fix: [internal-r5] make sure even there are some gaps between offseta…

…nd length in the abi-encoding of extsload#slots the function will still work (#120) * fix: [internal-r5] make sure even there are some gaps between offset and length in the abi-encoding of extsload#slots the function will still work * fix: [internal-r4] make sure all assembly block are memory safe
pancakeswap · Jul 25, 2024 · 2aa42c4 · 2aa42c4
1 parent 870eb15
commit 2aa42c4
Show file tree

Hide file tree

Showing 22 changed files with 55 additions and 47 deletions.
diff --git a/.forge-snapshots/BinHookTest#testBurnSucceedsWithHook.snap b/.forge-snapshots/BinHookTest#testBurnSucceedsWithHook.snap
@@ -1 +1 @@
-178819
+178871
diff --git a/.forge-snapshots/BinHookTest#testMintSucceedsWithHook.snap b/.forge-snapshots/BinHookTest#testMintSucceedsWithHook.snap
@@ -1 +1 @@
-328598
+328650
diff --git a/.forge-snapshots/BinPoolManagerBytecodeSize.snap b/.forge-snapshots/BinPoolManagerBytecodeSize.snap
@@ -1 +1 @@
-23620
+23691
diff --git a/.forge-snapshots/BinPoolManagerTest#testBurnNativeCurrency.snap b/.forge-snapshots/BinPoolManagerTest#testBurnNativeCurrency.snap
@@ -1 +1 @@
-133834
+133876
diff --git a/.forge-snapshots/BinPoolManagerTest#testGasBurnHalfBin.snap b/.forge-snapshots/BinPoolManagerTest#testGasBurnHalfBin.snap
@@ -1 +1 @@
-142745
+142797
diff --git a/.forge-snapshots/BinPoolManagerTest#testGasBurnNineBins.snap b/.forge-snapshots/BinPoolManagerTest#testGasBurnNineBins.snap
@@ -1 +1 @@
-288502
+288876
diff --git a/.forge-snapshots/BinPoolManagerTest#testGasBurnOneBin.snap b/.forge-snapshots/BinPoolManagerTest#testGasBurnOneBin.snap
@@ -1 +1 @@
-127005
+127046
diff --git a/.forge-snapshots/BinPoolManagerTest#testGasMintNneBins-1.snap b/.forge-snapshots/BinPoolManagerTest#testGasMintNneBins-1.snap
@@ -1 +1 @@
-967714
+968182
diff --git a/.forge-snapshots/BinPoolManagerTest#testGasMintNneBins-2.snap b/.forge-snapshots/BinPoolManagerTest#testGasMintNneBins-2.snap
@@ -1 +1 @@
-325931
+326399
diff --git a/.forge-snapshots/BinPoolManagerTest#testGasMintOneBin-1.snap b/.forge-snapshots/BinPoolManagerTest#testGasMintOneBin-1.snap
@@ -1 +1 @@
-337317
+337369
diff --git a/.forge-snapshots/BinPoolManagerTest#testGasMintOneBin-2.snap b/.forge-snapshots/BinPoolManagerTest#testGasMintOneBin-2.snap
@@ -1 +1 @@
-139719
+139771
diff --git a/.forge-snapshots/BinPoolManagerTest#testMintNativeCurrency.snap b/.forge-snapshots/BinPoolManagerTest#testMintNativeCurrency.snap
@@ -1 +1 @@
-304287
+304339
diff --git a/.forge-snapshots/CLPoolManagerBytecodeSize.snap b/.forge-snapshots/CLPoolManagerBytecodeSize.snap
@@ -1 +1 @@
-22712
+22811
diff --git a/.forge-snapshots/CLPoolManagerTest#addLiquidity_fromEmpty.snap b/.forge-snapshots/CLPoolManagerTest#addLiquidity_fromEmpty.snap
@@ -1 +1 @@
-352371
+352438
diff --git a/.forge-snapshots/CLPoolManagerTest#addLiquidity_fromNonEmpty.snap b/.forge-snapshots/CLPoolManagerTest#addLiquidity_fromNonEmpty.snap
@@ -1 +1 @@
-167812
+167879
diff --git a/.forge-snapshots/CLPoolManagerTest#addLiquidity_nativeToken.snap b/.forge-snapshots/CLPoolManagerTest#addLiquidity_nativeToken.snap
@@ -1 +1 @@
-239219
+239286
diff --git a/.forge-snapshots/CLPoolManagerTest#removeLiquidity_toNonEmpty.snap b/.forge-snapshots/CLPoolManagerTest#removeLiquidity_toNonEmpty.snap
@@ -1 +1 @@
-115846
+115913
diff --git a/.forge-snapshots/ExtsloadTest#extsloadInBatch.snap b/.forge-snapshots/ExtsloadTest#extsloadInBatch.snap
@@ -1 +1 @@
-11050
+11109
diff --git a/src/Extsload.sol b/src/Extsload.sol
@@ -20,24 +20,25 @@ abstract contract Extsload is IExtsload {
 
