Solidity Bugfix Release | Ethereum Foundation Blog

Latest Solidity version 0.4.25 released Fixes two important bugs. Another important bug was already fixed in version 0.4.22, but its existence was recently discovered.

The Ethereum Foundation is bounty program For the code generator part of Solidity.

Cleaning up exponents in powers

  • Likelihood of occurrence: Very low
  • Exploitability: High
  • Discoverability by testing: Low
  • Fixed in version 0.4.25

Summary: Using a short type as an exponent in a power operation can produce invalid results.

The Ethereum virtual machine only recognizes types that are exactly 256 bits, but the Solidity language allows integer types shorter than 256 bits. Therefore, it is necessary to set the upper bit to 0 from time to time. For many operations, it does not matter whether these bits are set to 0 or not (addition is one example). Therefore, the Solidity compiler delays this cleanup until it is needed to save gas.

In very special circumstances, ** Inaccurate results can occur if the operator type is shorter than 256 bits, not shorter than the base type, and contains dirty high-order bits. Beware of literal exponents like . ×** 2 The type of base unit 256 or int256 Not affected.

Function parameters can have dirty high-order bits if called by a malicious entity, and the same is true for data returned from a function in a contract deployed by a malicious entity.

After inspecting a large number of contracts, we believe that this bug only affects a very small number of smart contracts, if any, as normal use of the exponentiation operator does not cause the bug.

This bug was discovered by deeper.

Memory corruption in multidimensional array decoder

  • Likelihood of occurrence: Low
  • Exploitability: Medium
  • Discoverability by testing: High
  • Introduced in version: 0.1.4
  • Fixed in version 0.4.22

Summary: Memory corruption occurs when calling functions in other contracts that return multidimensional fixed-size arrays.

When your Solidity code calls a function that returns a multidimensional, fixed-size array, you must convert the returned ABI-encoded data to Solidity’s internal array representation. In Solidity, multidimensional arrays are implemented as arrays of memory pointers, whereas in ABI, data is encoded inline. The decoder does not take this difference into account, and accessing the returned value can result in memory corruption because the returned element is interpreted as a memory pointer. Calling a function with a multidimensional fixed-size array argument is not affected, as is returning a fixed-size array from a function call, if it is not used in a Solidity contract. This bug exists only in components that decode multidimensional fixed-size arrays returned from function calls from Solidity.

This bug was discovered by Hmm.

Invalid encoding of structure in event

  • Likelihood of occurrence: Low
  • Exploitability: Low
  • Discoverability by testing: High
  • Introduced in version: 0.4.17
  • Fixed in version 0.4.25

Summary: Structures as event parameters are not handled properly.

Structures were not intended to be supported as event parameters without the new ABI encoder. The compiler still accepted them, but encoded the memory address instead of the actual value.Even with the new ABI encoder, the structure with index event parameters.

Structures are now properly prohibited for older encoders, and are also disallowed when indexed for newer encoders.

Related Article


Leave a Comment