Judge has assessed an item in Issue #298 as 2 risk. The relevant finding follows:
If the len is not set to input.length minus the offset, there may be unpredictable results due how the algorithm works.
Let’s consider the following three inputs that will be parsed by the readKeyValue with an offset of zero:
The first input will be correctly and integrally parsed for any len that goes past the equal sign (len >= 4) because terminator is first set to type(uint256).max, then to input.length.
The second input will be correctly parsed only if the len is equal to the input.length (8), because otherwise the terminator is not found, and the value is retrieved by substring(input, offset:3 + 1, len:8 - 3 - 1) causing the value to be 0x62626220 instead of 0x626262.
The third input suffers the same problems as the first and second.
n/a
Either remove the len parameter and calculate it internally as len = input.length - offset, or update the algorithm to be more robust.
The text was updated successfully, but these errors were encountered:
All reactions