Skip to content

Latest commit

 

History

History
35 lines (26 loc) · 1.57 KB

ABIEncoderV2 is not production-ready.md

File metadata and controls

35 lines (26 loc) · 1.57 KB

The contracts use the new Solidity ABI encoder, ABIEncoderV2.

This experimental encoder is not ready for production.

More than 3% of all GitHub issues for the Solidity compiler are related to experimental features, primarily ABIEncoderV2. Several issues and bug reports are still open and unresolved.

ABIEncoderV2 has been associated with more than 20 high-severity bugs, some of which are so recent that they have not yet been included in a Solidity release.

For example, in March 2019 a severe bug introduced in Solidity 0.5.5 was found in the encoder.

Recommendation:

Short term, use neither ABIEncoderV2 nor any other experimental Solidity feature.

Refactor the code such that structs do not need to be passed to or returned from functions.

Long term, integrate static analysis tools like Slither into your CI pipeline to detect unsafe pragmas.


Slide Screenshot

164.jpg


Slide Text

  • ToB Audit Advanced Blockchain Finding 18
  • Patching
  • ABIEncoderV2 Issues & Bugs
  • Avoid ABIEncoderV2
  • Refactor Code

References


Tags