{"componentChunkName":"component---node-modules-rocketseat-gatsby-theme-docs-core-src-templates-docs-query-js","path":"/manual-review/TransferLib-TLB","result":{"data":{"mdx":{"id":"ec27d909-686b-5995-8523-37e1878b4e31","excerpt":"TLB-01M: Incorrect Utilization of Memory Type Severity Location Language Specific TransferLib.sol:L19-L20 ,  L22-L26 ,  L32 ,  L46 ,  L62 ,  L65 ,  L67-L69 ,  L…","fields":{"slug":"/manual-review/TransferLib-TLB/"},"frontmatter":{"title":"TransferLib Manual Review Findings","description":"Contains all the findings that relate to manual review on the contract codebase","image":null,"disableTableOfContents":null},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"title\": \"TransferLib Manual Review Findings\",\n  \"description\": \"Contains all the findings that relate to manual review on the contract codebase\"\n};\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, _excluded);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"h2\", {\n    \"id\": \"span-idtlb-01mtlb-01m-incorrect-utilization-of-memoryspan\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h2\",\n    \"href\": \"#span-idtlb-01mtlb-01m-incorrect-utilization-of-memoryspan\",\n    \"aria-label\": \"span idtlb 01mtlb 01m incorrect utilization of memoryspan permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), mdx(\"span\", {\n    id: \"TLB-01M\"\n  }, \"TLB-01M: Incorrect Utilization of Memory\")), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Type\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Severity\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Location\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/maverick-protocol-common-libraries-66165d178c7ae500187a1ad7/appendix/finding-types#language-specific\"\n  }, \"Language Specific\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-unknown\",\n    \"src\": \"https://omniscia.io/report-assets/unknown.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L19-L20\"\n  }, \"TransferLib.sol:L19-L20\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L22-L26\"\n  }, \"L22-L26\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L32\"\n  }, \"L32\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L46\"\n  }, \"L46\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L62\"\n  }, \"L62\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L65\"\n  }, \"L65\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L67-L69\"\n  }, \"L67-L69\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L75\"\n  }, \"L75\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L90\"\n  }, \"L90\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L91\"\n  }, \"L91\"))))), mdx(\"h3\", {\n    \"id\": \"description\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#description\",\n    \"aria-label\": \"description permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Description:\"), mdx(\"p\", null, \"The \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L16-L52\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"a\"\n  }, \"TransferLib::transfer\")), \" and \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L57-L95\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"a\"\n  }, \"TransferLib::transferFrom\")), \" functions will insecurely handle memory space by writing to reserved slots as well as evaluating the free memory pointer without utilizing it.\"), mdx(\"h3\", {\n    \"id\": \"impact\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#impact\",\n    \"aria-label\": \"impact permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Impact:\"), mdx(\"p\", null, \"While the memory space is in a corrupted state after the \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L16-L52\"\n  }, mdx(\"inlineCode\", {\n    parentName: \"a\"\n  }, \"TransferLib::transfer\")), \"-prefixed functions have been invoked, the corruption should not manifest itself in practice unless affected statements are utilized, such as \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"keccak256\"), \" assembly statements, usage of the free memory pointer, and/or instantiations of dynamic length arrays.\"), mdx(\"p\", null, \"As this vulnerability would present itself and under certain conditions in upstream contracts, we cannot reliably assess its severity.\"), mdx(\"h3\", {\n    \"id\": \"example\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#example\",\n    \"aria-label\": \"example permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Example:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-sol\",\n    \"metastring\": \"title=v2-common/contracts/libraries/TransferLib.sol highlight={8,11,13,14,34} lineNumbers=true lineOffset=12\",\n    \"title\": \"v2-common/contracts/libraries/TransferLib.sol\",\n    \"highlight\": \"{8,11,13,14,34}\",\n    \"lineNumbers\": \"true\",\n    \"lineOffset\": \"12\"\n  }, \"/**\\n * @notice Transfer token amount.  Amount is sent from caller address to `to` address.