Closed
Description
Describe the bug
When attempting to use ArrayCoder on data that isn't compatible, a potentially random amount of memory will be used because the array of AnonymousCoder instances are created before attempting to decode.
Since the length is read first, this number could be anything. If it's not above JavaScript's MAX_SAFE_INTEGER, it'll be used and that many AnonymousCoders are created.
In our case, it was trying to create an array of 580,542,139,465,728 elements, and would always crash the process of course.
It is certainly an edge case, I don't expect many people to run into the issue. We are using ethers.js in a system that attempts to decode transactions without fully knowing the ABI, hence the possibility of the data not matching.
I've fixed the issue in our codebase by using a simple lazy array implementation, I would be happy to create a pull request.
Reproduction steps
import { EventFragment, Interface } from "@ethersproject/abi";
let iface = new Interface([]);
iface.decodeEventLog(
EventFragment.from({
name: "TransferBatch",
inputs: [
{ type: "address" },
{ type: "address" },
{ type: "address" },
{ type: "uint256[]" },
{ type: "uint256[]" },
],
type: "event",
}),
"0x00000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000001050000000000000000000000000000000000000000000000000000000000000150000000000000000000000000000000000000000000000000000000000000015a00000000000000000000000000000000000000000000000000000000000001bf00000000000000000000000000000000000000000000000000000000000001fb00000000000000000000000000000000000000000000000000000000000002100000000000000000000000000000000000000000000000000000000000000251000000000000000000000000000000000000000000000000000000000000026f000000000000000000000000000000000000000000000000000000000000029100000000000000000000000000000000000000000000000000000000000002af00000000000000000000000000000000000000000000000000000000000002e000000000000000000000000000000000000000000000000000000000000002f30000000000000000000000000000000000000000000000000000000000000318000000000000000000000000000000000000000000000000000000000000031c0000000000000000000000000000000000000000000000000000000000000371000000000000000000000000000000000000000000000000000000000000039900000000000000000000000000000000000000000000000000000000000003a500000000000000000000000000000000000000000000000000000000000003ac00000000000000000000000000000000000000000000000000000000000003c000000000000000000000000000000000000000000000000000000000000003d400000000000000000000000000000000000000000000000000000000000003fd000000000000000000000000000000000000000000000000000000000000041000000000000000000000000000000000000000000000000000000000000004240000000000000000000000000000000000000000000000000000000000000428000000000000000000000000000000000000000000000000000000000000043400000000000000000000000000000000000000000000000000000000000004410000000000000000000000000000000000000000000000000000000000000447000000000000000000000000000000000000000000000000000000000000047500000000000000000000000000000000000000000000000000000000000004a4000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000640000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000640000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000640000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000640000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000640000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000640000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000640000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000640000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000640000000000000000000000000000000000000000000000000000000000000064000000000000000000000000000000000000000000000000000000000000006400000000000000000000000000000000000000000000000000000000000000640000000000000000000000000000000000000000000000000000000000000064",
[
"0x4a39dc06d4c0dbc64b70af90fd698a233a518aa5d07e595d983b8c0526c8f7fb",
"0x000000000000000000000000a519711c25a631e55a6eac19d1f2858c97a86a95",
"0x000000000000000000000000a519711c25a631e55a6eac19d1f2858c97a86a95",
"0x00000000000000000000000076e1f3de45793f5b0263f39178db54ffe479291d",
]
);Search Terms
ArrayCoder memory AnonymousCoder
Activity