Replies: 2 comments
-
Example of issues:Correct Data Extraction: |
Beta Was this translation helpful? Give feedback.
-
Thank you for your concern! InputStream works with compact serialized data and doesn't need data alignment or padding zeros It works correct and was very good tested. And Audited |
Beta Was this translation helpful? Give feedback.
-
https://github.com/sushiswap/sushiswap/blob/0ae71ae24a681fe4253fa9ba14dc7185581291cd/protocols/route-processor/contracts/InputStream.sol
Please address these risks/issues:
Memory Layout Misunderstandings: The methods for reading data types (readUint8, readUint16, etc.) seem to misunderstand how Solidity handles memory. They attempt to read data directly from subsequent memory locations without proper handling for data alignment or considering the actual size of the stored values.
Data Extraction Issues: The functions increment the stream position by the size of the data type they intend to read (1 for uint8, 2 for uint16, etc.) but then use mload to load 32 bytes of data from that position. This approach does not correctly extract smaller data types from within the 32-byte word that Solidity uses for memory operations.
Potential for Data Overlap and Misalignment: Because Ethereum's EVM operates with 32-byte words, reading values like uint8, uint16, etc., directly via mload without masking or shifting operations can lead to incorrect values being read or potential data overlap, especially without proper alignment adjustments.
Beta Was this translation helpful? Give feedback.
All reactions