(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[4809],{54701:function(e,t,n){(window.__NEXT_P=window.__NEXT_P||[]).push(["/retrospectives/2024-04-17-storeread-getdynamicfieldlength-bug",function(){return n(41208)}])},73307:function(e,t,n){"use strict";n.d(t,{Z:function(){return i}});var r=n(7505),a=n(11689);let d={logo:function(){return(0,r.jsxs)("div",{style:{display:"flex",alignItems:"center",gap:"0.25em",fontSize:"32px",fontFamily:"PP Supply Mono",textTransform:"uppercase"},children:[(0,r.jsx)("img",{src:"/images/logos/mud-white.svg",style:{height:"calc(var(--nextra-navbar-height) - 35px)"},alt:"MUD logo"}),"MUD"]})},useNextSeoProps(){let{asPath:e}=(0,a.useRouter)();return{titleTemplate:"/"===e?"MUD – a framework for ambitious Ethereum applications":"%s – MUD"}},project:{link:"https://github.com/latticexyz/mud"},docsRepositoryBase:"https://github.com/latticexyz/mud/tree/main/docs",head:(0,r.jsx)(r.Fragment,{children:(0,r.jsx)("meta",{property:"title",content:"MUD documentation"})}),darkMode:!1,nextThemes:{defaultTheme:"dark"},footer:{text:"MIT 2023 \xa9 MUD"},primaryHue:28,sidebar:{defaultMenuCollapseLevel:1}};var i=d},41208:function(e,t,n){"use strict";n.r(t),n.d(t,{default:function(){return g}});var r=n(7505),a=n(42585),d=n(38288),i=n(73307);n(54693);var o=n(26736),s=n(98823),l=n.n(s),c={src:"/_next/static/media/2024-04-17-discovery.a54ae107.png",height:1408,width:1840,blurDataURL:"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAAGCAMAAADJ2y/JAAAABlBMVEUxMzg8PkJNOVjqAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAHUlEQVR4nGNgBAEGBgYGMAPEgtAQFkgCIgRjgGkAA1sAGeuDAIQAAAAASUVORK5CYII=",blurWidth:8,blurHeight:6};let u={MDXContent:function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},{wrapper:t}=Object.assign({},(0,o.ah)(),e.components);return t?(0,r.jsx)(t,{...e,children:(0,r.jsx)(m,{...e})}):m(e)},pageOpts:{filePath:"pages/retrospectives/2024-04-17-storeread-getdynamicfieldlength-bug.md",route:"/retrospectives/2024-04-17-storeread-getdynamicfieldlength-bug",headings:[{depth:1,value:"StoreRead.getDynamicFieldLength bug",id:"storereadgetdynamicfieldlength-bug"},{depth:2,value:"Summary",id:"summary"},{depth:2,value:"Details",id:"details"},{depth:2,value:"Patch",id:"patch"},{depth:2,value:"How the bug was discovered",id:"how-the-bug-was-discovered"}],pageMap:[{kind:"Meta",data:{introduction:{title:"What is MUD?",theme:{breadcrumb:!1}},quickstart:{title:"Get started",theme:{breadcrumb:!1}},protocol:{title:"Protocol",type:"separator"},store:"Store",world:"World",framework:{title:"Framework",type:"separator"},config:"Config",cli:"CLI","state-query":"State Query",services:"Services","---":{title:"",type:"separator"},guides:"Guides",templates:"Templates",contribute:{title:"Contribute",theme:{breadcrumb:!1}},changelog:"Changelog",retrospectives:"Retrospectives",audits:"Audits",version:{title:"2.1.0",type:"menu",items:{changelog:{title:"Changelog",href:"/changelog"},contribute:{title:"Contribute",href:"/contribute"}}},status:{title:"Status",type:"page",href:"https://status.mud.dev",newWindow:!0},community:{title:"Community",type:"page",href:"https://community.mud.dev",newWindow:!0},twitter:{title:"Twitter",type:"page",href:"https://twitter.com/latticexyz",newWindow:!0},discord:{title:"Discord",type:"page",href:"https://lattice.xyz/discord",newWindow:!0}}},{kind:"Folder",name:"audits",route:"/audits",children:[{kind:"MdxPage",name:"2024-02-11-open-zeppelin",route:"/audits/2024-02-11-open-zeppelin"},{kind:"Meta",data:{"2024-02-11-open-zeppelin":"2024-02-11 