     /// @inheritdoc IExtsload
     function extsload(bytes32[] calldata slots) external view returns (bytes32[] memory) {
-        // since the function is external and enters a new call context and exits right
-        // after execution, Solidity's memory management convention can be disregarded
-        // and a direct slice of memory can be returned
         assembly ("memory-safe") {
-            // Copy the abi offset of dynamic array and the length of the array to memory.
-            calldatacopy(0, 0x04, 0x40)
+            let memptr := mload(0x40)
+            let start := memptr
+            // for abi encoding the response - the array will be found at 0x20
+            mstore(memptr, 0x20)
+            // next we store the length of the return array
+            mstore(add(memptr, 0x20), slots.length)
+            // update memptr to the first location to hold an array entry
+            memptr := add(memptr, 0x40)
             // A left bit-shift of 5 is equivalent to multiplying by 32 but costs less gas.
-            let end := add(0x40, shl(5, slots.length))
+            let end := add(memptr, shl(5, slots.length))
             let calldataptr := slots.offset
-            // Return values will start at 64 while calldata offset is 68.
-            for { let memptr := 0x40 } 1 {} {
+            for {} 1 {} {
                 mstore(memptr, sload(calldataload(calldataptr)))
                 memptr := add(memptr, 0x20)
                 calldataptr := add(calldataptr, 0x20)
                 if iszero(lt(memptr, end)) { break }
             }
-            // The end offset is also the length of the returndata.
-            return(0, end)
+            return(start, sub(end, start))
         }
     }
 }
diff --git a/src/pool-bin/libraries/BinPosition.sol b/src/pool-bin/libraries/BinPosition.sol
@@ -31,13 +31,16 @@ library BinPosition {
         // ref: https://github.com/Vectorized/solady/blob/main/src/tokens/ERC20.sol#L95
         // memory will be 12 bytes of zeros, the 20 bytes of address, 3 bytes for uint24
         assembly ("memory-safe") {
-            mstore(0x23, salt)
-            mstore(0x03, binId)
-            mstore(0x00, owner)
-            key := keccak256(0x0c, 0x37)
-            // 0x00 - 0x3f is scratch space
-            // 0x40 ~ 0x46 should be clear to avoid polluting free pointer
-            mstore(0x23, 0)
+            let fmp := mload(0x40)
+            mstore(add(fmp, 0x23), salt) // [0x23, 0x43)
+            mstore(add(fmp, 0x03), binId) // [0x03, 0x23)
+            mstore(fmp, owner) // [0x0c, 0x20)
+            key := keccak256(add(fmp, 0x0c), 0x37) // len is 55 bytes
+
+            // now clean the memory we used
+            mstore(add(fmp, 0x40), 0) // fmp+0x40 held salt
+            mstore(add(fmp, 0x20), 0) // fmp+0x20 held binId, salt
+            mstore(fmp, 0) // fmp held owner
         }
         position = self[key];
     }

diff --git a/src/pool-cl/libraries/CLPosition.sol b/src/pool-cl/libraries/CLPosition.sol
@@ -39,14 +39,17 @@ library CLPosition {
         // make use of memory scratch space
         // ref: https://github.com/Vectorized/solady/blob/main/src/tokens/ERC20.sol#L95
         assembly ("memory-safe") {
-            mstore(0x26, salt)
-            mstore(0x06, tickUpper)
-            mstore(0x03, tickLower)
-            mstore(0x00, owner)
-            key := keccak256(0x0c, 0x3a)
-            // 0x00 - 0x3f is scratch space
-            // 0x40 ~ 0x46 should be clear to avoid polluting free pointer
-            mstore(0x26, 0)
+            let fmp := mload(0x40)
+            mstore(add(fmp, 0x26), salt) // [0x26, 0x46)
+            mstore(add(fmp, 0x06), tickUpper) // [0x23, 0x26)
+            mstore(add(fmp, 0x03), tickLower) // [0x20, 0x23)
+            mstore(fmp, owner) // [0x0c, 0x20)
+            key := keccak256(add(fmp, 0x0c), 0x3a) // len is 58 bytes
+
+            // now clean the memory we used
+            mstore(add(fmp, 0x40), 0) // fmp+0x40 held salt
+            mstore(add(fmp, 0x20), 0) // fmp+0x20 held tickLower, tickUpper, salt
+            mstore(fmp, 0) // fmp held owner
         }
         position = self[key];
     }

diff --git a/src/pool-cl/libraries/TickBitmap.sol b/src/pool-cl/libraries/TickBitmap.sol
@@ -53,10 +53,11 @@ library TickBitmap {
         assembly ("memory-safe") {
             // ensure that the tick is spaced
             if smod(tick, tickSpacing) {
-                mstore(0, 0xd4d8f3e6) // selector for TickMisaligned(int24,int24)
-                mstore(0x20, tick)
-                mstore(0x40, tickSpacing)
-                revert(0x1c, 0x44)
+                let fmp := mload(0x40)
+                mstore(fmp, 0xd4d8f3e6) // selector for TickMisaligned(int24,int24)
+                mstore(add(fmp, 0x20), tick)
+                mstore(add(fmp, 0x40), tickSpacing)
+                revert(add(fmp, 0x1c), 0x44)
             }
             tick := sdiv(tick, tickSpacing)
             // calculate the storage slot corresponding to the tick