{"id":8233,"date":"2025-02-06T22:48:32","date_gmt":"2025-02-06T21:48:32","guid":{"rendered":"https:\/\/wsj-crypto.com\/?p=8233"},"modified":"2025-02-06T22:48:32","modified_gmt":"2025-02-06T21:48:32","slug":"critical-update-enhancements-and-fixes-in-solidity-release","status":"publish","type":"post","link":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/","title":{"rendered":"Critical Update: Enhancements and Fixes in Solidity Release"},"content":{"rendered":"<p><\/p>\n<div id=\"\">\n<p class=\"chakra-text css-gi02ar\">The recent <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/github.com\/ethereum\/solidity\/releases\/tag\/v0.4.25\">release version 0.4.25 of Solidity<!-- --><\/a> rectifies<br \/>\ntwo significant issues.<br \/>\nAnother major issue was already resolved in version 0.4.22, although the existence of the bug was only recently recognized.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Please be aware that the Ethereum Foundation administers a <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/bounty.ethereum.org\/\">bounty initiative<!-- --><\/a> related to the code generation aspect of Solidity.<!-- --><\/p>\n<p><!-- --><\/p>\n<h2 class=\"chakra-heading css-1w54o5f\" id=\"cleanup-of-exponent-in-exponentiation\">Cleaning Up Exponent in Exponentiation<!-- --><\/h2>\n<p><!-- --><\/p>\n<ul role=\"list\" class=\"css-1onhfjo\">\n<li class=\"css-cvpopp\">Probability of occurrence: very minimal<!-- --><\/li>\n<li class=\"css-cvpopp\">Potential for exploitation: high<!-- --><\/li>\n<li class=\"css-cvpopp\">Detection through tests: low<!-- --><\/li>\n<li class=\"css-cvpopp\">Resolved in version: 0.4.25<!-- --><\/li>\n<\/ul>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Overview: Utilizing shorter types in the exponent of an exponentiation operation may result in erroneous outcomes.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">The Solidity programming language permits integer types that are less than 256 bits, even though the Ethereum Virtual Machine only recognizes types that are precisely 256 bits. Consequently, higher order bits must occasionally be set to zero.<br \/>\nFor many operations, it does not matter whether those higher bits are zeroed out (an example being addition).<br \/>\nTherefore, to conserve gas, the Solidity compiler postpones this cleanup until necessary.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">In the rare scenario where the exponent of the <!-- --><span class=\"chakra-text css-ons8vw\">**<\/span> operator possesses a type shorter<br \/>\nthan 256 bits, but not shorter than the base type, and contains unclean higher order bits,<br \/>\nthis might yield an erroneous result. It is worth noting that literal exponents such as in <!-- --><span class=\"chakra-text css-ons8vw\">x ** 2<\/span> and cases where the base type is<br \/>\n<!-- --><span class=\"chakra-text css-ons8vw\">uint256<\/span> or <!-- --><span class=\"chakra-text css-ons8vw\">int256<\/span> remain unaffected.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">It is important to mention that a function parameter may carry unclean higher order bits if invoked by a malicious source,<br \/>\nand the same applies to data retrieved from the functions of contracts created by such entities.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Following an examination of numerous contracts, we believe this flaw affects only a very small fraction of<br \/>\nsmart contracts, if any, since the typical uses of the exponentiation operator do not trigger the issue.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">This issue was identified by <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/github.com\/nweller\">nweller<!-- --><\/a>.<!-- --><\/p>\n<p><!-- --><\/p>\n<h2 class=\"chakra-heading css-1w54o5f\" id=\"memory-corruption-in-multi-dimensional-array-decoder\">Memory Corruption in Multi-Dimensional Array Decoder<!-- --><\/h2>\n<p><!-- --><\/p>\n<ul role=\"list\" class=\"css-1onhfjo\">\n<li class=\"css-cvpopp\">Probability of occurrence: low<!-- --><\/li>\n<li class=\"css-cvpopp\">Exploitability: moderate<!-- --><\/li>\n<li class=\"css-cvpopp\">Detection through tests: high<!-- --><\/li>\n<li class=\"css-cvpopp\">Introduced in version: 0.1.4<!-- --><\/li>\n<li class=\"css-cvpopp\">Resolved in version: 0.4.22<!-- --><\/li>\n<\/ul>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Overview: Invoking functions from other contracts that return multi-dimensional fixed-size arrays leads to memory corruption.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">When Solidity code calls a function that returns a multi-dimensional fixed-size array,<br \/>\nthe returned ABI-encoded data must be converted to Solidity&#8217;s internal representation<br \/>\nof arrays. In Solidity, multi-dimensional arrays are managed as arrays of<br \/>\nmemory pointers, whereas in the ABI, the data is encoded inline.<br \/>\nThe decoder overlooked this distinction, resulting in the returned<br \/>\nelements being interpreted as memory pointers and thus leading to memory<br \/>\ncorruption when accessing the return values. Function calls with multi-dimensional<br \/>\nfixed-size array arguments remain unaffected, as does returning fixed-size arrays from function calls<br \/>\nif they are outside a Solidity contract.<br \/>\nThe flaw lies solely in the component responsible for decoding a multi-dimensional fixed-size array<br \/>\nreturned from a function call within Solidity.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">This issue was discovered by <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/github.com\/jmahhh\">jmahhh<!-- --><\/a>.<!-- --><\/p>\n<p><!-- --><\/p>\n<h2 class=\"chakra-heading css-1w54o5f\" id=\"invalid-encoding-of-structs-in-events\">Invalid Encoding of Structs in Events<!-- --><\/h2>\n<p><!-- --><\/p>\n<ul role=\"list\" class=\"css-1onhfjo\">\n<li class=\"css-cvpopp\">Probability of occurrence: low<!-- --><\/li>\n<li class=\"css-cvpopp\">Exploitability: low<!-- --><\/li>\n<li class=\"css-cvpopp\">Detection through tests: high<!-- --><\/li>\n<li class=\"css-cvpopp\">Introduced in version: 0.4.17<!-- --><\/li>\n<li class=\"css-cvpopp\">Resolved in version: 0.4.25<!-- --><\/li>\n<\/ul>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Overview: Structs used as event parameters are not managed correctly.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Structs were not intended to be supported as event parameters without the updated ABI encoder.<br \/>\nDespite this, the compiler accepted them, encoding their memory address instead of their actual value.<br \/>\nEven with the new ABI encoder, structs cannot be <!-- --><span class=\"chakra-text css-ons8vw\">indexed<\/span> in event parameters.