OpenZeppelin",pdf:{display:"hidden"},icons:{display:"hidden"}}}]},{kind:"MdxPage",name:"changelog",route:"/changelog"},{kind:"Folder",name:"cli",route:"/cli",children:[{kind:"Meta",data:{tablegen:"mud tablegen",worldgen:"mud worldgen",test:"mud test",deploy:"mud deploy",verify:"mud verify","dev-contracts":"mud dev-contracts","abi-ts":"mud abi-ts","set-version":"mud set-version"}},{kind:"MdxPage",name:"abi-ts",route:"/cli/abi-ts"},{kind:"MdxPage",name:"deploy",route:"/cli/deploy"},{kind:"MdxPage",name:"dev-contracts",route:"/cli/dev-contracts"},{kind:"MdxPage",name:"set-version",route:"/cli/set-version"},{kind:"MdxPage",name:"tablegen",route:"/cli/tablegen"},{kind:"MdxPage",name:"test",route:"/cli/test"},{kind:"MdxPage",name:"verify",route:"/cli/verify"},{kind:"MdxPage",name:"worldgen",route:"/cli/worldgen"}]},{kind:"Folder",name:"config",route:"/config",children:[{kind:"MdxPage",name:"reference",route:"/config/reference"},{kind:"Meta",data:{reference:"Reference"}}]},{kind:"MdxPage",name:"config",route:"/config"},{kind:"MdxPage",name:"contribute",route:"/contribute"},{kind:"Folder",name:"guides",route:"/guides",children:[{kind:"Meta",data:{"replicating-onchain-state":"Replicating onchain state","hello-world":"Hello World","extending-a-world":"Extending a World","adding-delegation":"Adding Delegation",emojimon:"Emojimon",testing:"Testing","best-practices":"Best Practices"}},{kind:"MdxPage",name:"adding-delegation",route:"/guides/adding-delegation"},{kind:"Folder",name:"best-practices",route:"/guides/best-practices",children:[{kind:"Meta",data:{"system-best-practices":"System Best Practices","deployment-settings":"Recommended Deployment Settings",kms:"Deploy production worlds using AWS KMS"}},{kind:"MdxPage",name:"deployment-settings",route:"/guides/best-practices/deployment-settings"},{kind:"MdxPage",name:"kms",route:"/guides/best-practices/kms"},{kind:"MdxPage",name:"system-best-practices",route:"/guides/best-practices/system-best-practices"}]},{kind:"Folder",name:"emojimon",route:"/guides/emojimon",children:[{kind:"MdxPage",name:"1-preface-the-ecs-model",route:"/guides/emojimon/1-preface-the-ecs-model"},{kind:"MdxPage",name:"2-getting-started",route:"/guides/emojimon/2-getting-started"},{kind:"MdxPage",name:"3-players-and-movement",route:"/guides/emojimon/3-players-and-movement"},{kind:"MdxPage",name:"4-map-and-terrain",route:"/guides/emojimon/4-map-and-terrain"},{kind:"MdxPage",name:"5-a-wild-emojimon-appears",route:"/guides/emojimon/5-a-wild-emojimon-appears"},{kind:"MdxPage",name:"6-advanced",route:"/guides/emojimon/6-advanced"},{kind:"Meta",data:{"1-preface-the-ecs-model":"Preface: the ECS model","2-getting-started":"Getting started","3-players-and-movement":"Players and movement","4-map-and-terrain":"Map and terrain","5-a-wild-emojimon-appears":"A wild Emojimon appears","6-advanced":"Advanced features"}}]},{kind:"MdxPage",name:"emojimon",route:"/guides/emojimon"},{kind:"Folder",name:"extending-a-world",route:"/guides/extending-a-world",children:[{kind:"Meta",data:{index:"Extending a World