fix(store): prevent delete out of bounds in spliceDynamicData

[alvrs]

In spliceDynamicData, we’re checking that start is within the bounds of the previous field length but aren’t considering deleteCount in that check. There is another check that checks that start + deleteCount lines up with the previous length of the field if the total length of the field changed, but this only applies if the length changed. That means if the length of the data to insert is the same as deleteCount, it is possible to “insert data after the length of the field” (ie by setting start to the end of the field). I put “insert data after the length of the field” in quotes, since the length of the field is not actually changed, which means when retrieving the whole field onchain the data appended at the end would not be included, similar to how items that are pop’ed from a dynamic field are not actually cleared from storage but just the field length is reduced.

But means indexers/clients need to be aware of this nuance and use encodedLengths as source of truth (like we do onchain).

We can remove this edge case by changing the check to if(startWithinField > previousFieldLength - deleteCount).

When using our table libraries this does not happen since they don't call spliceDynamicData with an invalid start value, but it’s possible to trigger this by calling world.spliceDynamicData manually.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 10bbab5

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR