Security company Dedaub discovered vulnerabilities in the Solidity compiler, which significantly increase gas costs due to dead code in most deployed contracts

2023-02-11 11:05:11

Collection

ChainCatcher news, the security company Dedaub team discovered a vulnerability in the Ethereum programming language Solidity compiler, which causes dead code to be included in the bytecode of deployed contracts, significantly increasing the gas cost when deploying and operating smart contracts. Dedaub stated that the team found this error while evaluating the open-source binary decompiler Gigahorse. The vulnerability occurs when library methods are only called by the contract's constructor.

Through the analysis with Gigahorse, Dedaub found that at least 35% of contracts contain some dead code, with 33% occupying most of their running bytecode. These results are predominantly seen in NFT proxies, but other proxy contracts also have the same issue. For large contracts, this problem can be overlooked, but most deployed contracts are small contracts. The Dedaub team had already discovered this error last November and alerted the Solidity team to confirm the issue. (source link)

Related tags

Dedaub Solidity gas fee

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.