier is used for functions that don't read from or modify the contract's state. However, this function is clearly interacting with storage by setting the slot of a storage variable.

  2. Storage Access in a Pure Function: The function is returning a storage reference (Data storage customReferralConfigurationTestnet), which implies reading from or potentially writing to storage. This operation cannot be performed in a pure function.

Impact

Because the function is marked as pure, it will compile but won't actually load or return the correct data from storage. Instead, it might return uninitialized or incorrect data.

Tools Used

Manual Review

Recommendations

change the function modifier from pure to view

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.