Permissionlessly"}},{kind:"MdxPage",name:"index",route:"/guides/extending-a-world"}]},{kind:"Folder",name:"hello-world",route:"/guides/hello-world",children:[{kind:"Meta",data:{"add-table":"Add a table","filter-sync":"Filter data synchronization","add-system":"Add a system",deploy:{title:"Deploy to a blockchain",href:"/cli/deploy"}}},{kind:"MdxPage",name:"add-system",route:"/guides/hello-world/add-system"},{kind:"MdxPage",name:"add-table",route:"/guides/hello-world/add-table"},{kind:"MdxPage",name:"filter-sync",route:"/guides/hello-world/filter-sync"}]},{kind:"MdxPage",name:"hello-world",route:"/guides/hello-world"},{kind:"MdxPage",name:"replicating-onchain-state",route:"/guides/replicating-onchain-state"},{kind:"MdxPage",name:"testing",route:"/guides/testing"}]},{kind:"MdxPage",name:"introduction",route:"/introduction"},{kind:"MdxPage",name:"quickstart",route:"/quickstart"},{kind:"Folder",name:"retrospectives",route:"/retrospectives",children:[{kind:"MdxPage",name:"2023-09-12-register-system-vulnerability",route:"/retrospectives/2023-09-12-register-system-vulnerability"},{kind:"MdxPage",name:"2024-04-17-storeread-getdynamicfieldlength-bug",route:"/retrospectives/2024-04-17-storeread-getdynamicfieldlength-bug"},{kind:"Meta",data:{"2024-04-17-storeread-getdynamicfieldlength-bug":"2024-04-17 StoreRead.getDynamicFieldLength bug","2023-09-12-register-system-vulnerability":"2023-09-12 registerSystem vulnerability"}}]},{kind:"Folder",name:"services",route:"/services",children:[{kind:"Meta",data:{indexer:"Indexer",faucet:"Faucet"}},{kind:"MdxPage",name:"faucet",route:"/services/faucet"},{kind:"MdxPage",name:"indexer",route:"/services/indexer"}]},{kind:"Folder",name:"state-query",route:"/state-query",children:[{kind:"Meta",data:{typescript:"TypeScript"}},{kind:"Folder",name:"typescript",route:"/state-query/typescript",children:[{kind:"Meta",data:{recs:"RECS",zustand:"Zustand"}},{kind:"MdxPage",name:"recs",route:"/state-query/typescript/recs"},{kind:"MdxPage",name:"zustand",route:"/state-query/typescript/zustand"}]}]},{kind:"Folder",name:"store",route:"/store",children:[{kind:"Meta",data:{introduction:"Introduction","data-model":"Data model",tables:"Tables","table-libraries":"Table libraries",encoding:"Encoding","store-hooks":"Store hooks",reference:"Reference"}},{kind:"MdxPage",name:"data-model",route:"/store/data-model"},{kind:"MdxPage",name:"encoding",route:"/store/encoding"},{kind:"MdxPage",name:"introduction",route:"/store/introduction"},{kind:"Folder",name:"reference",route:"/store/reference",children:[{kind:"Meta",data:{"store-core":"StoreCore (internal)",store:"IStore (external)","store-hook":"StoreHook",misc:"Miscellaneous"}},{kind:"MdxPage",name:"misc",route:"/store/reference/misc"},{kind:"MdxPage",name:"store-core",route:"/store/reference/store-core"},{kind:"MdxPage",name:"store-hook",route:"/store/reference/store-hook"},{kind:"MdxPage",name:"store",route:"/store/reference/store"}]},{kind:"MdxPage",name:"store-hooks",route:"/store/store-hooks"},{kind:"MdxPage",name:"table-libraries",route:"/store/table-libraries"},{kind:"MdxPage",name:"tables",route:"/store/tables"}]},{kind:"Folder",name:"templates",route:"/templates",children:[{kind:"Meta",data:{typescript:"TypeScript",godot:"Godot",pwa:"Progressive Web App (for