v0.8.0 - Solidity >0.8.0 support! 🎉 (#46)

* Create 0.8.0 folder structure + initial edits

* Realize the folder structure is moot since we cannot use two different solc in Truffle

* Get stricter about versions + remove constructor visibility

* change MAX_UINT

* Change README to reflect new versioning system

* change version

* Remove overflow checks in typecast methods

* Remove overflow check in slice()

Author: GNSPS

.gitattributes

@@ -0,0 +1 @@
+*.sol linguist-language=Solidity

README.md

@@ -2,13 +2,52 @@
 
 # Solidity Bytes Arrays Utils
 
-Bytes tightly packed arrays utility library for ethereum contracts written in Solidity.
+Bytes tightly packed arrays' utility library for ethereum contracts written in Solidity.
 
 The library lets you concatenate, slice and type cast bytes arrays both in memory and storage.
 
-Given this library has an all-internal collection of methods it doesn't make sense having it reside in the mainnet. Instead it will only be available in EPM as an installable package.
+Given this library has an all-internal collection of methods it doesn't make sense to have it reside in the mainnet. Instead it will only be available on EPM as an installable package.
 
-_Version Notes_:
+## Important Fixes Changelog
+
+_**2021-01-07**_
+
+A bug regarding zero-length slices was disclosed by @MrChico following an audit to the Optimism codebase.
+
+The exact bug happened under the following conditions: if memory slots higher then the current free-memory pointer were tainted before calling the `slice` method with a desired length of `0`, the returned bytes array, instead of being a zero-length slice was an array of arbitrary length based on the values that previously populated that memory region.
+
+Overall, the usage of zero-length slices should be pretty unusual and, as such, hopefully, this bug does not have far-reaching implications. Nonetheless, *please update the library to the new version if you're using it in production*.
+
+**TL;DR: if you're using the `slice` method with a length parameter of '0' in your codebase, please update to version 0.1.2 of the bytes library ASAP!**
+
+_**2020-11-01**_
+
+There was a **critical bug** in the `slice` method, reported on an audit to a DXDao codebase.
+
+Previously, no checks were being made on overflows of the `_start` and `_length` parameters since previous reviews of the codebase deemed this overflow "unexploitable" because of an inordinate expansion of memory (i.e., reading an immensely large memory offset causing huge memory expansion) resulting in an out-of-gas exception.
+
+However, as noted in the review mentioned above, this is not the case. The `slice` method in versions `<=0.9.0` actually allows for arbitrary _kind of_ (i.e., it allows memory writes to very specific values) arbitrary memory writes _in the specific case where these parameters are user-supplied inputs and not hardcoded values (which is uncommon).
+
+This made me realize that in permissioned blockchains where gas is also not a limiting factor this could become problematic in other methods and so I updated all typecasting-related methods to include new bound checks as well.
+
+**TL;DR: if you're using the `slice` method with user-supplied inputs in your codebase please update the bytes library immediately!**
+
+## _Version Notes_:
+
+* Starting from version `v0.8.0` the versioning will change to follow compatible Solidity's compiler versions.
+This means that now the library will only compile on Solidity versions `>=0.8.0` so, if you need `<0.8.0` support for your project just use `v0.1.2` of the library with:
+
+```
+$ truffle install [email protected]
+```
+or
+```
+$ npm install [email protected]
+```
+
+* Version `v0.1.2` has a major bug fix.
+
+* Version `v0.1.1` has a critical bug fix.
 
 * Version `v0.9.0` now compiles with Solidity compilers `0.5.x` and `0.6.x`.
 

contracts/AssertBytes.sol

@@ -7,7 +7,7 @@
  *      This library is compliant with the test event convention that the Truffle suite uses.
  */
 
-pragma solidity >=0.5.0 <0.7.0;
+pragma solidity >=0.8.0 <0.9.0;
 
 
 library AssertBytes {
@@ -48,7 +48,7 @@ library AssertBytes {
                 for {
                     let cc := add(_b, 0x20)
                 // the next line is the loop condition:
-                // while(uint(mc < end) + cb == 2)
+                // while(uint256(mc < end) + cb == 2)
                 } eq(add(lt(mc, end), cb), 2) {
                     mc := add(mc, 0x20)
                     cc := add(cc, 0x20)
@@ -104,7 +104,7 @@ library AssertBytes {
 
         assembly {
             // we know _a_offset is 0
-            let fslot := sload(_a_slot)
+            let fslot := sload(_a.slot)
             let slength := div(and(fslot, sub(mul(0x100, iszero(and(fslot, 1))), 1)), 2)
             let mlength := mload(_b)
 
@@ -133,14 +133,14 @@ library AssertBytes {
                         let cb := 1
 
                         // get the keccak hash to get the contents of the array
-                        mstore(0x0, _a_slot)
+                        mstore(0x0, _a.slot)
                         let sc := keccak256(0x0, 0x20)
 
                         let mc := add(_b, 0x20)
                         let end := add(mc, mlength)
 
