Solidity Bug Info
| Bug Name | Description | Severity |
|---|---|---|
DynamicArrayCleanupWhen assigning a dynamically-sized array with types of size at most 16 bytes in storage causing the assigned array to shrink, some parts of deleted slots were not zeroed out. | Consider a dynamically-sized array in storage whose base-type is small enough such that multiple values can be packed into a single slot, such as `uint128[]`. Let us define its length to be `l`. When this array gets assigned from another array with a smaller length, say `m`, the slots between elements `m` and `l` have to be cleaned by zeroing them out. However, this cleaning was not performed properly. Specifically, after the slot corresponding to `m`, only the first packed value was cleaned up. If this array gets resized to a length larger than `m`, the indices corresponding to the unclean parts of the slot contained the original value, instead of 0. The resizing here is performed by assigning to the array `length`, by a `push()` or via inline assembly. You are not affected if you are only using `.push( - Link: https://blog.soliditylang.org/2020/10/07/solidity-dynamic-array-cleanup-bug/ - First Introduced: - Fixed in Version: 0.7.3 - Published: - Severity<: medium | medium |