The last Version 0.4.25 version of Solidey Corrects two important bugs. Another important bug has already been corrected in version 0.4.22, but it was only discovered that the bug existed.
Note that the Ethereum Foundation manages a premium program For the generator of the solidity code.
Cleaning the exhibitor in the exponential
- Probor of occurrence: very low
- Oblipability: high
- Constability by tests: low
- Correction of the version: 0.4.25
Summary: The use of short types in the exponent of an exponing operation can lead to non -valid results.
The solidity language allows whole types which are shorter than 256 bits, even if the Ethereum virtual machine only experiences types of exactly 256 bits. For this reason, the higher bits must be defined to zero from time to time. For many operations, it is not relevant if these bits are defined on zero or not (addition is an example). For this reason, the solidity compiler delays this cleaning until necessary to save gas.
In the very particular circumstance that the exhibitor of ** The operator has a type that is shorter than 256 bits, but not shorter than the basic type and contains higher dirty bits, this can lead to an incorrect result. Note that literal exhibitors as in x ** 2 as well as the case where the basic type is Uint256 Or Int256 are not affected.
Note that a function parameter can have higher Sales bits if they are called by a malicious entity, and the same goes for the data returned from the functions of the contracts deployed by malicious entities.
After detecting a large number of contracts, we consider this bug to assign only a very small number of intelligent contracts, if necessary, because the regular uses of the exponential operator do not lead to the bug.
This bug was found by nweller.
Memory corruption in the multidimensional decoder
- Probor of occurrence: low
- Depositability: Middle
- Constability by tests: high
- Introduced in the version: 0.1.4
- Correction of the version: 0.4.22
Summary: The appeal functions of other contracts which refer multidimensional fixed size tables lead to the corruption of memory.
If Solideity Code calls for a function which returns a multidimensional fixed size table, the data returned abi must be converted into internal representation of solidity of the tables. In Solidity, multidimensional tables are implemented in the form of paintings of memory pointers, while in the ABI, the data is coded online. The decoder has not taken into account this difference with the result that the returned elements are interpreted as memory pointers and can therefore cause memory corruption if the return values are accessible. Call functions with multidimensional fixed -size table arguments are not affected, as is the referral of fixed size tables from functional calls if they are not used in a solidity contract. The bug is only in the component which decodes a multidimensional fixed size table which is returned to a call for solidity.
This bug was found by jmahhh.
Invalid encoding of structures in events
- Probor of occurrence: low
- Oblipability: Low
- Constability by tests: high
- Introduced in the version: 0.4.17
- Correction of the version: 0.4.25
Summary: Structures as event parameters are not managed properly.
The structures were not supposed to be supported as event parameters without the new Abi encoder. The compiler nevertheless accepted them, but coded its memory address instead of their real value. Even with the new Abi encoder, the structures cannot be indexed Event parameters.
Now the structures are properly prohibited for the old encoder and if they are also indexed for the new encoder.
