{ skip to content }

{Solidity:​log}

Latest News & Announcements

Releases
Security Alerts
Announcements
Explainers

Solidity 0.8.17 Release Announcement

Posted by Solidity Team on September 8, 2022

Releases

Solidity v0.8.17 fixes an important bug, makes overflow checks on multiplication more efficient and adds an LSP feature to always analyze all files in a project. Important Bugs Storage Write Removal Bug On Conditional Early Termination The bug may result in storage writes being incorrectly considered redundant and removed by the optimizer. The problem manifests in presence of assembly functions that may conditionally terminate the external EVM call using the return() or stop() opcode. See the security alert post on Storage Write Removal Bug On Conditional Early Termination for...

Read more

Solidity 0.8.16 Release Announcement

Posted by Solidity Team on August 8, 2022

Releases

Solidity v0.8.16 fixes an important bug. The bug may result in small parts of dynamic tuple components being inadvertently zeroed during ABI re-encoding when the last component is a statically-sized uint or bytes32 calldata array. See Head Overflow Bug in Calldata Tuple ABI-Reencoding for more information. Apart from that, there are several minor bug fixes and improvements like more gas-efficient overflow checks for addition and subtraction. Full Changelog Important Bugfixes: Code Generation: Fix data corruption that affected ABI-encoding of calldata values represented by tuples: structs at any nesting level; argument...

Read more

Head Overflow Bug in Calldata Tuple ABI-Reencoding

Posted by Solidity Team on August 8, 2022

Security Alerts

On July 5, 2022, Chance Hudson (@vimwitch) from the Ethereum Foundation discovered a bug in the Solidity code generator. The earliest affected version of the compiler is 0.5.8, which introduced ABI-reencoding of calldata arrays and structs. Solidity version 0.8.16, released on August 08, 2022, provides a fix. We assigned the bug a severity of "medium". Which Contracts are Affected? The effects of the bug manifest when a contract performs ABI-encoding of a tuple that meets all of the following conditions: The last component of the tuple...

Read more

Solidity 0.8.15 Release Announcement

Posted by Solidity Team on June 15, 2022

Releases

Solidity v0.8.15 fixes two important bugs, improves inlining heuristics and adds a .selector member for errors and events. Important Bugs The first one is an optimizer bug that can lead to memory write operations in inline assembly being removed if the result of such an operation is not read back from within the same assembly block. The bug can be triggered only when using the default legacy compiler pipeline (the new compilation pipeline via IR is not affected) and happens only in assembly blocks that never...

Read more

Optimizer Bug Regarding Memory Side Effects of Inline Assembly

Posted by Solidity Team on June 15, 2022

Security Alerts

On June 5, 2022, John Toman of the Certora development team reported an optimizer bug that can cause memory writes in inline assembly blocks to be incorrectly removed under certain conditions. The bug was introduced in Solidity 0.8.13 with a new Yul optimizer step meant to remove unused writes to memory and storage. We assigned the bug a severity of "medium". Which Contracts are Affected? The Yul optimizer considers all memory writes in the outermost Yul block that are never read from as unused and removes them. This...

Read more

Bug when Copying Dirty Bytes Arrays to Storage

Posted by Solidity Team on June 15, 2022

Security Alerts

On July 1, 2021, a bug in the Solidity code generator was found by differential fuzzing. The bug causes the legacy code generation pipeline to generate code that may write dirty values to storage when copying bytes arrays from calldata or memory. Initially, it was assumed that the dirty values in storage are only observable using inline assembly. However, resizing a bytes array using an empty .push() without actually writing values to it, can expose the dirty bytes without any use of inline assembly. The bug...

Read more

Solidity 0.8.14 Release Announcement

Posted by Solidity Team on May 18, 2022

Releases

Solidity v0.8.14 fixes two important bugs. The first one is related to ABI-encoding nested arrays directly from calldata. You can find more information in the blog post. The second bug is triggered in certain inheritance structures and can cause a memory pointer to be interpreted as a calldata pointer or vice-versa. We also have a dedicated blog post about this bug. Apart from these, there are several minor bug fixes and improvements. Please note: Unfortunately, the npm wrapper package of this version is corrupted. Using the new soljson.js...

Read more

Bug Concerning Data Location during Inheritance

Posted by Solidity Team on May 17, 2022

Security Alerts

On February 5th 2021, Nicolas Venturo reported a bug that allows overriding functions to change the data location of parameters from memory to calldata. The bug was introduced in Solidity 0.6.9 together with the ability to use calldata data location for all variables (and not just parameters of external functions). We assigned the bug a severity of "very low". Which Contracts are Affected? The effect of the bug is that a memory pointer is interpreted as a calldata pointer or vice-versa. It can only happen if you change...

Read more

Size Check Bug in Nested Calldata Array ABI-Reencoding

Posted by Solidity Team on May 17, 2022

Security Alerts

On April 7, 2022, a bug in the Solidity code generator was reported by John Toman of the Certora development team. Certora's bug disclosure post can be found here. The bug is fixed with Solidity version 0.8.14 released on May 17, 2022. The bug was first introduced in Solidity version 0.5.8. We assigned the bug a severity of "very low". Which Contracts are Affected? You might be affected if you pass a nested array directly to another external function call or use abi.encode on it. If calldata is...

Read more

Solidity Summit 2022 Recap

Posted by Franziska Heintel on May 3, 2022

Announcements

We can't believe it's already been two weeks since we met in Amsterdam for the second Solidity Summit! Solidity Summit 2022 was part of Devconnect and took place on Wednesday, April 20, 2022. With roughly 250 participants, the event was well attended. In addition, approximately 400 people joined remotely by watching the Livepeer livestream. The day was packed with 20+ talks on Solidity internals & deep dives Solidity language design Solidity tooling Security Programming patterns ... and more. The full agenda of the day can be found here. You can...

Read more
Newer posts
Older posts

Get involved

GitHub

Twitter

Mastodon

Matrix

Discover more

BlogDocumentationUse casesContributeAboutForum

2023 Solidity Team

Security Policy

Code of Conduct