Token-0x
First Flight #54
Beginner FriendlyDeFi
100 EXP
View all submissions
Previous Next
Submission Details
Impact: low
Likelihood: low

Yul block contains return

Author Revealed upon completion

Root + Impact

Description

  • Describe the normal behavior in one or more sentences

  • The function uses inline assembly t

    1. load the storage slot of _totalsupply

    2. Read the value via sload

    3. store it in memory at offset 0x00

    4. Retrun 32 bytess from memory using return(0x00, 0x20)

  • This ie equivqlent to a solidity return statement but optimized for gas


  • Explain the specific issue or problem in one or more sentences

  • The implementation here might be of low risk, the general use of assembly with return introduces unnecessary complexity and exosure to some compiler optimization can lead to subtle bugs


function totalSupply_() internal view returns (uint256) {
assembly {
let slot := _totalSupply.slot
let supply := sload(slot)
mstore(0x00, supply)
@> return(0x00, 0x20)
}

Risk

Likelihood: low

  • Reason 1 // Describe WHEN this will occur (avoid using "if" statements)

  • Reason 2 //the yul block does not contain a return statement, which directly invokes the RETURN opcode.

Impact:low

  • Impact 1 // assembly bypassess solidity safe checks, which makes the code prone to errors

  • Impact 2//triggers optimizer bugs or layout issues.

Proof of Concept

In high context;

adding conditions increases exploit surface area especially in proxies and libraries where storage is not structured.

assembly {
let slot := _totalSupply.slot
let supply := sload(slot)
if iszero(supply) { return(0x00, 0x20) }
sstore(slot, add(supply, 1))
mstore(0x00, supply)
return(0x00, 0x20)
}

Recommended Mitigation

Rewrite without assembly for clarity and safety(slight gas increase)
function totalsupply() internal view returns (uint256) {
return _totalsupply;
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!