FuelVM is vulnerable to heap memory allocation re-use bug
A memory safety vulnerability was present in the Fuel Virtual Machine (FuelVM), where memory reads could bypass expected access controls. Specifically, when a smart contract performed a mload (or other opcodes which access memory) on memory that had been deallocated using ret, it was still able to access the old memory contents. This occurred because the memory region was not zeroed out or otherwise marked as invalid. As a result, …