NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add memory side effects notes when using function pointers (#5174)

Browse Source
This commit is contained in:
Ernesto García
2024-08-30 05:44:05 -06:00
committed by GitHub
parent a9161aa93f
commit 83f954d8c4
4 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
contracts/utils/Arrays.sol
View File

@ -26,6 +26,8 @@ library Arrays {
* array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
* when executing this as part of a transaction. If the array being sorted is too large, the sort operation may * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
* consume more gas than is available in a block, leading to potential DoS. * consume more gas than is available in a block, leading to potential DoS.
*
* IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
*/ */
function sort( function sort(
uint256[] memory array, uint256[] memory array,
@ -53,6 +55,8 @@ library Arrays {
* array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
* when executing this as part of a transaction. If the array being sorted is too large, the sort operation may * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
* consume more gas than is available in a block, leading to potential DoS. * consume more gas than is available in a block, leading to potential DoS.
*
* IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
*/ */
function sort( function sort(
address[] memory array, address[] memory array,
@ -80,6 +84,8 @@ library Arrays {
* array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
* when executing this as part of a transaction. If the array being sorted is too large, the sort operation may * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
* consume more gas than is available in a block, leading to potential DoS. * consume more gas than is available in a block, leading to potential DoS.
*
* IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
*/ */
function sort( function sort(
bytes32[] memory array, bytes32[] memory array,

3
contracts/utils/cryptography/MerkleProof.sol
View File

@ -20,6 +20,9 @@ import {Hashes} from "./Hashes.sol";
* OpenZeppelin's JavaScript library generates Merkle trees that are safe * OpenZeppelin's JavaScript library generates Merkle trees that are safe
* against this attack out of the box. * against this attack out of the box.
* *
* IMPORTANT: Consider memory side-effects when using custom hashing functions
* that access memory in an unsafe way.
*
* NOTE: This library supports proof verification for merkle trees built using * NOTE: This library supports proof verification for merkle trees built using
* custom _commutative_ hashing functions (i.e. `H(a, b) == H(b, a)`). Proving * custom _commutative_ hashing functions (i.e. `H(a, b) == H(b, a)`). Proving
* leaf inclusion in trees built using non-commutative hashing functions requires * leaf inclusion in trees built using non-commutative hashing functions requires

2
scripts/generate/templates/Arrays.js
View File

@ -26,6 +26,8 @@ const sort = type => `\
* array. Using it in view functions that are executed through \`eth_call\` is safe, but one should be very careful * array. Using it in view functions that are executed through \`eth_call\` is safe, but one should be very careful
* when executing this as part of a transaction. If the array being sorted is too large, the sort operation may * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
* consume more gas than is available in a block, leading to potential DoS. * consume more gas than is available in a block, leading to potential DoS.
*
* IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
*/ */
function sort( function sort(
${type}[] memory array, ${type}[] memory array,

3
scripts/generate/templates/MerkleProof.js
View File

@ -26,6 +26,9 @@ import {Hashes} from "./Hashes.sol";
* OpenZeppelin's JavaScript library generates Merkle trees that are safe * OpenZeppelin's JavaScript library generates Merkle trees that are safe
* against this attack out of the box. * against this attack out of the box.
* *
* IMPORTANT: Consider memory side-effects when using custom hashing functions
* that access memory in an unsafe way.
*
* NOTE: This library supports proof verification for merkle trees built using * NOTE: This library supports proof verification for merkle trees built using
* custom _commutative_ hashing functions (i.e. \`H(a, b) == H(b, a)\`). Proving * custom _commutative_ hashing functions (i.e. \`H(a, b) == H(b, a)\`). Proving
* leaf inclusion in trees built using non-commutative hashing functions requires * leaf inclusion in trees built using non-commutative hashing functions requires