A bug in the Solidity optimizer has been reported via: Ethereum Foundation Bounty Program, Christoph Jentzsch. This bug was patched with the release of Solidity 0.4.11 on 2017-05-03.
background
The bug in question has to do with how the optimizer optimizes constants in the bytecode. “Bytecode constant” means anything that: pushIt is added to the stack (not to be confused with Solidity constants). For example, if the value is 0xffffffffffffffffffffffffffffffffffffffffffffffffe is pushed, then the optimizer can do one of the following: PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffeOr choose to encode it like this: push1 1; no;.
An error in the optimizer that causes optimization of bytecode constants to fail in certain cases by creating routines that do not properly regenerate the original constants.
The behavior described in the reported bug was observed in a contract where one method would stop working when another completely unrelated method was added to the contract. The analysis confirmed that several conditions must exist simultaneously for a bug to occur. Combinations of conditions that cause bugs consistently have two conditions:
- The constant must start like this: 0xFF… Ends with a long series of zeros (or vice versa).
- The same constant must be used in multiple places for the optimizer to choose this particular constant to optimize for. Alternatively, it should be used in a constructor that optimizes size rather than gas.
In addition to the above two conditions, more complex conditions are needed.
analyze
This bug exists in all versions of Solidity released from at least summer 2015 to present. This bug has been around since 2015, but seems to be very difficult to trigger with “arbitrary” code.
We performed a static analysis of all contract code deployed on the blockchain and found no incorrectly generated routines. Failure to discover bugs in all contract code does not guarantee that such bugs will not occur.
improvement
To provide better transparency in Solidity and increase awareness of bugs, we have started exporting information about Solidity-specific vulnerabilities as a JSON file to the Solidity code repository (One,2). We hope that the block explorer will integrate this information with other contract-related information.
Etherscan has already implemented this and you can see it. here and here.
Regarding the bug itself, we added a mini-EVM to the optimizer that checks the correctness of each generated routine at compile time.
Moreover, work has already begun on fully specified, higher-level intermediate languages. Future optimization routines in this language will be much easier to understand and appreciate and will replace the current optimizer.