{Solidity:log}
Bug in Deduplication of Verbatim Blocks
Posted by Solidity Team on November 8, 2023
On October 24, Ori Pomerantz reported a bug affecting the use of verbatim builtin in Yul code. After investigating, the team was able to confirm the problem and locate its origin. The bug existed in the Block Deduplicator optimizer step, wherein equivalent assembly blocks are identified and merged. verbatim assembly items surrounded by identical opcodes were incorrectly considered identical and unified. The bug existed since version 0.8.5, which introduced verbatim, and only affected pure Yul compilation with optimization enabled. Solidity code or Yul used in inline assembly blocks would...
Read moreBug in Legacy Code Generation When Accessing the .selector Member on Expressions with Side Effects
Posted by Solidity Team on July 19, 2023
On June 26, 2023, a bug in the legacy code generation pipeline of the Solidity compiler was found during investigation of a security report related to the use of abi.decode with a ternary expression that has side effects, as the type argument. The legacy code generator was not evaluating complex expressions, like assignments, function calls, or conditionals, whose .selector was being accessed. This led to the side-effects of such expressions not being executed, and therefore potentially incorrect behavior of contracts compiled using the legacy pipeline. The...
Read moreFullInliner Non-Expression-Split Argument Evaluation Order Bug
Posted by Solidity Team on July 19, 2023
On July 4, 2023, Robert Chen from OtterSec discovered a bug in the Yul optimizer. The earliest affected version of the compiler is 0.6.7, which introduced the ability to modify the optimizer step sequence. Solidity version 0.8.21, released on July 19, 2023, provides a fix. We assigned the bug an overall score of "low". The bug has "high" severity in affected cases, but we deem the likelihood of it actually affecting deployed contracts as "very low". Which Contracts are Affected? The prerequisite to trigger the bug is...
Read moreStorage Write Removal Bug On Conditional Early Termination
Posted by Solidity Team on September 8, 2022
On September 5, 2022, a bug in Solidity's Yul optimizer was found by differential fuzzing. The bug was introduced in version 0.8.13 and Solidity version 0.8.17, released on September 08, 2022, provides a fix. The bug is significantly easier to trigger with optimized via-IR code generation, but can theoretically also occur in optimized legacy code generation. We assigned the bug a severity of "medium/high". Who Should Be Concerned If you're using optimized legacy code generation, you only need to be concerned, if you use...
Read moreHead Overflow Bug in Calldata Tuple ABI-Reencoding
Posted by Solidity Team on August 8, 2022
On July 5, 2022, Chance Hudson (@vimwitch) from the Ethereum Foundation discovered a bug in the Solidity code generator. The earliest affected version of the compiler is 0.5.8, which introduced ABI-reencoding of calldata arrays and structs. Solidity version 0.8.16, released on August 08, 2022, provides a fix. We assigned the bug a severity of "medium". Which Contracts are Affected? The effects of the bug manifest when a contract performs ABI-encoding of a tuple that meets all of the following conditions: The last component of the tuple...
Read moreOptimizer Bug Regarding Memory Side Effects of Inline Assembly
Posted by Solidity Team on June 15, 2022
On June 5, 2022, John Toman of the Certora development team reported an optimizer bug that can cause memory writes in inline assembly blocks to be incorrectly removed under certain conditions. The bug was introduced in Solidity 0.8.13 with a new Yul optimizer step meant to remove unused writes to memory and storage. We assigned the bug a severity of "medium". Which Contracts are Affected? The Yul optimizer considers all memory writes in the outermost Yul block that are never read from as unused and removes them. This...
Read moreBug when Copying Dirty Bytes Arrays to Storage
Posted by Solidity Team on June 15, 2022
On July 1, 2021, a bug in the Solidity code generator was found by differential fuzzing. The bug causes the legacy code generation pipeline to generate code that may write dirty values to storage when copying bytes arrays from calldata or memory. Initially, it was assumed that the dirty values in storage are only observable using inline assembly. However, resizing a bytes array using an empty .push() without actually writing values to it, can expose the dirty bytes without any use of inline assembly. The bug...
Read moreBug Concerning Data Location during Inheritance
Posted by Solidity Team on May 17, 2022
On February 5th 2021, Nicolas Venturo reported a bug that allows overriding functions to change the data location of parameters from memory to calldata. The bug was introduced in Solidity 0.6.9 together with the ability to use calldata data location for all variables (and not just parameters of external functions). We assigned the bug a severity of "very low". Which Contracts are Affected? The effect of the bug is that a memory pointer is interpreted as a calldata pointer or vice-versa. It can only happen if you change...
