Secureum Book
  • 🛡️Secureum Bootcamp
    • 🛡️Secureum Bootcamp
    • 🙌Participate
    • 📜History
  • 📚LEARN
    • Introduction
      • 🔷1. Ethereum Basics
        • 1.1 Ethereum: Concept, Infrastructure & Purpose
        • 1.2 Properties of the Ethereum Infrastructure
        • 1.3 Ethereum vs. Bitcoin
        • 1.4 Ethereum Core Components
        • 1.5 Gas Metering: Solving the Halting Problem
        • 1.6 web2 vs. web3: The Paradigm Shift
        • 1.7 Decentralization
        • 1.8 Cryptography, Digital Signature & Keys
        • 1.9 Ethereum State & Account Types
        • 1.10 Transactions: Properties & Components
        • 1.11 Contract Creation
        • 1.12 Transactions, Messages & Blockchain
        • 1.13 EVM (Ethereum Virtual Machine) in Depth
        • 1.14 Transaction Reverts & Data
        • 1.15 Block Explorer
        • 1.16 Mainnet & Testnets
        • 1.17 ERCs & EIPs
        • 1.18 Legal Aspects in web3: Pseudonymity & DAOs
        • 1.19 Security in web3
        • 1.20 web2 Timescales vs. web3 Timescales
        • 1.21 Test-in-Prod. SSLDC vs. Audits
        • Summary: 101 Keypoints
      • 🌀2. Solidity
        • 2.1 Solidity: Influence, Features & Layout
        • 2.2 SPDX & Pragmas
        • 2.3 Imports
        • 2.4 Comments & NatSpec
        • 2.5 Smart Contracts
        • 2.6 State Variables: Definition, Visibility & Mutability
        • 2.7 Data Location
        • 2.8 Functions
        • 2.9 Events
        • 2.10 Solidity Typing
        • 2.11 Solidity Variables
        • 2.12 Address Type
        • 2.13 Conversions
        • 2.14 Keywords & Shorthand Operators
        • 2.15 Solidity Units
        • 2.16 Block & Transaction Properties
        • 2.17 ABI Encoding & Decoding
        • 2.18 Error Handling
        • 2.19 Mathematical & Cryptographic Functions
        • 2.20 Control Structures
        • 2.21 Style & Conventions
        • 2.22 Inheritance
        • 2.23 EVM Storage
        • 2.24 EVM Memory
        • 2.25 Inline Assembly
        • 2.26 Solidity Version Changes
        • 2.27 Security Checks
        • 2.28 OpenZeppelin Libraries
        • 2.29 DAppSys Libraries
        • 2.30 Important Protocols
        • Summary: 201 Keypoints
      • 🔏3. Security Pitfalls & Best Practices
        • 3.1 Solidity Versions
        • 3.2 Access Control
        • 3.3 Modifiers
        • 3.4 Constructor
        • 3.5 Delegatecall
        • 3.6 Reentrancy
        • 3.7 Private Data
        • 3.8 PRNG & Time
        • 3.9 Math & Logic
        • 3.10 Transaction Order Dependence
        • 3.11 ecrecover
        • 3.12 Unexpected Returns
        • 3.13 Ether Accounting
        • 3.14 Transaction Checks
        • 3.15 Delete Mappings
        • 3.16 State Modification
        • 3.17 Shadowing & Pre-declaration
        • 3.18 Gas & Costs
        • 3.19 Events
        • 3.20 Unary Expressions
        • 3.21 Addresses
        • 3.22 Assertions
        • 3.23 Keywords
        • 3.24 Visibility
        • 3.25 Inheritance
        • 3.26 Reference Parameters
        • 3.27 Arbitrary Jumps
        • 3.28 Hash Collisions & Byte Level Issues
        • 3.29 Unicode RTLO
        • 3.30 Variables
        • 3.31 Pointers
        • 3.32 Out-of-range Enum
        • 3.33 Dead Code & Redundant Statements
        • 3.34 Compiler Bugs
        • 3.35 Proxy Pitfalls
        • 3.36 Token Pitfalls
        • 3.37 Special Token Pitfalls
        • 3.38 Guarded Launch Pitfalls
        • 3.39 System Pitfalls
        • 3.40 Access Control Pitfalls
        • 3.41 Testing, Unused & Redundand Code
        • 3.42 Handling Ether
        • 3.43 Application Logic Pitfalls
        • 3.44 Saltzer & Schroeder's Design Principles
        • Summary: 201 Keypoints
      • 🗜️4. Audit Techniques & Tools
        • 4.1 Audit
        • 4.2 Analysis Techniques
        • 4.3 Specification, Documentation & Testing
        • 4.4 False Positives & Negatives
        • 4.5 Security Tools
        • 4.6 Audit Process
        • Summary: 101 Keypoints
      • ☝️5. Audit Findings
        • 5.1 Criticals
        • 5.2 Highs
        • 5.3 Mediums
        • 5.4 Lows
        • 5.5 Informationals
        • Summary: 201 Keypoints
  • 🌱CARE
    • CARE
      • CARE Reports
  • 🚩CTFs
    • A-MAZE-X CTFs
      • Secureum A-MAZE-X
      • Secureum A-MAZE-X Stanford
      • Secureum A-MAZE-X Maison de la Chimie Paris
Powered by GitBook
On this page
  • Reserved Memory and the Free Memory Pointer
  • Memory Layout
  • Memory Arrays
  • Zeroed Memory
  1. LEARN
  2. Introduction
  3. 2. Solidity

