Today, we announce the release of the Solidity Compiler v0.8.23. This newest version of the compiler is meant to be a pure bugfix release that includes the fix for an important bug of low severity.
Based on our investigations, we do not foresee real-world instances of the bug being used as an exploit or an attack vector and thus, we assess its overall severity as low.
This version also introduces a small change to optimizer settings to make them more intuitive. Since v0.8.21, disabling the optimizer.details.yul setting no longer prevents the compiler from running the UnusedPruner step, which we consider an essential part of the internal mechanism for preventing stack issues. The step can still be disabled - by explicitly supplying an empty optimization sequence - but this required nominally enabling the Yul optimizer, which sometimes led to users enabling the optimizer as a whole and inadvertently including extra optimizations. Now it is possible to use an empty sequence independently of other settings.
Please note: Unfortunately, the npm wrapper of this version for Windows is broken, because an unrelated dependency was inadvertently added to the package.json of the npm release. The dependency is harmless, but it is not supported in Windows. We released 0.8.23-fixed to address that, although 0.8.23 is still valid and is not deprecated.
Fixing the invalid verbatim deduplication bug
A user reported a block deduplicator bug which led to blocks which are identical apart from the contents of verbatim instructions to be treated as equivalent and thus collapsed into a single one. The new release fixes this bug.
The bug existed since version 0.8.5, which introduced verbatim, and only affected pure Yul compilation with optimization enabled. Solidity code or Yul used in inline assembly blocks would not trigger it.
Read our blog post describing the bug to learn more about how it manifested, what kind of contracts could be affected, and other technical details.
- Commandline Interface: An empty --yul-optimizations sequence can now be always provided.
- Standard JSON Interface: An empty optimizerSteps sequence can now always be provided.
How to install/upgrade
To upgrade to the latest version of the Solidity Compiler, please follow the installation instructions available in our documentation.
You can download the new version of Solidity here: v0.8.23. If you want to build from the source code, do not use the source archives generated automatically by GitHub. Instead use solidity_0.8.23.tar.gz and take a look at our documentation on how to build from source.
We advise all Solidity developers to always upgrade to the latest version of Solidity in order to take advantage of improvements, optimizations, and most importantly, bug fixes.
And last but not least, we would like to give a big thank you to all the contributors who helped make this release possible!