Read moreSize Check Bug in Nested Calldata Array ABI-Reencoding
Posted by Solidity Team on May 17, 2022
On April 7, 2022, a bug in the Solidity code generator was reported by John Toman of the Certora development team. Certora's bug disclosure post can be found here. The bug is fixed with Solidity version 0.8.14 released on May 17, 2022. The bug was first introduced in Solidity version 0.5.8. We assigned the bug a severity of "very low". Which Contracts are Affected? You might be affected if you pass a nested array directly to another external function call or use abi.encode on it. If calldata is...
Read moreabi.encodeCall Literals Bug
Posted by Solidity Team on March 16, 2022
On March 10th, 2022, the Solidity team discovered a bug in the implementation of abi.encodeCall when used together with fixed-length bytes literals. It was introduced together with abi.encodeCall in Solidity 0.8.11 and is fixed in 0.8.13. We assigned the bug a severity of "very low". Which Contracts are Affected? You might be affected if you use abi.encodeCall(f, (...)) where f takes a bytesNN parameter and you provide the value for that parameter either as a hex literal (0x1234 or hex"abcd") or as a string literal ("abcd"). If you only...
Read moreUser Defined Value Types Bug
Posted by Solidity Team on September 29, 2021
On September 28th, 2021, Harry Altman (@haltman-at) of Truffle discovered a bug in user defined value types. The bug has no influence on the correctness of Solidity contracts, but contracts compiled with Solidity 0.8.8 that use the new feature are unnecessarily wasteful and might have problems with tooling or contract upgrades. The bug exists only in Solidity 0.8.8 and is fixed in 0.8.9. We assigned the bug a severity of "very low". Storage Layout of User Defined Value Types The compiler did not correctly compute the storage layout...
Read moreSigned Immutables Bug
Posted by Solidity Team on September 29, 2021
On September 28th, 2021, the Solidity team discovered that for immutable variables of a signed integer type shorter than 256 bits, sign extension (cleanup) of its value is not always properly performed. To our knowledge, the value can only be accessed in its unclean state when using inline assembly. The bug is present since the introduction of the immutable feature in Solidity 0.6.5 and is fixed in 0.8.9. We assigned the bug a severity of "very low". Technical Details When immutable variables are assigned in Solidity during the construction...
Read moreSolidity ABI Decoder Bug For Multi-Dimensional Memory Arrays
Posted by Solidity Team on April 21, 2021
On April 5th, 2021, a bug in the Solidity ABI decoder v2 was reported by John Toman of the Certora development team. Certora's bug disclosure post can be found here: Memory Isolation Violation in Deserialization Code. The bug is fixed with Solidity version 0.8.4 released on April 21st, 2021. The bug is present in all prior versions of ABI coder v2. We assigned the bug a severity level of "very low", mainly due to the fact that it is very hard to exploit the bug. We are...
Read moreSolidity Optimizer Keccak Caching Bug
Posted by Solidity Team on March 23, 2021
On March 20, 2021, a bug in Solidity's bytecode optimizer was found by differential fuzzing. The bug is fixed with version 0.8.3 released on March 23, 2021. The bug is present in all prior versions of Solidity. We assigned the bug a severity level of "medium". Technical Details Summary: The bytecode optimizer incorrectly re-used previously evaluated Keccak-256 hashes. You are unlikely to be affected if you do not compute Keccak-256 hashes in inline assembly. Solidity's bytecode optimizer has a step that can compute Keccak-256 hashes, if the...
Read moreSolidity Empty Byte Array Copy Bug
Posted by Solidity Team on October 19, 2020
On October 14, 2020, a bug in the Solidity code generator was reported by John Toman of the Certora development team. Certora's bug disclosure post can be found here. The bug is fixed with Solidity version 0.7.4 released on October 19, 2020. The bug is present in all prior versions of Solidity. We assigned the bug a severity level of "medium". Who should be concerned This bug can cause newly created elements of bytes or string arrays in storage to be initialized by a non-zero value. For...
Read moreSolidity Dynamic Array Cleanup Bug
Posted by Solidity Team on October 7, 2020
On September 17, 2020, a bug in the Solidity code generator was found. The bug is fixed with version 0.7.3 released on October 7, 2020. The bug is present in all prior versions of Solidity. We assigned the bug a severity level of "medium". Technical Details of the Bug Summary: For a dynamically-sized storage-array with types of size at most 16 bytes, assignments that require deleting slots did not zero out the deleted slots properly. Consider a dynamically-sized array in storage whose base-type is small enough...
