Skip to content

Add an AbiDecode library for safe abi decoding (no revert)#6393

Open
Amxx wants to merge 4 commits intoOpenZeppelin:masterfrom
Amxx:feature/AbiDecode
Open

Add an AbiDecode library for safe abi decoding (no revert)#6393
Amxx wants to merge 4 commits intoOpenZeppelin:masterfrom
Amxx:feature/AbiDecode

Conversation

@Amxx
Copy link
Collaborator

@Amxx Amxx commented Mar 4, 2026
edited
Loading

Would be usefull for #6390

PR Checklist

  • Tests
  • Documentation
  • Changeset entry (run npx changeset add)

@Amxx Amxx requested a review from a team as a code owner March 4, 2026 21:21
@Amxx Amxx added this to the 5.7 milestone Mar 4, 2026
@Amxx Amxx requested a review from ernestognw March 4, 2026 21:21
@ernestognw
Copy link
Member

ernestognw commented Mar 4, 2026

This library seems like a good idea but, how far do we want to go with it? Decoding more complex values still requires the developer to know how to read offsets and validate bounds for the outer structure. The library might end up too large

I have a bunch of calldata decoding cases in OAF that are very extensive and this lib would definitely help

@changeset-bot
Copy link

changeset-bot bot commented Mar 4, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 0d667c9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
openzeppelin-solidity Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 4, 2026
edited
Loading

Walkthrough

This pull request introduces a new AbiDecode library in contracts/utils/AbiDecode.sol with three non-reverting functions for decoding ABI-encoded bytes data: tryDecodeBytes for memory buffers, tryDecodeBytes for Memory.Slice inputs, and tryDecodeBytesCalldata for calldata inputs. Each function performs bounds checks and returns success/failure status alongside the decoded output. The Memory library is extended with an emptySlice() helper function. A comprehensive test suite in test/utils/AbiDecode.t.sol validates the decoding functions across memory and calldata variants.

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely describes the main change: adding an AbiDecode library for safe, non-reverting ABI decoding, which directly aligns with the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check ✅ Passed The pull request description relates to the changeset by indicating it adds an AbiDecode library for safe ABI decoding, matching the file changes and objectives.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Mar 4, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@test/utils/AbiDecode.t.sol`:
- Around line 34-40: The success branch in testDecodeCalldataNoRevert is
asserting empty bytes incorrectly; when tryDecodeBytesCalldata returns success
== true you should verify the decoded output matches the original input buffer.
Update the success branch assertion in testDecodeCalldataNoRevert to compare
output to the original buffer (e.g., assertEq(output, bytes(buffer)) or
equivalently abi.decode(buffer, (bytes))) so that tryDecodeBytesCalldata,
success, and output are validated correctly.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 6eedfff9-aab4-4037-87b4-7003e47271c4

📥 Commits

Reviewing files that changed from the base of the PR and between 4681c1c and a7441a9.

📒 Files selected for processing (3)
  • contracts/utils/AbiDecode.sol
  • contracts/utils/Memory.sol
  • test/utils/AbiDecode.t.sol

test/utils/AbiDecode.t.sol
Comment on lines +34 to +40
function testDecodeCalldataNoRevert(bytes calldata buffer) public pure {
(bool success, bytes calldata output) = buffer.tryDecodeBytesCalldata();
if (success) {
assertEq(output, new bytes(0));
} else {
assertEq(output, new bytes(0));
}
Copy link
Contributor

@coderabbitai coderabbitai bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Fix the success-branch assertion in testDecodeCalldataNoRevert.

Line 37 currently asserts empty bytes even when success == true, so the success path is not actually verifying decoded content.

✅ Suggested test fix 
 function testDecodeCalldataNoRevert(bytes calldata buffer) public pure {
     (bool success, bytes calldata output) = buffer.tryDecodeBytesCalldata();
     if (success) {
-        assertEq(output, new bytes(0));
+        assertEq(output, abi.decode(buffer, (bytes)));
     } else {
         assertEq(output, new bytes(0));
     }
 }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@test/utils/AbiDecode.t.sol` around lines 34 - 40, The success branch in
testDecodeCalldataNoRevert is asserting empty bytes incorrectly; when
tryDecodeBytesCalldata returns success == true you should verify the decoded
output matches the original input buffer. Update the success branch assertion in
testDecodeCalldataNoRevert to compare output to the original buffer (e.g.,
assertEq(output, bytes(buffer)) or equivalently abi.decode(buffer, (bytes))) so
that tryDecodeBytesCalldata, success, and output are validated correctly.

@Amxx
Copy link
Collaborator Author

Amxx commented Mar 4, 2026

This library seems like a good idea but, how far do we want to go with it? Decoding more complex values still requires the developer to know how to read offsets and validate bounds for the outer structure. The library might end up too large

I have a bunch of calldata decoding cases in OAF that are very extensive and this lib would definitely help

I'd keep it simple and small (kiss approach), only adding things that we internally need, or that we know would be reusable. The goal is not to support all types from the start. We'll just add stuff as we see fit.

@Amxx Amxx force-pushed the feature/AbiDecode branch from 60b2792 to 2134240 Compare March 5, 2026 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@ernestognw ernestognw Awaiting requested review from ernestognw

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

5.7

Development

Successfully merging this pull request may close these issues.

2 participants

@Amxx @ernestognw