Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: anvil_setStorageAt #9743

Open
2 tasks done
adraffy opened this issue Jan 23, 2025 · 2 comments
Open
2 tasks done

bug: anvil_setStorageAt #9743

adraffy opened this issue Jan 23, 2025 · 2 comments
Labels
C-anvil Command: anvil T-bug Type: bug T-to-investigate Type: to investigate

Comments

@adraffy
Copy link

adraffy commented Jan 23, 2025
edited
Loading

Component

Anvil

Have you ensured that all of these are up to date?

  • Foundry
  • Foundryup

What version of Foundry are you on?

forge 0.3.0 (5a8bd89 2024-12-20T08:45:54.170904000Z)

What version of Foundryup are you on?

foundryup: 0.3.1

What command(s) is the bug in?

No response

Operating System

macOS (Intel)

Describe the bug

  1. Fork mainnet: anvil --fork-url https://rpc.ankr.com/eth

  2. Compute storage slot for ENS records[node].resolver

    • node = 0x53a2e7cce84726721578c676b4798972d354dd7c62c832415371716693edd312
    • SLOT(records) = 0
    • SLOT(records[node]) = 0x9f19e10bccde41c24f53ff4dbf7bb5ee2063896e54351d7230ecd1f7e361cb73
      • cast index bytes32 0x53a2e7cce84726721578c676b4798972d354dd7c62c832415371716693edd312 0
    • SLOT(records[node].resolver) =0x9f19e10bccde41c24f53ff4dbf7bb5ee2063896e54351d7230ecd1f7e361cb74
      • slot + 1

  3. Replace resolver with 0x1

    • cast rpc anvil_setStorageAt 0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e 0x9f19e10bccde41c24f53ff4dbf7bb5ee2063896e54351d7230ecd1f7e361cb74 0x0000000000000000000000000000000000000000000000000000000000000001

  4. Query ENS.resolver(node)

    • cast call 0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e "resolver(bytes32)" 0x53a2e7cce84726721578c676b4798972d354dd7c62c832415371716693edd312

  5. Answer is 0x0 but Expected 0x1

Not sure why this fails? Some kind of off-by-one bug?

For example, here is the same code for raffy.eth

  1. (same as 3 but different node) cast rpc anvil_setStorageAt 0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e 0x0bfdc7d18a681d5f09834ebfaa1611fe18af3c4a6f4f1a276c3a0734c4885e62 0x0000000000000000000000000000000000000000000000000000000000000001
  2. (same as 4 but different node) cast call 0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e "resolver(bytes32)" 0x9c8b7ac505c9f0161bbbd04437fce8c630a0886e1ffea00078e298f063a8a5df
  3. Answer is 0x1

If I set the slot before it (0x9f19e10bccde41c24f53ff4dbf7bb5ee2063896e54351d7230ecd1f7e361cb73) which corresponds to the owner field, then the code above works.

  1. set previous slot: cast rpc anvil_setStorageAt 0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e 0x9f19e10bccde41c24f53ff4dbf7bb5ee2063896e54351d7230ecd1f7e361cb73 0x0000000000000000000000000000000000000000000000000000000000000001
  2. (same as 3 above) cast rpc anvil_setStorageAt 0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e 0x9f19e10bccde41c24f53ff4dbf7bb5ee2063896e54351d7230ecd1f7e361cb74 0x0000000000000000000000000000000000000000000000000000000000000001
  3. (same as 4 above) cast call 0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e "resolver(bytes32)" 0x53a2e7cce84726721578c676b4798972d354dd7c62c832415371716693edd312
  4. Answer is 0x1
@adraffy adraffy added T-bug Type: bug T-needs-triage Type: this issue needs to be labelled labels Jan 23, 2025
@github-project-automation github-project-automation bot moved this to Todo in Foundry Jan 23, 2025
@adraffy
Copy link
Author

adraffy commented Jan 23, 2025

For reference: ENS

contract ENSRegistry {
    struct Record {
        address owner;
        address resolver; // offset = 1
        uint64 ttl;
    }
    mapping (bytes32 => Record) records; // slot = 0   
    function resolver(bytes32 node) public view returns (address) {
         return records[node].resolver;
    }
}

@yash-atreya yash-atreya added C-anvil Command: anvil T-to-investigate Type: to investigate and removed T-needs-triage Type: this issue needs to be labelled labels Jan 23, 2025
@yash-atreya
Copy link
Member

Able to reproduce. Investigating.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-anvil Command: anvil T-bug Type: bug T-to-investigate Type: to investigate
Projects
Foundry
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adraffy @yash-atreya