[ad_1]
A bug within the Solidity optimizer was reported by means of the Ethereum Foundation Bounty program, by Christoph Jentzsch. This bug is patched as of 2017-05-03, with the discharge of Solidity 0.4.11.
Background
The bug in query involved how the optimizer optimizes on constants within the byte code. By “byte code constants”, we imply something which is PUSHed on the stack (to not be confused with Solidity constants). For instance, if the worth 0xfffffffffffffffffffffffffffffffffffffffffffffffe is PUSHed, then the optimizer can both do PUSH32 0xfffffffffffffffffffffffffffffffffffffffffffffffe, or select to encode this as PUSH1 1; NOT;.
An error within the optimizer made optimizations of byte code constants fail for sure circumstances by producing a routine that didn’t correctly recreate the unique fixed.
The conduct described within the reported bug was present in a contract through which one technique ceased functioning when one other – completely unrelated – technique was added to the contract. After evaluation, it was decided that various situations should exist without delay for the bug to set off. Any mixture of situations that may set off the bug would persistently have the next two situations:
- The fixed wants to begin with 0xFF… and finish with an extended sequence of zeroes (or vice versa).
- The identical fixed must be utilized in a number of areas, for the optimizer to decide on to optimize this explicit fixed. Alternatively, it must be used within the constructor, which optimises for dimension reasonably than gasoline.
Along with the 2 situations above, there are additional, extra sophisticated situations which are required.
Evaluation
This bug is current in all launched variations of Solidity from not less than way back to summer time 2015 to the current. Though the bug has been current since 2015, it appears very onerous to set off by “random” code:
We carried out a static evaluation of all contract code deployed on the blockchain, and located no prevalence of such an invalidly generated routine. Notice, the truth that now we have not discovered a bug in all of the contract code doesn’t assure the absence of such occurrences.
Enhancements
With a purpose to present higher transparency and elevated consciousness of bugs in Solidity, now we have began exporting details about Solidity-related vulnerabilities as JSON-files within the Solidity code repository(1,2). We hope that block explorers will combine this data together with different contract-related data.
Etherscan has already carried out this, which will be seen here and here.
Regarding the bug itself, we added a mini-EVM to the optimizer which verifies the correctness of every generated routine at compile time.
Moreover, work has already began on a fully-specified and extra high-level intermediate language. Future optimizer routines on this language might be a lot simpler to know and audit and it’ll change the present optimizer.
[ad_2]