mobile)",swift:"Swift",svelte:"Svelte",unity:"Unity"}},{kind:"MdxPage",name:"godot",route:"/templates/godot"},{kind:"MdxPage",name:"pwa",route:"/templates/pwa"},{kind:"MdxPage",name:"svelte",route:"/templates/svelte"},{kind:"MdxPage",name:"swift",route:"/templates/swift"},{kind:"Folder",name:"typescript",route:"/templates/typescript",children:[{kind:"Meta",data:{contracts:"Contracts",vanilla:"Vanilla","react-ecs":"React-ECS",threejs:"Three.js",vue:"Vue"}},{kind:"MdxPage",name:"contracts",route:"/templates/typescript/contracts"},{kind:"MdxPage",name:"react-ecs",route:"/templates/typescript/react-ecs"},{kind:"MdxPage",name:"threejs",route:"/templates/typescript/threejs"},{kind:"MdxPage",name:"vanilla",route:"/templates/typescript/vanilla"},{kind:"MdxPage",name:"vue",route:"/templates/typescript/vue"}]},{kind:"MdxPage",name:"unity",route:"/templates/unity"}]},{kind:"Folder",name:"world",route:"/world",children:[{kind:"Meta",data:{introduction:"Introduction","resource-ids":"Resource Identifiers","namespaces-access-control":"Namespaces & Access Control",tables:"Tables",systems:"Systems","system-hooks":"System Hooks","function-selectors":"Function Selectors",balance:"Balance","account-delegation":"Account Delegation","batch-calls":"Batch Calls",upgrades:"Upgrading",modules:"Modules",reference:"Reference"}},{kind:"MdxPage",name:"account-delegation",route:"/world/account-delegation"},{kind:"MdxPage",name:"balance",route:"/world/balance"},{kind:"MdxPage",name:"batch-calls",route:"/world/batch-calls"},{kind:"MdxPage",name:"function-selectors",route:"/world/function-selectors"},{kind:"MdxPage",name:"introduction",route:"/world/introduction"},{kind:"Folder",name:"modules",route:"/world/modules",children:[{kind:"Meta",data:{keyswithvalue:"Keys with Value"}},{kind:"MdxPage",name:"keyswithvalue",route:"/world/modules/keyswithvalue"}]},{kind:"MdxPage",name:"modules",route:"/world/modules"},{kind:"MdxPage",name:"namespaces-access-control",route:"/world/namespaces-access-control"},{kind:"Folder",name:"reference",route:"/world/reference",children:[{kind:"Meta",data:{"delegation-external":"Delegation (interface)",module:"Modules","module-external":"Modules (interface)",system:"Systems","system-external":"Systems (interface)",world:"World","world-external":"World (interfaces)","world-context":"World context","world-context-external":"World context (interface)","resource-ids":"Resource IDs",misc:"Miscellaneous",internal:"Internals"}},{kind:"MdxPage",name:"delegation-external",route:"/world/reference/delegation-external"},{kind:"Folder",name:"internal",route:"/world/reference/internal",children:[{kind:"Meta",data:{"access-control":"Access Control",create:"Create2",delegation:"Delegation",erc165:"ERC165","erc165-external":"ERC165 (interface)","init-module":"Init Module","init-module-implementation":"Init Module Implementation",systemcall:"SystemCall"}},{kind:"MdxPage",name:"access-control",route:"/world/reference/internal/access-control"},{kind:"MdxPage",name:"create",route:"/world/reference/internal/create"},{kind:"MdxPage",name:"delegation",route:"/world/reference/internal/delegation"},{kind:"MdxPage",name:"erc165-external",route:"/world/reference/internal/erc165-external"},{kind:"MdxPage",name:"erc165",route:"/world/reference/internal/erc165"},{kind:"MdxPage",name:"init-module-implementation",route:"/world/reference/internal/init-module