Omniscia 0xPhase Audit
SlotLib Manual Review Findings
SlotLib Manual Review Findings
SLB-01M: Improper Checked Arithmetic
| Type | Severity | Location |
|---|---|---|
| Mathematical Operations |  | SlotLib.sol:L9 |
Description:
The referenced statement will perform a subtraction of 1 to the provided id which is expected to be the evaluation of a hash. The reason for this is to prevent hash pre-image attacks whereby the input of the resulting hash is known, however, the code will fail to behave as expected when the provided id is 0.
Impact:
While the code does misbehave for an id of 0 causing the code to fail, the possibility of a hash resulting in 0 is miniscule. As such, we consider this exhibit to be of "informational" severity.
Example:
5/// @notice Returns the slot associated with an id6/// @param id The bytes32 id7/// @return The storage slot8function slot(bytes32 id) internal pure returns (bytes32) {9 return bytes32(uint256(id) - 1);10}Recommendation:
We advise the code to perform the subtraction using an unchecked code block as the pre-image protection measure will be valid through underflows occurring at 0 as its purpose is to simply alter the resulting slot offset rather than perform safe arithmetic operations.
Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):
The slot calculation is now properly performed in an unchecked code block, ensuring that the id correctly wraps around the numeric range of a uint256 value.