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">Currently, structs are appropriately prohibited for the old encoder and, if indexed, also for the new encoder.<!-- --><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/blog.ethereum.org\/en\/2018\/09\/13\/solidity-bugfix-release\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The recent release version 0.4.25 of Solidity rectifies two significant issues. Another major issue was already resolved in version 0.4.22, although the existence of the bug was only recently recognized. Please be aware that the Ethereum Foundation administers a bounty initiative related to the code generation aspect of Solidity. Cleaning Up Exponent in Exponentiation Probability<\/p>\n","protected":false},"author":3,"featured_media":7155,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[1172],"class_list":["post-8233","post","type-post","status-publish","format-standard","has-post-thumbnail","category-ethereum","tag-return-a-list-of-comma-separated-tags-from-this-title-solidity-bugfix-release-ethereum-foundation-blog"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Critical Update: Enhancements and Fixes in Solidity Release - WSJ-Crypto<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Update: Enhancements and Fixes in Solidity Release - WSJ-Crypto\" \/>\n<meta property=\"og:description\" content=\"The recent release version 0.4.25 of Solidity rectifies two significant issues. Another major issue was already resolved in version 0.4.22, although the existence of the bug was only recently recognized. Please be aware that the Ethereum Foundation administers a bounty initiative related to the code generation aspect of Solidity. Cleaning Up Exponent in Exponentiation Probability\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/\" \/>\n<meta property=\"og:site_name\" content=\"WSJ-Crypto\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-06T21:48:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/01\/eth-org.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2100\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"wsjcrypto\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"wsjcrypto\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/\",\"url\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/\",\"name\":\"Critical Update: Enhancements and Fixes in Solidity Release - WSJ-Crypto\",\"isPartOf\":{\"@id\":\"https:\/\/wsj-crypto.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/01\/eth-org.jpeg\",\"datePublished\":\"2025-02-06T21:48:32+00:00\",\"author\":{\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\"},\"breadcrumb\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/#primaryimage\",\"url\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/01\/eth-org.jpeg\",\"contentUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/01\/eth-org.jpeg\",\"width\":2100,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wsj-crypto.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Update: Enhancements and Fixes in Solidity Release\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wsj-crypto.com\/#website\",\"url\":\"https:\/\/wsj-crypto.com\/\",\"name\":\"WSJ-Crypto\",\"description\":\"Just Another Crypto News Website\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wsj-crypto.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\",\"name\":\"wsjcrypto\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"caption\":\"wsjcrypto\"},\"url\":\"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Update: Enhancements and Fixes in Solidity Release - WSJ-Crypto","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/","og_locale":"it_IT","og_type":"article","og_title":"Critical Update: Enhancements and Fixes in Solidity Release - WSJ-Crypto","og_description":"The recent release version 0.4.25 of Solidity rectifies two significant issues. Another major issue was already resolved in version 0.4.22, although the existence of the bug was only recently recognized. Please be aware that the Ethereum Foundation administers a bounty initiative related to the code generation aspect of Solidity. Cleaning Up Exponent in Exponentiation Probability","og_url":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/","og_site_name":"WSJ-Crypto","article_published_time":"2025-02-06T21:48:32+00:00","og_image":[{"width":2100,"height":900,"url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/01\/eth-org.jpeg","type":"image\/jpeg"}],"author":"wsjcrypto","twitter_card":"summary_large_image","twitter_misc":{"Scritto da":"wsjcrypto","Tempo di lettura stimato":"3 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/","url":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/","name":"Critical Update: Enhancements and Fixes in Solidity Release - WSJ-Crypto","isPartOf":{"@id":"https:\/\/wsj-crypto.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/#primaryimage"},"image":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/#primaryimage"},"thumbnailUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/01\/eth-org.jpeg","datePublished":"2025-02-06T21:48:32+00:00","author":{"@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7"},"breadcrumb":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/#primaryimage","url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/01\/eth-org.jpeg","contentUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/01\/eth-org.jpeg","width":2100,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/02\/06\/critical-update-enhancements-and-fixes-in-solidity-release\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wsj-crypto.com\/"},{"@type":"ListItem","position":2,"name":"Critical Update: Enhancements and Fixes in Solidity Release"}]},{"@type":"WebSite","@id":"https:\/\/wsj-crypto.com\/#website","url":"https:\/\/wsj-crypto.com\/","name":"WSJ-Crypto","description":"Just Another Crypto News Website","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wsj-crypto.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7","name":"wsjcrypto","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","caption":"wsjcrypto"},"url":"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/8233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/comments?post=8233"}],"version-history":[{"count":2,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/8233\/revisions"}],"predecessor-version":[{"id":8235,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/8233\/revisions\/8235"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media\/7155"}],"wp:attachment":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media?parent=8233"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/categories?post=8233"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/tags?post=8233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}