Mitigating the Array Parameter Location Vulnerability in Solidity Smart Contracts

3 min readDec 8, 2023

Introduction

Security is paramount in the Web3 landscape, and vulnerabilities can have significant consequences. The Array Parameter Location vulnerability is a considerable threat among the various vulnerabilities that can compromise smart contracts. This vulnerability stems from the ambiguity in specifying the location of arrays passed as function parameters in early versions of Solidity.

This article will delve into the Array Parameter Location vulnerability, specifically affecting Ethereum smart contracts with Solidity versions earlier than 0.5.0. We’ll explore what this vulnerability entails, its potential risks, and, most importantly, how to fix it.

Understanding the Array Parameter Location Vulnerability

Ethereum smart contracts utilize arrays to store and manage collections of data. These arrays can reside in either storage or memory. Storage arrays are persistent and remain accessible throughout the contract’s existence, while memory arrays are temporary and only exist during function execution. The vulnerability arises when arrays passed as function parameters lack a location keyword, defaulting them to memory. This can lead to unexpected behavior, mainly when functions are intended to modify the state of the contract.

Example Vulnerable Code

Consider the AmbiguousArrayLocation contract, allowing an owner to manage contract administrators. The vulnerability lies in the clearArraySlot() function, where the array parameter is not explicitly defined with a location keyword.

In the provided example, the AmbiguousArrayLocation contract empowers an owner to designate up to three contract administrators using the contractAdmins array, which is stored in the contract’s storage. The addAdmin function facilitates the owner in appending an administrator to the array. In contrast, the removeAdminBySlot function enables the owner to eliminate an administrator by specifying the array index for clearing. Internally, the updateAdmin function handles array updates, and the clearArraySlot function deals with clearing a designated array slot.

However, a potential vulnerability is identified in the clearArraySlot() function declaration. Although the updateAdmin() function appropriately designates the _admins array parameter as a storage array, the clearArraySlot() function lacks a location keyword. In this context, the absence of a location keyword implies that the function defaults to memory. Consequently, the administrator’s address must be effectively erased from the contract’s state. This oversight allows an admin, whose privileges should have been revoked, to execute functions exclusively restricted to administrators within the contract.

Technical example of how to fix the vulnerability

In the rectified StorageArrayLocation contract, an essential modification has been made to the array parameter of the clearArraySlot() function. Specifically, including the storage keyword indicates that the contractAdmins array associated with the contract should be updated to set the address at the specified index to zero. This adjustment ensures that the clearArraySlot() function operates correctly by directly updating the storage array, effectively erasing the address at the selected index within the contractAdmins array.

About Olympix

Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.

Join our beta program now to fortify your smart contracts and proactively shield them from cyber threats in the evolving landscape of Web3 security.

Connect with us on: