Analysis of Storage Corruption Bug

This post was originally published on the Ethereum blog. This blog post provides an update on our findings following the discovery of the storage corruption bug last week. In summary, the bug was much less severe than we initially thought. The small number of affected contracts we found is either only exploitable by the owner, or the exploit can only cause a disruption in the user interface and not in the actual contract logic. All exploitable contracts/dapps we reviewed can... [Read More]

Solidity 0.4.4 Release Announcement

This is a bugfix release that fixes a storage corruption that appears when multiple variables are stored in the same slot (details). Bugfixes: Type checker: forbid signed exponential that led to an incorrect use of EXP opcode. Code generator: properly clean higher order bytes before storing in storage. A big thank you to all contributors who helped make this release possible! Download the new version of Solidity here.

Security Alert: Variables can be overwritten in storage

This post was originally published on the Ethereum blog. Summary: In some situations, variables can overwrite other variables in storage. **Affected Solidity compiler versions: **0.1.6 to 0.4.3 (including 0.4.4 pre-release versions) Detailed description: Storage variables that are smaller than 256 bits are packed together into the same 256 bit slot if they can fit. If a value larger than what is allowed by the type is assigned to the first variable, that value will overwrite the second variable. This means... [Read More]

Solidity 0.4.3 Release Announcement

This is a real bugfix release as you can see from the changelog below. The most important fix concerns the optimizer which generated invalid code connected to the SHA3 opcode in certain situations. Features: Inline assembly: support both suicide and selfdestruct opcodes (note: suicide is deprecated). Inline assembly: issue warning if stack is not balanced after block. Include keccak256() as an alias to sha3(). Support shifting constant numbers. Bugfixes: Commandline interface: Disallow unknown options in solc. Name resolver: Allow inheritance... [Read More]

Solidity 0.4.2 Release Announcement

Bugfixes: Code Generator: Fix library functions being called from payable functions. Type Checker: Fixed a crash about invalid array types. Code Generator: Fixed a call gas bug that became visible after version 0.4.0 for calls where the output is larger than the input. A big thank you to all contributors who helped make this release possible! Download the new version of Solidity here.

Solidity 0.4.1 Release Announcement

This is a bugfix release that fixes an error when compiling libraries with the latest version 0.4.0. A big thank you to all contributors who helped make this release possible! Download the new version of Solidity here.

Solidity 0.4.0 Release Announcement

Note: Version 0.4.0 is unable to compile libraries. Please upgrade to 0.4.1. This release deliberately breaks backwards compatibility mostly to enforce some safety features. The most important change is that you have to explicitly specify if functions can receive ether via the payable modifier. Furthermore, more situations cause exceptions to be thrown. Minimal changes to be made for upgrade: Add payable to all functions that want to receive Ether (including the constructor and the fallback function). Change _ to _;... [Read More]

Dev Update: Formal Methods

This post was originally published on the Ethereum blog. Today, I am delighted to announce that Yoichi Hirai (@pirapira on github) is joining the Ethereum project as a formal verification engineer. He holds a PhD from the University of Tokyo on the topic of formalizing communicating parallel processes and created formal verification tools for Ethereum in his spare time. In his own words: I’m joining Ethereum as a formal verification engineer. My reasoning: formal verification makes sense as a profession... [Read More]

Solidity 0.3.6 Release Announcement

This is the first release from the new “solidity-standalone” repository. It does not have dependencies to cpp-ethereum anymore and can be built just from the solidity github repository. Note that the optimizer was disabled in some situations which could lead to larger (but correcter) code. Features: Formal verification: Take external effects on a contract into account. Type Checker: Warning about unused return value of low-level calls and send. Output: Source location and node id as part of AST output Output:... [Read More]

Solidity 0.3.5 Release Announcement

Features: Context-dependent path remappings (different modules can use the same library in different versions) Bugfixes: Type Checking: Dynamic return types were removed when fetching data from external calls, now they are replaced by an “unusable” type. Type Checking: Overrides by constructors were considered making a function non-abstract. A big thank you to all contributors who helped make this release possible! Download the new version of Solidity here.