Add memory side effects notes when using function pointers (#5174)

OpenZeppelin · Aug 30, 2024 · 83f954d · 83f954d
1 parent a9161aa
commit 83f954d
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 0 deletions.
diff --git a/contracts/utils/Arrays.sol b/contracts/utils/Arrays.sol
@@ -26,6 +26,8 @@ library Arrays {
      * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
      * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
      * consume more gas than is available in a block, leading to potential DoS.
+     *
+     * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
      */
     function sort(
         uint256[] memory array,
@@ -53,6 +55,8 @@ library Arrays {
      * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
      * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
      * consume more gas than is available in a block, leading to potential DoS.
+     *
+     * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
      */
     function sort(
         address[] memory array,
@@ -80,6 +84,8 @@ library Arrays {
      * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
      * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
      * consume more gas than is available in a block, leading to potential DoS.
+     *
+     * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
      */
     function sort(
         bytes32[] memory array,

diff --git a/contracts/utils/cryptography/MerkleProof.sol b/contracts/utils/cryptography/MerkleProof.sol
@@ -20,6 +20,9 @@ import {Hashes} from "./Hashes.sol";
  * OpenZeppelin's JavaScript library generates Merkle trees that are safe
  * against this attack out of the box.
  *
+ * IMPORTANT: Consider memory side-effects when using custom hashing functions
+ * that access memory in an unsafe way.
+ *
  * NOTE: This library supports proof verification for merkle trees built using
  * custom _commutative_ hashing functions (i.e. `H(a, b) == H(b, a)`). Proving
  * leaf inclusion in trees built using non-commutative hashing functions requires

diff --git a/scripts/generate/templates/Arrays.js b/scripts/generate/templates/Arrays.js
@@ -26,6 +26,8 @@ const sort = type => `\
  * array. Using it in view functions that are executed through \`eth_call\` is safe, but one should be very careful
  * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
  * consume more gas than is available in a block, leading to potential DoS.
+ *
+ * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
  */
 function sort(
     ${type}[] memory array,

diff --git a/scripts/generate/templates/MerkleProof.js b/scripts/generate/templates/MerkleProof.js
@@ -26,6 +26,9 @@ import {Hashes} from "./Hashes.sol";
  * OpenZeppelin's JavaScript library generates Merkle trees that are safe
  * against this attack out of the box.
  *
+ * IMPORTANT: Consider memory side-effects when using custom hashing functions
+ * that access memory in an unsafe way.
+ *
  * NOTE: This library supports proof verification for merkle trees built using
  * custom _commutative_ hashing functions (i.e. \`H(a, b) == H(b, a)\`). Proving
  * leaf inclusion in trees built using non-commutative hashing functions requires