vyper icon indicating copy to clipboard operation
vyper copied to clipboard

Published 20 hours ago verified publisher icon vyperlang

Useless memory allocation bug in RawCall

Open cyberthirst opened this issue 1 year ago • 1 comments

Submitted by KuroHashDit.

Summary

RawCall has a bug that allocates useless memory.

Vulnerability Details

prototype of raw_call: raw_call(to: address, data: Bytes, max_outsize: uint256 = 0, gas: uint256 = gasLeft, value: uint256 = 0, is_delegate_call: bool = False, is_static_call: bool = False, revert_on_failure: bool = True)→ Bytes[max_outsize]

vyper/vyper/builtins/functions.py

def build_IR(self, expr, args, kwargs, context):
    to, data = args
    # TODO: must compile in source code order, left-to-right
    gas, value, outsize, delegate_call, static_call, revert_on_failure = (
        kwargs["gas"],
        kwargs["value"],
        kwargs["max_outsize"],
        kwargs["is_delegate_call"],
        kwargs["is_static_call"],
        kwargs["revert_on_failure"],
    )


    ........


    output_node = IRnode.from_list(
        context.new_internal_variable(BytesT(outsize)), typ=BytesT(outsize), location=MEMORY
    )

At line 1143, when out_size is 0, a memory of type BytesT(0) will be allocated here with a size of 32 bytes and will never be used. So this should be corrected.

Impact

Low Risk

cyberthirst avatar Apr 15 '24 07:04 cyberthirst

Dup of CS-VYPER_DECEMBER_2023-015 (no issue opened for it so good to keep this one)

trocher avatar Apr 22 '24 16:04 trocher