2.24 EVM Memory

Remember that the EVM is a stack based architecture. It has calldata, the volatile memory and the non-volatile storage.

EVM memory has a linear layout, which means that all the memory locations are stored linearly next to each other, and memory locations can be addressed at byte level. The EVM instructions that are used to access memory are MLOAD/MSTORE that operate on the word size (256 bits) and, if one wants to store a single byte from the stack to memory, one can use the MSTORE8. All locations in memory are zero initialized.

Reserved Memory and the Free Memory Pointer

The first two 32 byte slots (from 0x0 to 0x40) are reserved by Solidity as a scratch space for the hashing methods.

The third slot (again 32 bytes; from 0x40 to 0x60) is used for the free memory pointer, so this points to the next byte of memory within Solidity that is considered as "free" or in effect this also indicates the amount of allocated memory currently within Solidity.

The fourth slot (32 bytes; from 0x60 to 0x80) is referred to as a zero slot and is used by Solidity as an initial value for dynamic memory arrays. We'll talk about that shortly.

Therefore, it makes sense that the initial value of the free memory pointer and Solidity is 0x80 (the fifth slot) because the first four 32 byte slots are reserved by Solidity. The free memory pointer effectively points to memory that is allocatable in the context of Solidity at any point in time and whenever memory is allocated by the compiler, it updates the free memory pointer.

These concepts should be familiar, if you have looked at memory allocation of any other programming languages, these just happen to be the specific ways in which Solidity handles memory allocation using the familiar concept of the free memory pointer.

Memory Layout

Solidity places new memory objects at the free memory pointer and all this memory that is allocated is never freed or deallocated. All these concepts related to memory layout matter from a security perspective only: if the developer is manipulating this memory directly in the assembly language support provided by Solidity because, if one is using Solidity as a high-level language without using assembly, then all this is automatically handled by the Solidity compiler itself.

Memory Arrays

For memory, every element within arrays in Solidity occupy 32 bytes. This is something we mentioned in the context of the byte array and how every element occupying 32 bytes wastes a lot of space. Despite the type of the memory array, this is not true for bytes and string types.

For multi-dimensional memory arrays, those are pointers to memory arrays.

For dynamic arrays, it is very similar to the storage even within memory: these are stored by maintaining the length of the dynamic array in the first slot of that array in memory followed by the array elements themselves.

Zeroed Memory

With respect to zeroed memory (memory containing zero bytes), there are no guarantees made by the Solidity compiler that the memory being allocated has not been used before, so one can't assume that the memory contents contain zero bytes.

The reason for this is that there is no built-in mechanism to automatically release or free allocated memory in Solidity. As you can imagine, this has a security impact because if one is using memory allocated objects, those are not guaranteed to be zeroed memory. Then the default values may not be zeros. These again are relevant only if memory is being manipulated directly in assembly within Solidity. This should not be much of a concern if one is not using assembly.

Previous2.23 EVM StorageNext2.25 Inline Assembly

Last updated 1 year ago

📚
🌀