Enhancement: Detect Invalid Memory-Safe Assembly Annotations #2780
Description
Summary
Add a detector that identifies incorrect usage of the @solidity memory-safe-assembly annotation in inline assembly blocks, specifically when developers use regular comments instead of NatSpec comments.
Motivation
Solidity 0.8.13 introduced the memory-safe-assembly annotation to help the compiler optimize memory usage around inline assembly blocks. However, this annotation only works in NatSpec comments (comments starting with /// or /** */), not in regular comments (// or /* */).
Developers frequently make this mistake, believing their assembly is marked as memory-safe when it's actually not, leading to:
- Missed optimizations - The compiler won't apply memory-related optimizations
- False sense of security - Developers think their code is optimized when it isn't
- Potential memory corruption - If the compiler did optimize based on incorrect assumptions
- Inconsistent gas costs - Between expected and actual behavior
Problem Illustration
contract MemorySafetyIssues {
// INCORRECT - Regular comment, annotation is ignored
// @solidity memory-safe-assembly
assembly {
let x := mload(0x40)
}
// INCORRECT - Regular multi-line comment
/* @solidity memory-safe-assembly */
assembly {
// Assembly code
}
// CORRECT - NatSpec single line
/// @solidity memory-safe-assembly
assembly {
// Assembly code
}
// CORRECT - NatSpec multi-line
/** @solidity memory-safe-assembly */
assembly {
// Assembly code
}
}Detection Features
The detector should identify:
- Incorrect comment format for memory-safe annotations
- Misspelled annotations in NatSpec comments:
/// @solidity memory-safe-assemby // Typo: "assemby" /// @solidity memory safe assembly // Missing hyphens /// @solidty memory-safe-assembly // Typo: "solidty"
- Incorrect placement (annotation not directly before assembly)
- Multiple/duplicate annotations
Expected Output
Invalid memory-safe assembly annotation detected
Location: Contract.sol:45
Issue: Regular comment used instead of NatSpec
Found: // @solidity memory-safe-assembly
Fix: Change to: /// @solidity memory-safe-assembly
Impact: The compiler will ignore this annotation and won't apply memory optimizations
Documentation: https://docs.soliditylang.org/en/latest/assembly.html#memory-safety
Test Cases
contract TestCases {
function test1() public {
// @solidity memory-safe-assembly // DETECT: Wrong comment type
assembly { }
}
function test2() public {
/* @solidity memory-safe-assembly */ // DETECT: Wrong comment type
assembly { }
}
function test3() public {
/// @solidity memory-safe-assembly // OK: Correct NatSpec
assembly { }
}
function test4() public {
/** @solidity memory-safe-assembly */ // OK: Correct NatSpec
assembly { }
}
function test5() public {
/// @solidity memory-sage-assembly // DETECT: Typo in annotation
assembly { }
}
function test6() public {
uint256 x = 1;
/// @solidity memory-safe-assembly // DETECT: Not immediately before assembly
x = 2;
assembly { }
}
}Benefits
- Ensure optimizations are applied - Correct annotations enable compiler optimizations
- Prevent silent failures - Catch incorrectly formatted annotations
- Educational value - Teaches proper NatSpec usage
- Gas optimization - Proper annotations can reduce gas costs
- Code correctness - Ensures developer intent matches compiler behavior
Priority
Medium - While not a direct vulnerability, this issue can lead to unexpected behavior, missed optimizations, and confusion about code performance. It's particularly important for gas-sensitive applications and contracts using extensive assembly optimizations. The detector has high precision (low false positives) and provides clear, actionable fixes.