\\n */\\nfunction transfer(IERC20 token, address to, uint256 amount) internal {\\n    bool success;\\n    assembly (\\\"memory-safe\\\") {\\n        // We'll write our calldata to this slot below, but restore it later.\\n        let memPointer := mload(0x40)\\n\\n        // Write the abi-encoded calldata into memory, beginning with the function selector.\\n        mstore(0, 0xa9059cbb00000000000000000000000000000000000000000000000000000000)\\n        // Append arguments. Addresses are assumed clean. Transfer will fail otherwise.\\n        mstore(0x4, to)\\n        mstore(0x24, amount) // Append the \\\"amount\\\" argument.\\n\\n        // we have used up to 0x44 at this point\\n\\n        // fail if reverted; only allocate 32 bytes for return to ensure we\\n        // only use mem slot 0\\n        success := call(gas(), token, 0, 0, 68, 0, 32)\\n        // handle transfers that return 1/true\\n        let returnedOne := and(eq(mload(0), 1), gt(returndatasize(), 31))\\n        // handle transfers that return nothing\\n        let noReturn := iszero(returndatasize())\\n        // good if didn't revert and the return is either empty or true\\n        success := and(success, or(returnedOne, noReturn))\\n\\n        // to make the function call data, we used memory slots from:\\n        // 0x0 - 0x44\\n        //\\n        // memory safety requires we consider:\\n        // 0x0 - 0x40 is scratch space that we are free to use and leave in any state\\n        // 0x40 - 0x60 is the mempointer which we restore here\\n        mstore(0x40, memPointer) // Restore the memPointer.\\n    }\\n\\n    unchecked {\\n        if (!success) revert TransferFailed(token, to, amount);\\n    }\\n}\\n\")), mdx(\"h3\", {\n    \"id\": \"recommendation\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#recommendation\",\n    \"aria-label\": \"recommendation permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Recommendation:\"), mdx(\"p\", null, \"We advise the code to make proper use of the free memory pointer updating it after the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"assembly\"), \" block concludes, and to avoid utilizing the memory scratch space as well as preconfigured slots in the memory layout of Solidity.\"), mdx(\"h3\", {\n    \"id\": \"alleviation-175f8c39b1\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#alleviation-175f8c39b1\",\n    \"aria-label\": \"alleviation 175f8c39b1 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Alleviation (175f8c39b1):\"), mdx(\"p\", null, \"The code will now utilize the free memory pointer to store the ABI encoded call-data in memory, however, the data location of the free memory pointer is not properly updated once the function concludes.\"), mdx(\"p\", null, \"For more details on how to properly maintain the free memory pointer, we advise the relevant Solidity documentation to be \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://docs.soliditylang.org/en/latest/assembly.html#memory-management\"\n  }, \"consulted\"), \".\"), mdx(\"h3\", {\n    \"id\": \"alleviation-23cf815e61\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#alleviation-23cf815e61\",\n    \"aria-label\": \"alleviation 23cf815e61 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Alleviation (23cf815e61):\"), mdx(\"p\", null, \"After extensive discussion and research on the topic in collaboration with the Maverick Protocol team, we concluded that both the original and the latest approach are correct and in adherence to the memory model of Solidity.\"), mdx(\"p\", null, \"In detail, the Solidity documentation outlines that memory beyond the free memory pointer can be utilized as scratch space freely and the original implementation properly restored the free memory pointer at the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"0x40\"), \" data slot.\"), mdx(\"p\", null, \"As the original exhibit was invalid and the latest implementation is secure, we consider this exhibit to be nullified.\"), mdx(\"h2\", {\n    \"id\": \"span-idtlb-02mtlb-02m-inexistent-masking-of-input-argumentsspan\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h2\",\n    \"href\": \"#span-idtlb-02mtlb-02m-inexistent-masking-of-input-argumentsspan\",\n    \"aria-label\": \"span idtlb 02mtlb 02m inexistent masking of input argumentsspan permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), mdx(\"span\", {\n    id: \"TLB-02M\"\n  }, \"TLB-02M: Inexistent Masking of Input Arguments\")), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Type\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Severity\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Location\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/maverick-protocol-common-libraries-66165d178c7ae500187a1ad7/appendix/finding-types#language-specific\"\n  }, \"Language Specific\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-informational\",\n    \"src\": \"https://omniscia.io/report-assets/informational.