Assessment reports>Hyperlane Starknet>Low findings>Incorrect size of ,StoreFelt252Array
Category: Coding Mistakes

Incorrect size of StoreFelt252Array

Low Severity
Low Impact
Low Likelihood

Description

The store_arrays.cairo implements a way to store the Array<felt252> as a storage variable:

pub impl StoreFelt252Array of Store<Array<felt252>> {
    fn read(address_domain: u32, base: StorageBaseAddress) -> SyscallResult<Array<felt252>> {
        StoreFelt252Array::read_at_offset(address_domain, base, 0)
    }

    fn write(
        address_domain: u32, base: StorageBaseAddress, value: Array<felt252>
    ) -> SyscallResult<()> {
        StoreFelt252Array::write_at_offset(address_domain, base, 0, value)
    }

    // ...

    fn size() -> u8 {
        1
    }
}

Note that the size function returns 1. However, this function should return 255, since this implementation may utilize up to 255 slots for its logic.

Impact

An array can be improperly stored in the storage, which may break the integrity of the stored data.

We believe this code is only used by validator_announce.cairo, which does not directly affect the logic of the rest of the contracts.

Recommendations

Consider modifying the size function to return 255 instead of 1.

Remediation

This issue has been acknowledged by Pragma, and a fix was implemented in commit 5ec83ab7.

Zellic © 2025Back to top ↑