Read moreSolidity Memory Array Creation Overflow Bug
Posted by Solidity Team on April 6, 2020
On the 28th of March, a bug in the Solidity code generator was reported through the Ethereum Foundation Bounty program, by John Toman of Certora. The bug is fixed with version 0.6.5, released on 2020-04-06. The bug is present in all prior versions of Solidity. We assigned a severity level of "low" because we found the bug to be uncommon and at the same time hard to exploit. Who should be concerned If you have deployed a contract which allocates a memory array of user-supplied length, but does...
Read moreSolidity Storage Array Bugs
Posted by Solidity and Security Team on June 25, 2019
This post was originally published on the Ethereum blog. This blog post is about two bugs connected to storage arrays which are otherwise unrelated. Both have been present in the compiler for a long time and have only been discovered now even though a contract containing them should very likely show malfunctions in tests. Daenam Kim with help from Nguyen Pham, both from Curvegrid discovered an issue where invalid data is stored in connection with arrays of signed integers. This bug has been...
Read moreSolidity Optimizer and ABIEncoderV2 Bugs
Posted by Solidity and Security Team on March 26, 2019
This post was originally published on the Ethereum blog. Through the Ethereum bug bounty program, we received a report about a flaw within the new experimental ABI encoder (referred to as ABIEncoderV2). Upon investigation, it was found that the component suffers from a few different variations of the same type. The first part of this announcement explains this bug in detail. The new ABI encoder is still marked as experimental, but we nevertheless think that this deserves a prominent announcement since...
Read moreSolidity Bugfix Release
Posted by Solidity Team on September 13, 2018
This post was originally published on the Ethereum blog. The latest version 0.4.25 release of Solidity fixes two important bugs. Another important bug has already been fixed in version 0.4.22 but it was only discovered recently that the bug existed. Note that the Ethereum Foundation runs a bounty program for the code generator part of Solidity. Cleanup of Exponent in Exponentiation Likelihood of occurrence: very low Exploitability: high Discoverability by tests: low Fixed in version: 0.4.25 Summary: Using short types in the exponent of an exponentiation operation can lead to...
Read moreSolidity Optimizer Bug
Posted by Martin Swende on May 3, 2017
This post was originally published on the Ethereum blog. A bug in the Solidity optimizer was reported through the Ethereum Foundation Bounty program, by Christoph Jentzsch. This bug is patched as of 2017-05-03, with the release of Solidity 0.4.11. Background The bug in question concerned how the optimizer optimizes on constants in the byte code. By "byte code constants", we mean anything which is PUSHed on the stack (not to be confused with Solidity constants). For example, if the value 0xfffffffffffffffffffffffffffffffffffffffffffffffe is PUSHed,...
Read moreAnalysis of Storage Corruption Bug
Posted by Christian Reitwiessner on November 9, 2016
This post was originally published on the Ethereum blog. This blog post provides an update on our findings following the discovery of the storage corruption bug last week. In summary, the bug was much less severe than we initially thought. The small number of affected contracts we found is either only exploitable by the owner, or the exploit can only cause a disruption in the user interface and not in the actual contract logic. All exploitable contracts/dapps we reviewed can be fixed...
Read moreSecurity Alert: Variables can be overwritten in storage
Posted by Christian Reitwiessner on November 1, 2016
This post was originally published on the Ethereum blog. Summary: In some situations, variables can overwrite other variables in storage. *Affected Solidity compiler versions: *0.1.6 to 0.4.3 (including 0.4.4 pre-release versions) Detailed description: Storage variables that are smaller than 256 bits are packed together into the same 256 bit slot if they can fit. If a value larger than what is allowed by the type is assigned to the first variable, that value will overwrite the second variable. This means if an attacker can cause...
Read moreSmart Contract Security
Posted by Christian Reitwiessner on June 10, 2016
This post was originally published on the Ethereum blog. Solidity was started in October 2014 when neither the Ethereum network nor the virtual machine had any real-world testing, the gas costs at that time were even drastically different from what they are now. Furthermore, some of the early design decisions were taken over from Serpent. During the last couple of months, examples and patterns that were initially considered best-practice were exposed to reality and some of them actually turned out to...
Read more