{Solidity:​log}

Posted by Solidity Team on May 18, 2022

Solidity v0.8.14 fixes two important bugs. The first one is related to ABI-encoding nested arrays directly from calldata. You can find more information in the blog post. The second bug is triggered in certain inheritance structures and can cause a memory pointer to be interpreted as a calldata pointer or vice-versa. We also have a dedicated blog post about this bug. Apart from these, there are several minor bug fixes and improvements. Please note: Unfortunately, the npm wrapper package of this version is corrupted. Using the new soljson.js...

Posted by Solidity Team on May 17, 2022

On February 5th 2021, Nicolas Venturo reported a bug that allows overriding functions to change the data location of parameters from memory to calldata. The bug was introduced in Solidity 0.6.9 together with the ability to use calldata data location for all variables (and not just parameters of external functions). We assigned the bug a severity of "very low". Which Contracts are Affected? The effect of the bug is that a memory pointer is interpreted as a calldata pointer or vice-versa. It can only happen if you change...

Posted by Solidity Team on May 17, 2022

On April 7, 2022, a bug in the Solidity code generator was reported by John Toman of the Certora development team. Certora's bug disclosure post can be found here. The bug is fixed with Solidity version 0.8.14 released on May 17, 2022. The bug was first introduced in Solidity version 0.5.8. We assigned the bug a severity of "very low". Which Contracts are Affected? You might be affected if you pass a nested array directly to another external function call or use abi.encode on it. If calldata is...

Posted by Franziska Heintel on May 3, 2022

We can't believe it's already been two weeks since we met in Amsterdam for the second Solidity Summit! Solidity Summit 2022 was part of Devconnect and took place on Wednesday, April 20, 2022. With roughly 250 participants, the event was well attended. In addition, approximately 400 people joined remotely by watching the Livepeer livestream. The day was packed with 20+ talks on Solidity internals & deep dives Solidity language design Solidity tooling Security Programming patterns ... and more. The full agenda of the day can be found here. You can...

Posted by Franziska Heintel & USC Judges on April 9, 2022

The time has come to share this year's winners of the Underhanded Solidity Contest! Before we dive into the winning submissions, let's revisit the most important features of the USC: In a nutshell, the USC is about finding loopholes or “hiding spots” in the Solidity language and using those to write seemingly innocent and straightforward-looking Solidity code which contains malicious behavior or backdoors. The Underhanded Solidity Contest aims to... Raise awareness about smart contract security. Uncover language design faults. Battle-test recently introduced language features and restrictions. Highlight...

Posted by Solidity Team on March 16, 2022

Solidity v0.8.13 fixes an important bug related to abi.encodeCall, extends the using for directive and implements "go to definition" for the language server. Furthermore, compiling via the new Yul IR pipeline is now considered production ready. Important Bugs When abi.encodeCall was introduced in Solidity 0.8.11, hex literals (0x1234) and string literals ("abcd") were not handled properly. Please read more about it in the security alert. Notable New Features Yul IR Pipeline Production Ready We have been working on Yul as an intermediate language for Solidity for several years now. Yul in...

Posted by Solidity Team on March 16, 2022

On March 10th, 2022, the Solidity team discovered a bug in the implementation of abi.encodeCall when used together with fixed-length bytes literals. It was introduced together with abi.encodeCall in Solidity 0.8.11 and is fixed in 0.8.13. We assigned the bug a severity of "very low". Which Contracts are Affected? You might be affected if you use abi.encodeCall(f, (...)) where f takes a bytesNN parameter and you provide the value for that parameter either as a hex literal (0x1234 or hex"abcd") or as a string literal ("abcd"). If you only...

Posted by Franziska Heintel on February 22, 2022

The Solidity Summit is finally back! After a first virtual Solidity Summit in 2020, we are excited to announce an in-person event for 2022! Solidity Summit 2022 is part of Devconnect and will happen on Wednesday, April 20 2022, in Amsterdam. What is the Solidity Summit? The Solidity Summit is a collaborative event focusing on the future of Solidity. It's a get together for advanced Solidity users and other Solidity ecosystem stakeholders such as developers interested in language design, tooling builders, auditors and...

Posted by Solidity Team on February 16, 2022

Solidity v0.8.12 improves the JavaScript / Wasm binary and fixes several bugs. Notable New Features Emscripten Build / solc-js We were able to reduce the size of the JavaScript / WebAssembly binaries from 27 MB to just over 8 MB. The reason for the large binary in the first place is that we include the SMT solver Z3. The size reduction is achieved by compressing the binary using LZ4 and decompressing it when it is loaded, which should be completely transparent to the user. We were initially worried that...

Posted by Franziska Heintel on February 9, 2022

The long wait is over: The Underhanded Solidity Contest is back with a 2022 edition! After a successful revival in 2020, we believe it's time for the great Solidity minds to get together again and compete over the next big underhanded hack! In case you're new to this, let's get you up to speed with a quick recap on what the Underhanded Solidity Contest (USC) is all about: In a nutshell, the USC is about finding loopholes or "hiding spots" in the Solidity...