                         // the next line is the loop condition:
-                        // while(uint(mc < end) + cb == 2)
+                        // while(uint256(mc < end) + cb == 2)
                         for {} eq(add(lt(mc, end), cb), 2) {
                             sc := add(sc, 1)
                             mc := add(mc, 0x20)

contracts/BytesLib.sol

@@ -6,7 +6,7 @@
  * @dev Bytes tightly packed arrays utility library for ethereum contracts written in Solidity.
  *      The library lets you concatenate, slice and type cast bytes arrays both in memory and storage.
  */
-pragma solidity >=0.5.0 <0.7.0;
+pragma solidity >=0.8.0 <0.9.0;
 
 
 library BytesLib {
@@ -93,7 +93,7 @@ library BytesLib {
             // Read the first 32 bytes of _preBytes storage, which is the length
             // of the array. (We don't need to use the offset into the slot
             // because arrays use the entire slot.)
-            let fslot := sload(_preBytes_slot)
+            let fslot := sload(_preBytes.slot)
             // Arrays of 31 bytes or less have an even value in their slot,
             // while longer arrays have an odd value. The actual length is
             // the slot divided by two for odd values, and the lowest order
@@ -113,7 +113,7 @@ library BytesLib {
                 // update the contents of the slot.
                 // uint256(bytes_storage) = uint256(bytes_storage) + uint256(bytes_memory) + new_length
                 sstore(
-                    _preBytes_slot,
+                    _preBytes.slot,
                     // all the modifications to the slot are inside this
                     // next block
                     add(
@@ -143,11 +143,11 @@ library BytesLib {
                 // The stored value fits in the slot, but the combined value
                 // will exceed it.
                 // get the keccak hash to get the contents of the array
-                mstore(0x0, _preBytes_slot)
+                mstore(0x0, _preBytes.slot)
                 let sc := add(keccak256(0x0, 0x20), div(slength, 32))
 
                 // save new length
-                sstore(_preBytes_slot, add(mul(newlength, 2), 1))
+                sstore(_preBytes.slot, add(mul(newlength, 2), 1))
 
                 // The contents of the _postBytes array start 32 bytes into
                 // the structure. Our first read should obtain the `submod`
@@ -190,12 +190,12 @@ library BytesLib {
             }
             default {
                 // get the keccak hash to get the contents of the array
-                mstore(0x0, _preBytes_slot)
+                mstore(0x0, _preBytes.slot)
                 // Start copying to the last used word of the stored array.
                 let sc := add(keccak256(0x0, 0x20), div(slength, 32))
 
                 // save new length
-                sstore(_preBytes_slot, add(mul(newlength, 2), 1))
+                sstore(_preBytes.slot, add(mul(newlength, 2), 1))
 
                 // Copy over the first `submod` bytes of the new data as in
                 // case 1 above.
@@ -227,14 +227,15 @@ library BytesLib {
 
     function slice(
         bytes memory _bytes,
-        uint _start,
-        uint _length
+        uint256 _start,
+        uint256 _length
     )
         internal
         pure
         returns (bytes memory)
     {
-        require(_bytes.length >= (_start + _length));
+        require(_length + 31 >= _length, "slice_overflow");
+        require(_bytes.length >= _start + _length, "slice_outOfBounds");
 
         bytes memory tempBytes;
 
@@ -282,6 +283,9 @@ library BytesLib {
             //if we want a zero-length slice let's just return a zero-length array
             default {
                 tempBytes := mload(0x40)
+                //zero out the 32 bytes slice we are about to return
+                //we need to do it because Solidity does not garbage collect
+                mstore(tempBytes, 0)
 
                 mstore(0x40, add(tempBytes, 0x20))
             }
@@ -290,8 +294,8 @@ library BytesLib {
         return tempBytes;
     }
 
-    function toAddress(bytes memory _bytes, uint _start) internal  pure returns (address) {
-        require(_bytes.length >= (_start + 20));
+    function toAddress(bytes memory _bytes, uint256 _start) internal pure returns (address) {
+        require(_bytes.length >= _start + 20, "toAddress_outOfBounds");
         address tempAddress;
 
         assembly {
@@ -301,8 +305,8 @@ library BytesLib {
         return tempAddress;
     }
 
-    function toUint8(bytes memory _bytes, uint _start) internal  pure returns (uint8) {
-        require(_bytes.length >= (_start + 1));
+    function toUint8(bytes memory _bytes, uint256 _start) internal pure returns (uint8) {
+        require(_bytes.length >= _start + 1 , "toUint8_outOfBounds");
         uint8 tempUint;
 
         assembly {
@@ -312,8 +316,8 @@ library BytesLib {
         return tempUint;
     }
 
-    function toUint16(bytes memory _bytes, uint _start) internal  pure returns (uint16) {
-        require(_bytes.length >= (_start + 2));
+    function toUint16(bytes memory _bytes, uint256 _start) internal pure returns (uint16) {
+        require(_bytes.length >= _start + 2, "toUint16_outOfBounds");
         uint16 tempUint;
 
         assembly {
@@ -323,8 +327,8 @@ library BytesLib {
         return tempUint;
     }
 
