Head Overflow Bug in Calldata Tuple ABI-Reencoding

On July 5, 2022, Chance Hudson (@vimwitch) from the Ethereum Foundation discovered a bug in the Solidity code generator. The earliest affected version of the compiler is 0.5.8, which introduced ABI-reencoding of calldata arrays and structs. Solidity version 0.8.16, released on August 08, 2022, provides a fix. We assigned the bug a severity of “medium”. [Read More]

Optimizer Bug Regarding Memory Side Effects of Inline Assembly

On June 5, 2022, John Toman of the Certora development team reported an optimizer bug that can cause memory writes in inline assembly blocks to be incorrectly removed under certain conditions. The bug was introduced in Solidity 0.8.13 with a new Yul optimizer step meant to remove unused writes to memory and storage. We assigned the bug a severity of “medium”. [Read More]

Bug when Copying Dirty Bytes Arrays to Storage

On July 1, 2021, a bug in the Solidity code generator was found by differential fuzzing. The bug causes the legacy code generation pipeline to generate code that may write dirty values to storage when copying bytes arrays from calldata or memory. Initially, it was assumed that the dirty values in storage are only observable using inline assembly. However, resizing a bytes array using an empty .push() without actually writing values to it, can expose the dirty bytes without any... [Read More]

Solidity 0.8.14 Release Announcement

Solidity v0.8.14 fixes two important bugs. The first one is related to ABI-encoding nested arrays directly from calldata. You can find more information in the blog post. The second bug is triggered in certain inheritance structures and can cause a memory pointer to be interpreted as a calldata pointer or vice-versa. We also have a dedicated blog post about this bug. Apart from these, there are several minor bug fixes and improvements. Please note: Unfortunately, the npm wrapper package of... [Read More]

Bug Concerning Data Location during Inheritance

On February 5th 2021, Nicolas Venturo reported a bug that allows overriding functions to change the data location of parameters from memory to calldata. The bug was introduced in Solidity 0.6.9 together with the ability to use calldata data location for all variables (and not just parameters of external functions). We assigned the bug a severity of “very low”. [Read More]

Size Check Bug in Nested Calldata Array ABI-Reencoding

On April 7, 2022, a bug in the Solidity code generator was reported by John Toman of the Certora development team. Certora’s bug disclosure post can be found here. The bug is fixed with Solidity version 0.8.14 released on May 17, 2022. The bug was first introduced in Solidity version 0.5.8. We assigned the bug a severity of “very low”. [Read More]

Solidity Summit 2022 Recap

We can’t believe it’s already been two weeks since we met in Amsterdam for the second Solidity Summit! Solidity Summit 2022 was part of Devconnect and took place on Wednesday, April 20, 2022. With roughly 250 participants, the event was well attended. In addition, approximately 400 people joined remotely by watching the Livepeer livestream. The day was packed with 20+ talks on Solidity internals & deep dives Solidity language design Solidity tooling Security Programming patterns … and more. The full... [Read More]

Announcing the Winners of the Underhanded Solidity Contest 2022

The time has come to share this year’s winners of the Underhanded Solidity Contest! Before we dive into the winning submissions, let’s revisit the most important features of the USC: In a nutshell, the USC is about finding loopholes or “hiding spots” in the Solidity language and using those to write seemingly innocent and straightforward-looking Solidity code which contains malicious behavior or backdoors. The Underhanded Solidity Contest aims to… Raise awareness about smart contract security. Uncover language design faults. Battle-test... [Read More]

Solidity 0.8.13 Release Announcement

Solidity v0.8.13 fixes an important bug related to abi.encodeCall, extends the using for directive and implements “go to definition” for the language server. Furthermore, compiling via the new Yul IR pipeline is now considered production ready. [Read More]