Description

The string_utils.move module implements several helper functions that allow to format an instance of any type to string. The module exposes several functions that differ in how types are serialized.

One of these functions is to_string_with_integer_types, which should serialize integers with a suffix that explicitly specifies their type (e.g., 123u8). However, the function is implemented incorrectly, invoking the native_format internal function with an incorrect argument:

public fun to_string_with_integer_types<T>(s: &T): String {
    native_format(s, false, true, true, false)
}

native fun native_format<T>(
    s: &T, type_tag: bool,
    canonicalize: bool,
    single_line: bool,
    include_int_types: bool
): String;

The include_int_types argument is hardcoded to false, while it should have been true to implement the intended behavior.

Impact

This issue is reported as low impact as we were unable to identify any concrete impact on the rest of the in-scope code. While third-party modules could be affected to an unpredictable and potentially high extent, we consider this issue unlikely to cause high-severity issues.

Recommendations

Correctly pass the include_int_types parameter as true in to_string_with_integer_types.

Remediation