A report on a bug discovered in the ABI encoder was released by the Ethereum Foundation, an essential actor in developing Ethereum (ETH). Two bugs in the optimizer were also found.
After research, several different variations of the same type have shown that the component is affected. This bug is explained in detail in the first part of this announcement. However, we think this deserves a significant announcement because it is already used on mainnet. The new ABI encoder is still considered experimental.
The team also found two bugs in the last two weeks of the Solidity Optimizer. However, the “low – impact” of these bugs also stated that such bugs were released on March 5 in Solidity version 0.5.5. In Solidity version 0.5.6, one of the two bugs was remediated.
It should be noted that users using the ABI encoder V2 who have used contracts can be affected by this problem. There are currently 2,500 mainnet contracts using the experimental ABIEncoderV2.
In terms of the likely results of the bug, the Foundation stated that more than one bug is expected to result in exploitability. “If the bug is triggered, it will send corrupt parameters on method invocations to other contracts under certain circumstances.” Naturally, any bug could be wildly different depending on the flow of the program, but we expect this to lead to malfunction rather than exploitation. The bug will send corrupted parameters to other agreements for method calls if triggered under certain circumstances.
The experimental ABI encoder is available only when explicitly permitted to be conservative about modifications, to allow people to interact with it without placing too much trust in it until it is considered stable.
A rigorous end – to – end test for your contracts is the best way to protect against such flaws because a compiler’s bugs are not very likely to “quiet” and manifest in untrue data instead.