slither icon indicating copy to clipboard operation
slither copied to clipboard

Published 20 hours ago verified publisher icon crytic

[Bug]: Reference variable used to store result of address.code call

Open kevinclancy opened this issue 1 year ago • 1 comments

Describe the issue:

The IR generated for calls to the code function uses a reference variable for its lvalue. The lvalue should instead be a TMP variable because it stores a bytes value rather than a location.

Code example to reproduce the issue:

contract C {
    function test() external {
        uint z = msg.sender.code.length;
    }
}

Version:

0.9.6

Relevant log output:

INFO:Printers:Contract C
        Function C.test() (*)
                Expression: z = msg.sender.code.length
                IRs:
                        REF_0(bytes) = SOLIDITY_CALL code(address)(msg.sender)
                        REF_1(None) -> REF_0.length
                        z(uint256) := REF_1(None)

kevinclancy avatar Sep 13 '23 03:09 kevinclancy

We should probably just create a builtin for codesize

0xalpharush avatar Sep 26 '23 13:09 0xalpharush