Update StorageAccessible implementation (#290)

rmeissner · web-flow · commit 367aca9ef221 · 2021-03-28T15:18:10.000+02:00
diff --git a/contracts/common/StorageAccessible.sol b/contracts/common/StorageAccessible.sol
@@ -2,7 +2,7 @@
 pragma solidity >=0.7.0 <0.9.0;
 
 /// @title StorageAccessible - generic base contract that allows callers to access all internal storage.
-/// @notice Adjusted version of https://github.com/gnosis/util-contracts/blob/3db1e531cb243a48ea91c60a800d537c1000612a/contracts/StorageAccessible.sol
+/// @notice See https://github.com/gnosis/util-contracts/blob/bb5fe5fb5df6d8400998094fb1b32a178a47c3a1/contracts/StorageAccessible.sol
 contract StorageAccessible {
     /**
      * @dev Reads `length` bytes of storage in the currents contract
@@ -27,22 +27,34 @@ contract StorageAccessible {
 
     /**
      * @dev Performs a delegetecall on a targetContract in the context of self.
-     * Internally reverts execution to avoid side effects (making it static). Returns encoded result as revert message
-     * concatenated with the success flag of the inner call as a last byte.
+     * Internally reverts execution to avoid side effects (making it static).
+     *
+     * This method reverts with data equal to `abi.encode(bool(success), bytes(response))`.
+     * Specifically, the `returndata` after a call to this method will be:
+     * `success:bool || response.length:uint256 || response:bytes`.
+     *
      * @param targetContract Address of the contract containing the code to execute.
      * @param calldataPayload Calldata that should be sent to the target contract (encoded method name and arguments).
      */
-    function simulate(
+    function simulateDelegatecallInternal(
         address targetContract,
-        bytes calldata calldataPayload
-    ) external returns (bytes memory) {
-        (bool success, bytes memory response) = targetContract.delegatecall(
-            calldataPayload
-        );
-        bytes memory responseWithStatus = abi.encodePacked(response, success);
-        // solium-disable-next-line security/no-inline-assembly
+        bytes memory calldataPayload
+    ) external {
+        // solhint-disable-next-line no-inline-assembly
         assembly {
-            revert(add(responseWithStatus, 0x20), mload(responseWithStatus))
+            let success := delegatecall(
+                gas(),
+                targetContract,
+                add(calldataPayload, 0x20),
+                mload(calldataPayload),
+                0,
+                0
+            )
+
+            mstore(0x00, success)
+            mstore(0x20, returndatasize())
+            returndatacopy(0x40, 0, returndatasize())
+            revert(0, add(returndatasize(), 0x40))
         }
     }
 }
diff --git a/contracts/handler/CompatibilityFallbackHandler.sol b/contracts/handler/CompatibilityFallbackHandler.sol
@@ -46,6 +46,7 @@ contract CompatibilityFallbackHandler is DefaultCallbackHandler, ISignatureValid
     * @param _dataHash Hash of the data signed on the behalf of address(msg.sender)
     * @param _signature Signature byte array associated with _dataHash
     * @return a bool upon valid or invalid signature with corresponding _dataHash
+    * @notice See https://github.com/gnosis/util-contracts/blob/bb5fe5fb5df6d8400998094fb1b32a178a47c3a1/contracts/StorageAccessible.sol
     */
     function isValidSignature(bytes32 _dataHash, bytes calldata _signature)
         external
@@ -77,35 +78,59 @@ contract CompatibilityFallbackHandler is DefaultCallbackHandler, ISignatureValid
      * @param calldataPayload Calldata that should be sent to the target contract (encoded method name and arguments).
      */
     function simulateDelegatecall(
-        address targetContract,
-        bytes calldata calldataPayload
-    ) external returns (bytes memory response) {
-        bytes memory innerCall = abi.encodeWithSelector(
-            SIMULATE_SELECTOR,
-            targetContract,
-            calldataPayload
-        );
-        (, response) = address(msg.sender).call(innerCall);
-        bool innerSuccess = response[response.length - 1] == 0x01;
-        setLength(response, response.length - 1);
-        if (innerSuccess) {
-            return response;
-        } else {
-            revertWith(response);
-        }
-    }
-
-    function revertWith(bytes memory response) internal pure {
-        // solium-disable-next-line security/no-inline-assembly
+        address targetContract, // solhint-disable-line no-unused-var
+        bytes calldata calldataPayload // solhint-disable-line no-unused-var
+    ) public returns (bytes memory response) {
+        // solhint-disable-next-line no-inline-assembly
         assembly {
-            revert(add(response, 0x20), mload(response))
-        }
-    }
+            let internalCalldata := mload(0x40)
+            // Store `simulateDelegatecallInternal.selector`.
+            mstore(internalCalldata, "\x43\x21\x8e\x19")
+            // Abuse the fact that both this and the internal methods have the
+            // same signature, and differ only in symbol name (and therefore,
+            // selector) and copy calldata directly. This saves us approximately
+            // 250 bytes of code and 300 gas at runtime over the
+            // `abi.encodeWithSelector` builtin.
+            calldatacopy(
+                add(internalCalldata, 0x04),
+                0x04,
+                sub(calldatasize(), 0x04)
+            )
 
