Solidity ABI Decoder Bug For Multi-Dimensional Memory Arrays

On April 5th, 2021, a bug in the Solidity ABI decoder v2 was reported by John Toman of the Certora development team. Certora’s bug disclosure post can be found here: Memory Isolation Violation in Deserialization Code. The bug is fixed with Solidity version 0.8.4 released on April 21st, 2021. The bug is present in all prior versions of ABI coder v2. We assigned the bug a severity level of “very low”, mainly due to the fact that it is very... [Read More]

Custom Errors in Solidity

Starting from Solidity v0.8.4, there is a convenient and gas-efficient way to explain to users why an operation failed through the use of custom errors. Until now, you could already use strings to give more information about failures (e.g., revert("Insufficient funds.");), but they are rather expensive, especially when it comes to deploy cost, and it is difficult to use dynamic information in them. Custom errors are defined using the error statement, which can be used inside and outside of contracts... [Read More]

Announcing Solidity Version Collectibles & Community Governance 💎

⚠️ Attention: This post is an April Fools’ Day joke. Please consume it at your own risk. We will not distribute any Solidity NFTs in the foreseeable future. Stay safe. Today, we are excited to announce a little surprise we’ve been working on silently for the last couple of weeks. We heard that you really like crypto-related collectibles and we listened. You will soon be able to own a digital piece of Solidity’s history: We’re tokenizing each Solidity version as... [Read More]

Solidity 0.8.3 Release Announcement

Solidity v0.8.3 fixes the Solidity Optimizer Keccak Caching Bug, which is present in all prior versions of Solidity, and, in addition, includes two improvements to the optimizer which can provide a big gas benefit when writing structs that cover a full storage slot to storage. [Read More]

Solidity Optimizer Keccak Caching Bug

On March 20, 2021, a bug in Solidity’s bytecode optimizer was found by differential fuzzing. The bug is fixed with version 0.8.3 released on March 23, 2021. The bug is present in all prior versions of Solidity. We assigned the bug a severity level of “medium”. [Read More]

Solidity 0.8.2 Release Announcement

Solidity v0.8.2 adds an optimizer stage that can inline small amounts of code to save gas and provides more means to work with code documentation by exporting inline comments and allowing custom natspec tags. [Read More]

Saving Gas with Simple Inlining

Solidity v0.8.2 adds a simple inliner to the low-level optimizer of Solidity. In this post, we examine how it works and take a look at synergies with other steps of the optimizer. [Read More]

Contributing to Solidity 101

The Solidity programming language is an open-source project governed by a core team. We rely on the community’s feedback, input and contributions to make the language as effective, safe and useful as possible. In this post, we will walk you through the various different ways how you can get involved contributing to Solidity! Do not hesitate to contact us in case anything is left unclear after reading the post. [Read More]

An Introduction to Solidity's Fuzz Testing Approach

Security vulnerabilities and bugs detract from software quality. To discover them early, at best before they are released, we have adopted fuzz testing: feeding randomly generated programs to the Solidity compiler and observing the compilation runtime and code generated. Since Q1 2019, the Solidity compiler is fuzz tested via Google’s open-source software fuzz (oss-fuzz) framework. In this post, we briefly describe the work that has been done on this front, and work that is currently in progress. [Read More]