-    function toUint32(bytes memory _bytes, uint _start) internal  pure returns (uint32) {
-        require(_bytes.length >= (_start + 4));
+    function toUint32(bytes memory _bytes, uint256 _start) internal pure returns (uint32) {
+        require(_bytes.length >= _start + 4, "toUint32_outOfBounds");
         uint32 tempUint;
 
         assembly {
@@ -334,8 +338,8 @@ library BytesLib {
         return tempUint;
     }
 
-    function toUint64(bytes memory _bytes, uint _start) internal  pure returns (uint64) {
-        require(_bytes.length >= (_start + 8));
+    function toUint64(bytes memory _bytes, uint256 _start) internal pure returns (uint64) {
+        require(_bytes.length >= _start + 8, "toUint64_outOfBounds");
         uint64 tempUint;
 
         assembly {
@@ -345,8 +349,8 @@ library BytesLib {
         return tempUint;
     }
 
-    function toUint96(bytes memory _bytes, uint _start) internal  pure returns (uint96) {
-        require(_bytes.length >= (_start + 12));
+    function toUint96(bytes memory _bytes, uint256 _start) internal pure returns (uint96) {
+        require(_bytes.length >= _start + 12, "toUint96_outOfBounds");
         uint96 tempUint;
 
         assembly {
@@ -356,8 +360,8 @@ library BytesLib {
         return tempUint;
     }
 
-    function toUint128(bytes memory _bytes, uint _start) internal  pure returns (uint128) {
-        require(_bytes.length >= (_start + 16));
+    function toUint128(bytes memory _bytes, uint256 _start) internal pure returns (uint128) {
+        require(_bytes.length >= _start + 16, "toUint128_outOfBounds");
         uint128 tempUint;
 
         assembly {
@@ -367,8 +371,8 @@ library BytesLib {
         return tempUint;
     }
 
-    function toUint(bytes memory _bytes, uint _start) internal  pure returns (uint256) {
-        require(_bytes.length >= (_start + 32));
+    function toUint256(bytes memory _bytes, uint256 _start) internal pure returns (uint256) {
+        require(_bytes.length >= _start + 32, "toUint256_outOfBounds");
         uint256 tempUint;
 
         assembly {
@@ -378,8 +382,8 @@ library BytesLib {
         return tempUint;
     }
 
-    function toBytes32(bytes memory _bytes, uint _start) internal  pure returns (bytes32) {
-        require(_bytes.length >= (_start + 32));
+    function toBytes32(bytes memory _bytes, uint256 _start) internal pure returns (bytes32) {
+        require(_bytes.length >= _start + 32, "toBytes32_outOfBounds");
         bytes32 tempBytes32;
 
         assembly {
@@ -410,7 +414,7 @@ library BytesLib {
                 for {
                     let cc := add(_postBytes, 0x20)
                 // the next line is the loop condition:
-                // while(uint(mc < end) + cb == 2)
+                // while(uint256(mc < end) + cb == 2)
                 } eq(add(lt(mc, end), cb), 2) {
                     mc := add(mc, 0x20)
                     cc := add(cc, 0x20)
@@ -444,7 +448,7 @@ library BytesLib {
 
         assembly {
             // we know _preBytes_offset is 0
-            let fslot := sload(_preBytes_slot)
+            let fslot := sload(_preBytes.slot)
             // Decode the length of the stored array like in concatStorage().
             let slength := div(and(fslot, sub(mul(0x100, iszero(and(fslot, 1))), 1)), 2)
             let mlength := mload(_postBytes)
@@ -474,14 +478,14 @@ library BytesLib {
                         let cb := 1
 
                         // get the keccak hash to get the contents of the array
-                        mstore(0x0, _preBytes_slot)
+                        mstore(0x0, _preBytes.slot)
                         let sc := keccak256(0x0, 0x20)
 
                         let mc := add(_postBytes, 0x20)
                         let end := add(mc, mlength)
 
                         // the next line is the loop condition:
-                        // while(uint(mc < end) + cb == 2)
+                        // while(uint256(mc < end) + cb == 2)
                         for {} eq(add(lt(mc, end), cb), 2) {
                             sc := add(sc, 1)
                             mc := add(mc, 0x20)

contracts/Migrations.sol

@@ -1,20 +1,21 @@
 // SPDX-License-Identifier: Unlicense
-pragma solidity >=0.5.0 <0.7.0;
+pragma solidity >=0.8.0;
+
 
 
 contract Migrations {
     address public owner;
-    uint public last_completed_migration;
+    uint256 public last_completed_migration;
 
     modifier restricted() {
         if (msg.sender == owner) _;
     }
 
-    constructor () public {
+    constructor () {
         owner = msg.sender;
     }
 
-    function setCompleted(uint completed) public restricted {
+    function setCompleted(uint256 completed) public restricted {
         last_completed_migration = completed;
     }
 

ethpm.json

@@ -1,6 +1,6 @@
 {
   "package_name": "bytes",
-  "version": "0.0.9",
+  "version": "0.8.0",
   "description": "Solidity bytes tightly packed arrays utility library.",
   "authors": [
     "Gonçalo Sá <[email protected]>"