Add memory side effects notes when using function pointers (#5174)

Signed-off-by: Hadrien Croubois <hadrien.croubois@gmail.com>
5 months ago · aba42a07da
parent 0f09ebad09
commit aba42a07da
4 changed files with 14 additions and 0 deletions
--- a/contracts/utils/Arrays.sol
+++ b/contracts/utils/Arrays.sol
@ -26,6 +26,8 @@ library Arrays {
     * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
     * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
     * consume more gas than is available in a block, leading to potential DoS.
+     *
+     * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
     */
    function sort(
        uint256[] memory array,
@ -53,6 +55,8 @@ library Arrays {
     * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
     * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
     * consume more gas than is available in a block, leading to potential DoS.
+     *
+     * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
     */
    function sort(
        address[] memory array,
@ -80,6 +84,8 @@ library Arrays {
     * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
     * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
     * consume more gas than is available in a block, leading to potential DoS.
+     *
+     * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
     */
    function sort(
        bytes32[] memory array,
--- a/contracts/utils/cryptography/MerkleProof.sol
+++ b/contracts/utils/cryptography/MerkleProof.sol
@ -20,6 +20,9 @@ import {Hashes} from "./Hashes.sol";
 * OpenZeppelin's JavaScript library generates Merkle trees that are safe
 * against this attack out of the box.
 *
+ * IMPORTANT: Consider memory side-effects when using custom hashing functions
+ * that access memory in an unsafe way.
+ *
 * NOTE: This library supports proof verification for merkle trees built using
 * custom _commutative_ hashing functions (i.e. `H(a, b) == H(b, a)`). Proving
 * leaf inclusion in trees built using non-commutative hashing functions requires
--- a/scripts/generate/templates/Arrays.js
+++ b/scripts/generate/templates/Arrays.js
@ -26,6 +26,8 @@ const sort = type => `\
 * array. Using it in view functions that are executed through \`eth_call\` is safe, but one should be very careful
 * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
 * consume more gas than is available in a block, leading to potential DoS.
+ *
+ * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
 */
 function sort(
    ${type}[] memory array,
--- a/scripts/generate/templates/MerkleProof.js
+++ b/scripts/generate/templates/MerkleProof.js
@ -26,6 +26,9 @@ import {Hashes} from "./Hashes.sol";
 * OpenZeppelin's JavaScript library generates Merkle trees that are safe
 * against this attack out of the box.
 *
+ * IMPORTANT: Consider memory side-effects when using custom hashing functions
+ * that access memory in an unsafe way.
+ *
 * NOTE: This library supports proof verification for merkle trees built using
 * custom _commutative_ hashing functions (i.e. \`H(a, b) == H(b, a)\`). Proving
 * leaf inclusion in trees built using non-commutative hashing functions requires