The Ethereum Foundation, a key player behind the development of EThereum (ETH), has released a report related to a bug they discovered in the ABI encoder. They have also found two bugs in the optimizer. The report was released on March 26.
Ethereum Foundation Reveals Bugs in ABI Encoder and Optimizer
The bugs were reported through the Ethereum bug bounty program. In the ABI encoder, also known as ABIEncoderV2, users were able to find that the component suffers from a few different variations of the same type. The other two bugs found in the optimizer are considered to be of “low-impact” and one of them was already fixed with SOlidity v0.5.6. The upcoming Solidity 0.5.7 will fix all the bugs that were reported by these developers.
It is worth mentioning that those users that deployed contracts that use the ABI encoder V2 can be affected by this issue. At the moment, there are 2,500 contracts on the mainnet that use the experimental ABIEncoderV2.
The Ethereum Foundation informs that they do their best to ensure high quality in the code they work on. Bugs in the Solidity compiler are generally difficult to be detected with vulnerability detectors.
The report reads as follows:
“The best way to protect against these types of flaws is to have a rigorous set of end-to-end tests for your contracts (verifying all code paths) since bugs in a compiler very likely are not “silent” and instead manifest in invalid data.”
The Foundation has also stated that the probability of these bugs leading to problems such as malfunctions was more than one, thus resulting in an exploitability.
We have recently written at Bitcoin Exchange Guide that the research site Messari unveiled that Stellar (XLM) experienced inflation of 2.25 billion XLM in April 2017 due to the fact that a user exploited a bug in the platform.