Solidity Storage-Pointer – Using Storage in Constructor Allows Contract to Access Previously Allocated Slot

soliditystorage-pointer

Contract 1: donation timestamp and etherAmount are allocated 2nd and 3rd slots when donation struct is declared outside the constructor.

pragma solidity ^0.4.21;

contract DonationChallenge {
    struct Donation {
        uint256 timestamp;
        uint256 etherAmount;
    }
    // Slot 0
    Donation[] public donations;

    // Slot 1
    address public owner;

    Donation donation;
        
    function DonationChallenge() public payable {       
        owner = msg.sender;
        donation.timestamp = now;
        donation.etherAmount = 10;
        
    }
}

Contract 2: The donation struct is declared inside the constructor.
Now, timestamp and etherAmount are allocated 0th and 1st slot.

contract DonationChallenge {
    struct Donation {
        uint256 timestamp;
        uint256 etherAmount;
    }
    Donation[] public donations;

    address public owner;
        
    function DonationChallenge() public payable {       
        owner = msg.sender;
    
        Donation donation;
    
        donation.timestamp = now;
        donation.etherAmount = 10;
        
    }
}

What is the reason for this change (Slot 2 and 3 in first case & Slot 0 and 1 in the second) when I declare the struct outside vs inside the constructor?
Solidity gives a warning in this case, but I am trying to understand the reason for this behaviour.

Best Answer

First of all you are using a very old version of solidity, that behavior is no longer allowed since solidity 0.5.0 :

Uninitialized storage variables are now disallowed.

In your code Donation donation; is an uninitalized storage variable, now it would be more something like Donation storage donation;.

Anyway, a storage variable is quite simple : it's value is actually the storage slot to which it is refering to : from 0 to 2^256 in a format similar to uint256, the way it is used internally by the compiler is only a matter of how to interpret what it is pointing to.

The real problem is that the default value is the zero value.. so an uninitialized storage variable is essentially pointing to storage slot 0 by default and given your structure layout, donation.timestamp is written to slot 0 while donation.etherAmount is written to slot 1.

This could either overwrite existing data (like you did to both donations and owner) with invalid ones or worse, provide a way for attackers to overwrite your owner slot with the address / value of their choice, simply because you relied on an undefined behavior : using an uninitialized storage variable.

So don't do that, and use a more recent / more secure version of solidity such as 0.5.0+ that won't allow you to write such code.

I hope that answers your question.

Related Solutions

Solidity – How to Call Array Variable in Web Application

You can get dynamic array like this : uint256[] public machineList by creating a contract getter function.

function getMachineList () external returns (uint256[]){
return machineList
}

note the external modifier i added, in this kind of functions where you are returning a dynamically sized array the external modifier is mandatory. it also makes the function only callable from the exterior of the contract which is exactly what we want here.

An other thing is that you are using truffle to call contract functions. When using truffle you need to call a promise (or a callback) after the name of the function :

AssetContract.deployed().then(function (contractInstance) {

  contractInstance.getMachineList.
  call(**arguments if any**,{ from:**address**, gas: 300000 }).then(
    data => {
      var MachineList = data;
      alert(MachineList);
    }
  )

})

Note: whenu sing truffle you add the .call() if you are just calling functions that read and return variables as if it will not alter state variables (change/add existing/new value).

Solidity – How to Push a Struct into a Mapping of Structs

Try replacing this line:

donations[_recipient].push(Donation(id++,amount,_donor,_msg,block.timestamp));

with this with this line:

donations[_recipient] = Donation(id++,amount,_donor,_msg,block.timestamp);

The square bracket syntax already identifies the key that you wish to set the new value of in the mapping.

The above answers your question about a mapping of structs, however, I notice that you also have an array of the same struct.

Donation[] public donation;

Note that the above suggestion will not add the struct to this array as well.

If that is the intent (where you wish to maintain both a mapping and an array), I suggest you name these variables dontationsMap and donationsList instead... and then replace the same line above with:

donationsMap[_recipient] = Donation(id++,amount,_donor,_msg,block.timestamp);
donationsList.push(Donation(id++,amount,_donor,_msg,block.timestamp));

(this is where you'd actually want to use .push())

Best Answer

Related Solutions

Solidity – How to Call Array Variable in Web Application

Solidity – How to Push a Struct into a Mapping of Structs

Related Topic