Ethereum’s Bug Bounty Program Discovers Bugs in New ABIEncoderV2

One reason Ethereum has been a successful project for all these years because of its active community which contributes to the project’s betterment. The recent bug bounty program saw the same when the dev team received a report about a flaw within the new experimental ABI encoder (referred to as ABIEncoderV2) and two low impact bug.

Ethereum rolls out  0.5.7 release to fix the bug

Ethereum Foundation, the key player behind the development of Ethereum, released a blog post on March 26 which was titled as ‘Solidity Optimizer and ABIEncoderV1 Bug,’ which spoke about a bug discovered in the ABI encoder and two bugs found in the optimizer,

In the blogpost, the Foundation stated that they had received a report on the “flaw” in the “new experimental ABI encoder,” also known as ABIEncoderV2 via the bug bounty program. The team further revealed that there were two bugs discovered in Solidity Optimizer over the past two weeks. However, these bugs had “low-impact.”

This bug concerns those who have deployed contracts which use the experimental ABI encoder V2, then those might be affected. This means that only contracts which use the following directive within the source code can be affected:

  • pragma experimental ABIEncoderV2;

The Foundation has identified that there are about 2500 contracts live on mainnet that use the experimental ABIEncoderV2 but it is not clear how many of them contain the bug.

The bug only manifests itself when all of the following conditions are met:

  • Storage data involving arrays or structs is sent directly to an external function call, to abi.encode or to event data without a prior assignment to a local (memory) variable AND
  • there is an array that contains elements with size less than 32 bytes or a struct that has elements that share a storage slot or members of type bytes shorter than 32 bytes.

The post also mentions that “The best way to protect against these types of flaws is to have a rigorous set of end-to-end tests for your contracts (verifying all code paths) since bugs in a compiler very likely are not “silent” and instead manifest in invalid data.”

It’s amazing to see how the dev team at Ethereum work towards protecting the software and its ancillary modules. The examination of the problem and its solution provided exactly show why Ethereum is a world-class project.

While the developers are busy fixing this bug, the price of Ethereum stood close to USD 140 up by 3.35%.

Will Ethereum be able to get out of this technology mess and again get back to its glory days? DO let us know your views on the same.

The post Ethereum’s Bug Bounty Program Discovers Bugs in New ABIEncoderV2 appeared first on Coingape.

Share