A bug in the Solidity compiler's code generator caused storage cleanup and copy operations to fail when fixed-length arrays crossed the 2^256-slot storage boundary. The issue stemmed from incorrect pointer-based comparisons that didn't account for wraparound at the storage boundary. While the potential impact is high if triggered, the bug is extremely unlikely to affect real contracts because it requires deliberately placing arrays at the storage boundary, which bypasses normal compiler safeguards. The bug existed since version 0.1.0 and was fixed in version 0.8.32. Both IR and evmasm compilation pipelines were affected, with the fix replacing pointer-based iteration with index-based iteration to correctly handle wraparound cases.
Table of contents
BackgroundThe Cause of the BugWhich Contracts Are Affected?Technical DetailsExamplesSeverity AssessmentAcknowledgementsSort: