OpenZeppelin · Amxx · Jun 18, 2024 · Jun 18, 2024 · Jun 18, 2024 · Jun 18, 2024
diff --git a/contracts/access/manager/AuthorityUtils.sol b/contracts/access/manager/AuthorityUtils.sol
@@ -4,6 +4,8 @@
 pragma solidity ^0.8.20;
 
 import {IAuthority} from "./IAuthority.sol";
+import {LowLevelCalls} from "../../utils/LowLevelCalls.sol";
+import {LowLevelMemory} from "../../utils/LowLevelMemory.sol";
 
 library AuthorityUtils {
     /**
@@ -17,16 +19,20 @@ library AuthorityUtils {
         address target,
         bytes4 selector
     ) internal view returns (bool immediate, uint32 delay) {
-        (bool success, bytes memory data) = authority.staticcall(
-            abi.encodeCall(IAuthority.canCall, (caller, target, selector))
-        );
-        if (success) {
-            if (data.length >= 0x40) {
-                (immediate, delay) = abi.decode(data, (bool, uint32));
-            } else if (data.length >= 0x20) {
-                immediate = abi.decode(data, (bool));
+        // snapshot free memory pointer (moved by encodeCall and getReturnDataFixed)
+        LowLevelMemory.FreePtr ptr = LowLevelMemory.save();
+
+        if (LowLevelCalls.staticcall(authority, abi.encodeCall(IAuthority.canCall, (caller, target, selector)))) {
+            if (LowLevelCalls.getReturnDataSize() >= 0x40) {
+                (immediate, delay) = abi.decode(LowLevelCalls.getReturnDataFixed(0x40), (bool, uint32));
+            } else if (LowLevelCalls.getReturnDataSize() >= 0x20) {
+                immediate = abi.decode(LowLevelCalls.getReturnDataFixed(0x20), (bool));
             }
         }
+
+        // restore free memory pointer to reduce memory leak
+        LowLevelMemory.load(ptr);
+
         return (immediate, delay);
     }
 }
diff --git a/contracts/token/ERC20/extensions/ERC4626.sol b/contracts/token/ERC20/extensions/ERC4626.sol
@@ -84,10 +84,10 @@ abstract contract ERC4626 is ERC20, IERC4626 {
      * @dev Attempts to fetch the asset decimals. A return value of false indicates that the attempt failed in some way.
      */
     function _tryGetAssetDecimals(IERC20 asset_) private view returns (bool, uint8) {
-        (bool success, bytes memory encodedDecimals) = address(asset_).staticcall(
-            abi.encodeCall(IERC20Metadata.decimals, ())
-        );
-        if (success && encodedDecimals.length >= 32) {
+        bool success = LowLevelCalls.staticcall(asset_, abi.encodeCall(IERC20Metadata.decimals, ())) &&
+            LowLevelCalls.getReturnDataSize() >= 0x20;
+
+        if (success) {
             uint256 returnedDecimals = abi.decode(encodedDecimals, (uint256));
             if (returnedDecimals <= type(uint8).max) {
                 return (true, uint8(returnedDecimals));

diff --git a/contracts/utils/LowLevelCalls.sol b/contracts/utils/LowLevelCalls.sol
@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+import {Math} from "./math/Math.sol";
+
+/**
+ * Utility functions helpful when making different kinds of contract calls in Solidity.
+ */
+library LowLevelCalls {
+    function call(address to, uint256 value, bytes memory data) internal returns (bool success) {
+        return call(to, value, data, gasleft());
+    }
+
+    function call(address to, uint256 value, bytes memory data, uint256 txGas) internal returns (bool success) {
+        assembly ("memory-safe") {
+            success := call(txGas, to, value, add(data, 0x20), mload(data), 0, 0)
+        }
+    }
+
+    function staticcall(address to, bytes memory data) internal view returns (bool success) {
+        return staticcall(to, data, gasleft());
+    }
+
+    function staticcall(address to, bytes memory data, uint256 txGas) internal view returns (bool success) {
+        assembly ("memory-safe") {
+            success := staticcall(txGas, to, add(data, 0x20), mload(data), 0, 0)
+        }
+    }
+
+    function delegateCall(address to, bytes memory data) internal returns (bool success) {
+        return delegateCall(to, data, gasleft());
+    }
+
+    function delegateCall(address to, bytes memory data, uint256 txGas) internal returns (bool success) {
+        assembly ("memory-safe") {
+            success := delegatecall(txGas, to, add(data, 0x20), mload(data), 0, 0)
+        }
+    }
+
+    function getReturnDataSize() internal pure returns (uint256 returnDataSize) {
+        assembly ("memory-safe") {
+            returnDataSize := returndatasize()
+        }
+    }
+
+    function getReturnData(uint256 maxLen) internal pure returns (bytes memory ptr) {
+        return getReturnDataFixed(Math.min(maxLen, getReturnDataSize()));
+    }
+
+    function getReturnDataFixed(uint256 len) internal pure returns (bytes memory ptr) {
+        assembly ("memory-safe") {
+            ptr := mload(0x40)
+            mstore(0x40, add(ptr, add(len, 0x20)))
+            mstore(ptr, len)
+            returndatacopy(add(ptr, 0x20), 0, len)
+        }
+    }
+
+    function revertWithData(bytes memory returnData) internal pure {
+        assembly ("memory-safe") {
+            revert(add(returnData, 0x20), mload(returnData))
+        }
+    }
+
+    function revertWithCode(bytes32 code) internal pure {
+        assembly ("memory-safe") {
+            mstore(0, code)
+            revert(0, 0x20)
+        }
+    }
+}
diff --git a/contracts/utils/LowLevelMemory.sol b/contracts/utils/LowLevelMemory.sol
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.20;
+
+/**
+ * @dev Helper library packing and unpacking multiple values into bytes32
+ */
+library LowLevelMemory {
+    type FreePtr is bytes32;
+
+    function save() internal pure returns (FreePtr ptr) {
+        assembly ("memory-safe") {
+            ptr := mload(0x40)
+        }
+    }
+
+    function load(FreePtr ptr) internal pure {
+        assembly ("memory-safe") {
+            mstore(0x40, ptr)
+        }
+    }
+}
diff --git a/contracts/utils/cryptography/SignatureChecker.sol b/contracts/utils/cryptography/SignatureChecker.sol
@@ -5,6 +5,8 @@ pragma solidity ^0.8.20;
 
 import {ECDSA} from "./ECDSA.sol";
 import {IERC1271} from "../../interfaces/IERC1271.sol";
+import {LowLevelCalls} from "../LowLevelCalls.sol";
+import {LowLevelMemory} from "../LowLevelMemory.sol";
 
 /**
  * @dev Signature verification helper that can be used instead of `ECDSA.recover` to seamlessly support both ECDSA
@@ -40,11 +42,17 @@ library SignatureChecker {
         bytes32 hash,
         bytes memory signature
     ) internal view returns (bool) {
-        (bool success, bytes memory result) = signer.staticcall(
-            abi.encodeCall(IERC1271.isValidSignature, (hash, signature))
-        );
-        return (success &&
-            result.length >= 32 &&
-            abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector));
+        // snapshot free memory pointer (moved by encodeCall and getReturnDataFixed)
+        LowLevelMemory.FreePtr ptr = LowLevelMemory.save();
+
+        bool success = LowLevelCalls.staticcall(signer, abi.encodeCall(IERC1271.isValidSignature, (hash, signature))) &&
+            LowLevelCalls.getReturnDataSize() >= 0x20 &&
+            abi.decode(LowLevelCalls.getReturnDataFixed(0x20), (bytes32)) ==
+            bytes32(IERC1271.isValidSignature.selector);
+
+        // restore free memory pointer to reduce memory leak
+        LowLevelMemory.load(ptr);
+
+        return success;
     }
 }