Category: Coding Mistakes
Incorrect size of StoreFelt252Array
Low Severity
Low Impact
Low Likelihood
Description
The store_arrays.cairo implements a way to store the Array<felt252>
as a storage variable:
pub impl StoreFelt252Array of Store<Array<felt252>> {
fn read(address_domain: u32, base: StorageBaseAddress) -> SyscallResult<Array<felt252>> {
StoreFelt252Array::read_at_offset(address_domain, base, 0)
}
fn write(
address_domain: u32, base: StorageBaseAddress, value: Array<felt252>
) -> SyscallResult<()> {
StoreFelt252Array::write_at_offset(address_domain, base, 0, value)
}
// ...
fn size() -> u8 {
1
}
}
Note that the size
function returns 1. However, this function should return 255, since this implementation may utilize up to 255 slots for its logic.
Impact
An array can be improperly stored in the storage, which may break the integrity of the stored data.
We believe this code is only used by validator_announce.cairo, which does not directly affect the logic of the rest of the contracts.
Recommendations
Consider modifying the size
function to return 255 instead of 1.
Remediation
This issue has been acknowledged by Pragma, and a fix was implemented in commit 5ec83ab7↗.