-    function setLength(bytes memory buffer, uint256 length) internal pure {
-        // solium-disable-next-line security/no-inline-assembly
-        assembly {
-            mstore(buffer, length)
+            // `pop` is required here by the compiler, as top level expressions
+            // can't have return values in inline assembly. `call` typically
+            // returns a 0 or 1 value indicated whether or not it reverted, but
+            // since we know it will always revert, we can safely ignore it.
+            pop(call(
+                gas(),
+                // address() has been change to caller() to use the implemtation of the Safe
+                caller(),
+                0,
+                internalCalldata,
+                calldatasize(),
+                // The `simulateDelegatecallInternal` call always reverts, and
+                // instead encodes whether or not it was successful in the return
+                // data. The first 32-byte word of the return data contains the
+                // `success` value, so write it to memory address 0x00 (which is
+                // reserved Solidity scratch space and OK to use).
+                0x00,
+                0x20
+            ))
+
+
+            // Allocate and copy the response bytes, making sure to increment
+            // the free memory pointer accordingly (in case this method is
+            // called as an internal function). The remaining `returndata[0x20:]`
+            // contains the ABI encoded response bytes, so we can just write it
+            // as is to memory.
+            let responseSize := sub(returndatasize(), 0x20)
+            response := mload(0x40)
+            mstore(0x40, add(response, responseSize))
+            returndatacopy(response, 0x20, responseSize)
+
+            if iszero(mload(0x00)) {
+                revert(add(response, 0x20), mload(response))
+            }
         }
     }
 }
diff --git a/test/core/GnosisSafe.StorageAccessible.spec.ts b/test/core/GnosisSafe.StorageAccessible.spec.ts
@@ -40,26 +40,26 @@ describe("StorageAccessible", async () => {
         })
     })
 
-    describe("simulate", async () => {
+    describe("simulateDelegatecallInternal", async () => {
 
         it('should revert changes', async () => {
             const { safe, killLib } = await setupTests()
             await expect(
-                safe.callStatic.simulate(killLib.address, killLib.interface.encodeFunctionData("killme"))
+                safe.callStatic.simulateDelegatecallInternal(killLib.address, killLib.interface.encodeFunctionData("killme"))
             ).to.be.reverted
         })
 
         it('should revert the revert with message', async () => {
             const { safe, killLib } = await setupTests()
             await expect(
-                safe.callStatic.simulate(killLib.address, killLib.interface.encodeFunctionData("trever"))
-            ).to.revertedWith("Why are you doing this?")
+                safe.callStatic.simulateDelegatecallInternal(killLib.address, killLib.interface.encodeFunctionData("trever"))
+            ).to.be.reverted
         })
 
         it('should return estimate in revert', async () => {
             const { safe, killLib } = await setupTests()
             await expect(
-                safe.callStatic.simulate(killLib.address, killLib.interface.encodeFunctionData("estimate", [safe.address, "0x"]))
+                safe.callStatic.simulateDelegatecallInternal(killLib.address, killLib.interface.encodeFunctionData("estimate", [safe.address, "0x"]))
             ).to.be.reverted
         })
     })
