cerc-io/solidity
16
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Some changes after review.

Browse Source
This commit is contained in:
chriseth 2017-04-18 11:40:00 +02:00
parent 10c32362ea
commit 11d30ec04f
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/bugs.json
View File

@ -30,7 +30,7 @@
"name": "OptimizerStaleKnowledgeAboutSHA3",
"summary": "The optimizer did not properly reset its knowledge about SHA3 operations resulting in some hashes (also used for storage variable positions) not being calculated correctly.",
"description": "The optimizer performs symbolic execution in order to save re-evaluating expressions whose value is already known. This knowledge was not properly reset across control flow paths and thus the optimizer sometimes thought that the result of a SHA3 operation is already present on the stack. This could result in data corruption by accessing the wrong storage slot.",
"severity": "low/medium",
"severity": "medium",
"fixed": "0.4.3",
"conditions": {
"optimizer": true

5
docs/bugs.rst
View File

@ -6,7 +6,7 @@
List of Known Bugs
##################
Below, you can find a JSON-formatted list of known security-relevant bugs in the
Below, you can find a JSON-formatted list of some of the known security-relevant bugs in the
Solidity compiler. The file itself is hosted in the `Github repository
<https://github.com/ethereum/solidity/blob/develop/docs/bugs.json>`_.
The list stretches back as far as version 0.3.0, bugs known to be present only
@ -20,8 +20,7 @@ Contract source verification tools and also other tools interacting with
contracts should consult this list according to the following criteria:
- It is mildly suspicious if a contract was compiled with a nightly
compiler version instead of a released version. These compiler versions
might contain undocumented bugs.
compiler version instead of a released version
- It is also mildly suspicious if a contract was compiled with a version that was
not the most recent at the time the contract was created. For contracts
created from other contracts, you have to follow the creation chain

3
docs/security-considerations.rst
View File

@ -22,7 +22,8 @@ you should be more careful.
This section will list some pitfalls and general security recommendations but
can, of course, never be complete. Also, keep in mind that even if your
smart contract code is bug-free, the compiler or the platform itself might
have a bug. All known security-relevant bugs of the compiler can be found in the
have a bug. A list of some publicly known security-relevant bugs of the compiler
can be found in the
:ref:`list of known bugs<known_bugs>`, which is also machine-readable. Note
that there is a bug bounty program that covers the code generator of the
Solidity compiler.