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L25\"\n  }, \"TransferLib.sol:L25\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L67\"\n  }, \"L67\"), \", \", mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"https://github.com/maverickprotocol/maverick-v2/blob/47287a62e15ca8d4bcabf7e0b6757debb5d10593/v2-common/contracts/libraries/TransferLib.sol#L68\"\n  }, \"L68\"))))), mdx(\"h3\", {\n    \"id\": \"description-1\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#description-1\",\n    \"aria-label\": \"description 1 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Description:\"), mdx(\"p\", null, \"The referenced \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"assembly\"), \" statements will utilize \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"address\"), \" based input arguments that are not masked to erase their dirty bits. Per the \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://docs.soliditylang.org/en/latest/security-considerations.html#minor-details\"\n  }, \"Solidity documentation's security considerations section\"), \", data types that occupy less than 32 bytes may have dirty higher order bits that should be cleared when using \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"assembly\"), \" blocks.\"), mdx(\"h3\", {\n    \"id\": \"impact-1\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#impact-1\",\n    \"aria-label\": \"impact 1 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Impact:\"), mdx(\"p\", null, \"The present functions of the contract are not susceptible to such higher-order corruption due to properly storing a single argument per 32-byte slot, however, we still consider this a best practice recommendation to avoid potential compiler-level complications.\"), mdx(\"h3\", {\n    \"id\": \"example-1\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#example-1\",\n    \"aria-label\": \"example 1 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Example:\"), mdx(\"pre\", null, mdx(\"code\", {\n    parentName: \"pre\",\n    \"className\": \"language-sol\",\n    \"metastring\": \"title=v2-common/contracts/libraries/TransferLib.sol highlight={4} lineNumbers=true lineOffset=21\",\n    \"title\": \"v2-common/contracts/libraries/TransferLib.sol\",\n    \"highlight\": \"{4}\",\n    \"lineNumbers\": \"true\",\n    \"lineOffset\": \"21\"\n  }, \"// Write the abi-encoded calldata into memory, beginning with the function selector.\\nmstore(0, 0xa9059cbb00000000000000000000000000000000000000000000000000000000)\\n// Append arguments. Addresses are assumed clean. Transfer will fail otherwise.\\nmstore(0x4, to)\\nmstore(0x24, amount) // Append the \\\"amount\\\" argument.\\n\")), mdx(\"h3\", {\n    \"id\": \"recommendation-1\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#recommendation-1\",\n    \"aria-label\": \"recommendation 1 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Recommendation:\"), mdx(\"p\", null, \"We advise a bit masking operation to be performed for each argument, ensuring that the \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"address\"), \" arguments do not contain any corrupt higher-order bits.\"), mdx(\"h3\", {\n    \"id\": \"alleviation-175f8c39b19df69134add3aa8a2a042ce3047763\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, mdx(\"a\", {\n    parentName: \"h3\",\n    \"href\": \"#alleviation-175f8c39b19df69134add3aa8a2a042ce3047763\",\n    \"aria-label\": \"alleviation 175f8c39b19df69134add3aa8a2a042ce3047763 permalink\",\n    \"className\": \"anchor before\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  }))), \"Alleviation (175f8c39b19df69134add3aa8a2a042ce3047763):\"), mdx(\"p\", null, \"The Maverick Protocol team evaluated this exhibit and clarified that bit masking the input \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"address\"), \" values would incur unnecessary gas overhead as the relevant function calls would fail with incorrect arguments.\"), mdx(\"p\", null, \"As such, we consider this exhibit safely acknowledged.\"));\n}\n;\nMDXContent.isMDXComponent = true;","headings":[{"depth":2,"value":"<span id=\"TLB-01M\">TLB-01M: Incorrect Utilization of Memory</span>"},{"depth":3,"value":"Description:"},{"depth":3,"value":"Impact:"},{"depth":3,"value":"Example:"},{"depth":3,"value":"Recommendation:"},{"depth":3,"value":"Alleviation (175f8c39b1):"},{"depth":3,"value":"Alleviation (23cf815e61):"},{"depth":2,"value":"<span id=\"TLB-02M\">TLB-02M: Inexistent Masking of Input Arguments</span>"},{"depth":3,"value":"Description:"},{"depth":3,"value":"Impact:"},{"depth":3,"value":"Example:"},{"depth":3,"value":"Recommendation:"},{"depth":3,"value":"Alleviation (175f8c39b19df69134add3aa8a2a042ce3047763):"}]}},"pageContext":{"slug":"/manual-review/TransferLib-TLB/","prev":{"label":"TickMath.sol (TMH-M)","link":"/manual-review/TickMath-TMH"},"next":{"label":"Cast.sol (CTS-C)","link":"/code-style/Cast-CTS"}}},"staticQueryHashes":["1954253342","2328931024","2501019404","973074209"]}