Public Warning of Solidity Storage Array Issues
This blog post informs readers of two errors associated with storage arrays that have recently been discovered. In some cases, a contract containing these mistakes may fail a test.
Kim Daenam and Nguyen Pham, with assistance from Gridcurve, identified invalid data being stored in relation to arrays containing signed numbers. As is often the case, these bugs have existed in the compiler for some time, but their existence has only just been revealed.
We rate version 0.4.7 as more serious. If these arrays are used incorrectly, it could result in data corruption. Therefore, it should be simple to detect the error.
The Ethereum Bug Bounty Program was contacted with a report regarding a bug in the experimental ABIEncoderV2. Even though this version of the ABI encoder is not yet complete, it is already being used on mainnet and demands attention. For details on correcting the error, please click the link provided.
We do not intend to release a fix at this time. We do not plan to offer the legacy series at 0.0.4.x, however, if there is sufficient demand, this may be reconsidered.
The bugs should be easily identified by anyone who works on the code paths. Here are further details on the two errors.
Signed Integer Array Mistake
Who Should Be Concerned?
Any contracts which use signed integers as storage arrays, and then allocate them directly, are affected. This includes a literal array that contains at least one negative element (e.g. x = [-1, -2, -3];) or existing product ranges of different types of signed integers. Additionally, data corruption can occur within the storage array.
Contracts that only assign individual array elements (e.g. x[2] = -1;) are exempted.
How Can It Be Verified?