-implementation"},{kind:"MdxPage",name:"init-module",route:"/world/reference/internal/init-module"},{kind:"MdxPage",name:"systemcall",route:"/world/reference/internal/systemcall"}]},{kind:"MdxPage",name:"misc",route:"/world/reference/misc"},{kind:"MdxPage",name:"module-external",route:"/world/reference/module-external"},{kind:"MdxPage",name:"module",route:"/world/reference/module"},{kind:"MdxPage",name:"resource-ids",route:"/world/reference/resource-ids"},{kind:"MdxPage",name:"system-external",route:"/world/reference/system-external"},{kind:"MdxPage",name:"system",route:"/world/reference/system"},{kind:"MdxPage",name:"world-context-external",route:"/world/reference/world-context-external"},{kind:"MdxPage",name:"world-context",route:"/world/reference/world-context"},{kind:"MdxPage",name:"world-external",route:"/world/reference/world-external"},{kind:"MdxPage",name:"world",route:"/world/reference/world"}]},{kind:"MdxPage",name:"resource-ids",route:"/world/resource-ids"},{kind:"MdxPage",name:"system-hooks",route:"/world/system-hooks"},{kind:"MdxPage",name:"systems",route:"/world/systems"},{kind:"MdxPage",name:"tables",route:"/world/tables"},{kind:"MdxPage",name:"upgrades",route:"/world/upgrades"}]}],flexsearch:{codeblocks:!0},title:"StoreRead.getDynamicFieldLength bug"},pageNextRoute:"/retrospectives/2024-04-17-storeread-getdynamicfieldlength-bug",nextraLayout:d.ZP,themeConfig:i.Z};function m(e){let t=Object.assign({h1:"h1",h2:"h2",p:"p",a:"a",code:"code"},(0,o.ah)(),e.components);return(0,r.jsxs)(r.Fragment,{children:[(0,r.jsx)(t.h1,{children:"StoreRead.getDynamicFieldLength bug"}),"\n",(0,r.jsx)(t.h2,{id:"summary",children:"Summary"}),"\n",(0,r.jsxs)(t.p,{children:["Today (April 17th, 2024) we discovered a bug in ",(0,r.jsx)(t.a,{href:"https://github.com/latticexyz/mud/blob/main/packages/store/src/StoreRead.sol#L176-L189",children:(0,r.jsx)(t.code,{children:"StoreRead.getDynamicFieldLength"})}),", that caused it to return invalid data for external reads to tables with both static and dynamic fields."]}),"\n",(0,r.jsxs)(t.p,{children:["There is no known exploit/vulnerability related to this bug, but we recommend upgrading to ",(0,r.jsx)(t.code,{children:"2.0.6"})," for the correct behaviour."]}),"\n",(0,r.jsx)(t.h2,{id:"details",children:"Details"}),"\n",(0,r.jsxs)(t.p,{children:["Previously ",(0,r.jsx)(t.a,{href:"https://github.com/latticexyz/mud/blob/main/packages/store/src/StoreRead.sol#L176-L189",children:(0,r.jsx)(t.code,{children:"StoreRead.getDynamicFieldLength"})})," incorrectly read from ",(0,r.jsx)(t.a,{href:"https://github.com/latticexyz/mud/blob/main/packages/store/src/StoreCore.sol#L850-L887",children:(0,r.jsx)(t.code,{children:"StoreCore.getFieldLength"})}),", which expected a ",(0,r.jsx)(t.code,{children:"fieldIndex"})," instead of a ",(0,r.jsx)(t.code,{children:"dynamicFieldIndex"}),", and thereby returned an invalid result if the table had both static and dynamic fields (in which case ",(0,r.jsx)(t.code,{children:"fieldIndex ≠ dynamicFieldIndex"}),")."]}),"\n",(0,r.jsxs)(t.p,{children:["For tables with no static fields, this function has the same behaviour as ",(0,r.jsx)(t.a,{href:"https://github.com/latticexyz/mud/blob/main/packages/store/src/StoreCore.sol#L889-L903",children:(0,r.jsx)(t.code,{children:"StoreCore.getDynamicFieldLength"})})," as the field and dynamic field indices are equal."]