Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Hyperlane Starknet>Low findings>Incorrect size of ,StoreFelt252Array
GeneralOverview
Findings
Critical (5)
High (4)
Medium (5)
Low (5)Announcing a new storage location overwrites the previous storage locationAggregation ISM misfunctions if more than 255 modules existISM configuration of MailboxComponent is disregardedUnclear behavior of the function set_modulesIncorrect size of StoreFelt252Array
Informational (2)
DiscussionSame message can be inserted into the Merkle tree hook multiple timesNonce may overflow
Threat ModelMessage
Audit ResultsAssessment Results
Category: Coding Mistakes

Incorrect size of StoreFelt252Array

Low Severity
Low Impact
Low Likelihood

Description

The store_arrays.cairo implements a way to store the Array<felt252> as a storage variable:

pub impl StoreFelt252Array of Store<Array<felt252>> {
    fn read(address_domain: u32, base: StorageBaseAddress) -> SyscallResult<Array<felt252>> {
        StoreFelt252Array::read_at_offset(address_domain, base, 0)
    }

    fn write(
        address_domain: u32, base: StorageBaseAddress, value: Array<felt252>
    ) -> SyscallResult<()> {
        StoreFelt252Array::write_at_offset(address_domain, base, 0, value)
    }

    // ...

    fn size() -> u8 {
        1
    }
}

Note that the size function returns 1. However, this function should return 255, since this implementation may utilize up to 255 slots for its logic.

Impact

An array can be improperly stored in the storage, which may break the integrity of the stored data.

We believe this code is only used by validator_announce.cairo, which does not directly affect the logic of the rest of the contracts.

Recommendations

Consider modifying the size function to return 255 instead of 1.

Remediation

This issue has been acknowledged by Pragma, and a fix was implemented in commit 5ec83ab7.

Zellic © 2025Back to top ↑