An error was reported in the Solidity optimizer via the Ethereum Foundation bounty program, by Christoph Jentzsch. This bug was fixed on May 3, 2017, with the release of Solidity 0.4.11.
Bottom
The bug in question concerned how the optimizer optimizes constants in the bytecode. By “bytecode constants”, we mean anything that is PUSHed on the stack (not to be confused with solidity constants). For example, if the value 0xffffffffffffffffffffffffffffffffffffffffffffffffffff is PUSHed, then the optimizer can do PUSH32 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffor choose to encode this as PUSH1 1; NOT;.
A bug in the optimizer caused bytecode constant optimizations to fail in certain cases by producing a routine that did not correctly recreate the original constant.
The behavior described in the reported bug was found in a contract where a method would stop working when another, totally unrelated method was added to the contract. After analysis, it was determined that a number of conditions must exist at once for the bug to trigger. Any combination of conditions that would trigger the error would consistently have the following two conditions:
- The constant must start with 0xFF… and end with a long series of zeros (or vice versa).
- The same constant must be used in multiple locations, in order for the optimizer to choose to optimize this particular constant. Alternatively, it should be used in the constructor, which optimizes for size instead of gas.
In addition to the above two conditions, other more complicated conditions are required.
Analysis
This bug is present in all released versions of Solidity from at least summer 2015 to the present. Although the bug has been around since 2015, it seems very difficult to trigger by “random” code:
We performed a static analysis of all contract code implemented on the blockchain and did not find any invalidly generated routines. Please note that the fact that we did not find an error in the entire contract code does not guarantee the absence of such occurrences.
improvements
To provide greater transparency and awareness of Solidity bugs, we have begun exporting information about Solidity-related vulnerabilities as JSON files in the Solidity code repository (one,2). We expect block explorers to integrate this information along with other contract related information.
Etherscan has already implemented this, which can be seen here Y here.
Regarding the bug itself, we added a mini-EVM to the optimizer that checks the correctness of each generated routine at compile time.
In addition, work has already begun on a higher level, fully specified intermediate language. Future optimizer routines in this language will be much easier to understand and audit and will replace the current optimizer.