}),"\n",(0,r.jsxs)(t.p,{children:[(0,r.jsx)(t.a,{href:"https://github.com/latticexyz/mud/blob/main/packages/store/src/StoreRead.sol",children:(0,r.jsx)(t.code,{children:"StoreRead"})})," is used for external reads from the ",(0,r.jsx)(t.code,{children:"Store"}),"/",(0,r.jsx)(t.code,{children:"World"})," contract, so this bug only materialized in external table reads (ie from ",(0,r.jsx)(t.code,{children:"System"}),"s outside the root namespace) of the dynamic length of a field in a table with both static and dynamic fields."]}),"\n",(0,r.jsx)(t.h2,{id:"patch",children:"Patch"}),"\n",(0,r.jsxs)(t.p,{children:["The bug was fixed by changing ",(0,r.jsx)(t.code,{children:"StoreRead.getDynamicFieldLength"})," to call ",(0,r.jsx)(t.code,{children:"StoreCore.getDynamicFieldLength"})," instead of ",(0,r.jsx)(t.code,{children:"StoreCore.getFieldLength"}),". The patch was released in ",(0,r.jsx)(t.a,{href:"https://www.npmjs.com/package/@latticexyz/store/v/2.0.6",children:(0,r.jsx)(t.code,{children:"@latticexyz/store@2.0.6"})})," and ",(0,r.jsx)(t.a,{href:"https://www.npmjs.com/package/@latticexyz/world/v/2.0.6",children:(0,r.jsx)(t.code,{children:"@latticexyz/world@2.0.6"})}),". The protocol version was incremented to ",(0,r.jsx)(t.a,{href:"https://github.com/latticexyz/mud/blob/main/packages/world/src/version.sol",children:(0,r.jsx)(t.code,{children:"2.0.1"})}),"."]}),"\n",(0,r.jsxs)(t.p,{children:["You can see the fix in ",(0,r.jsx)(t.a,{href:"https://github.com/latticexyz/mud/pull/2680",children:"PR #2680"}),"."]}),"\n",(0,r.jsx)(t.h2,{id:"how-the-bug-was-discovered",children:"How the bug was discovered"}),"\n",(0,r.jsx)(t.p,{children:(0,r.jsx)(l(),{alt:"Screen capture from Discord of how it was discovered",placeholder:"blur",src:c})}),"\n",(0,r.jsxs)(t.p,{children:["Marcineq from Minters raised that they were getting incorrect values from the ",(0,r.jsx)(t.code,{children:"getItem"})," method for static arrays."]}),"\n",(0,r.jsxs)(t.p,{children:["We found we could only replicate the issue with an end-to-end example project, using ",(0,r.jsx)(t.code,{children:"MudTest"})," and the Typescript deployer. Conversely, tests in our internal testing setup, with Forge ",(0,r.jsx)(t.code,{children:"Test"})," and ",(0,r.jsx)(t.code,{children:"StoreMock"}),", returned all the correct values."]}),"\n",(0,r.jsxs)(t.p,{children:["Upon further investigation, we found that ",(0,r.jsx)(t.code,{children:"StoreSwitch.getDynamicFieldLength"})," was returning incorrect values for tables with both static and dynamic fields, causing the issue with ",(0,r.jsx)(t.code,{children:"getItem"}),". Given that our internal tests used ",(0,r.jsx)(t.code,{children:"StoreCore"})," directly with ",(0,r.jsx)(t.code,{children:"StoreMock"}),", it was determined that ",(0,r.jsx)(t.code,{children:"StoreRead"})," was the source of the issue."]}),"\n",(0,r.jsxs)(t.p,{children:["Looking at ",(0,r.jsx)(t.code,{children:"StoreRead.getDynamicFieldLength"}),", we found that it was incorrectly using ",(0,r.jsx)(t.code,{children:"StoreCore.getFieldLength"})," instead of ",(0,r.jsx)(t.code,{children:"StoreCore.getDynamicFieldLength"}),"."]})]})}var g=(0,a.j)(u)}},function(e){e.O(0,[3720,2888,179],function(){return e(e.s=54701)}),_N_E=e.O()}]);