Ethereum new bug bounty program discovers bugs in new ABIEncoderV2
One of the reasons Ethereum has been a successful project for all these years because of its active community which contributes in the betterment of the project. The recent bug bounty program saw the same , when the dev team received a report about a flaw within the new experimental ABI encoder (referred to as ABIEncoderV2) and two low impact bug.
Ethereum rolls out 0.5.7 release to fix the bug
Ethereum Foundation, the key player behind the development of Ethereum, released a blog post on
on March 26 which was titled as 'Solidity Optimizer and ABIEncoderV1 Bug,’ which spoke about a
bug discovered in the ABI encoder and two bugs found in the optimizer,.
In the blogpost, the Foundation stated that they had received a report on the "flaw" in the "new
experimental ABI encoder," also known as ABIEncoderV2 via the bug bounty program. The team
further revealed that there were two bugs discovered in Solidity Optimizer over the past two weeks.
However, these bugs had "low-impact."
This bug concerns those who have deployed contracts which use the experimental ABI encoder V2,
then those might be affected. This means that only contracts which use the following directive
within the source code can be affected:
pragma experimental ABIEncoderV2;
The Foundation has identified that there are about 2500 contracts live on mainnet that use the
experimental ABIEncoderV2 but it is not clear how many of them contain the bug.
The bug only manifests itself when all of the following conditions are met:
- Storage data involving arrays or structs is sent directly to an external function call, to
abi.encode or to event data without prior assignment to a local (memory) variable AND
- there is an array that contains elements with size less than 32 bytes or a struct that has
elements that share a storage slot or members of type bytesNN shorter than 32 bytes.
The post also mentions that “The best way to protect against these types of flaws is to have a
rigorous set of end-to-end tests for your contracts (verifying all code paths), since bugs in a compiler
very likely are not “silent” and instead manifest in invalid data.”
Its amazing to see how the dev team at Ethereum work towards protecting the software and its
ancillary modules. The examination of problem and its solution provided exactly show why
Ethereum is a world class project.
While the developers are busy fixing this bug, the price of Ethereum stood cloase to USD 140 up by
Will Ethereum be able to get out of this technology mess and again get back to its glory days? DO let
us know your views on the same