Security company Dedaub discovered vulnerabilities in the Solidity compiler, which significantly increase gas costs due to dead code in most deployed contracts
ChainCatcher news, the security company Dedaub team discovered a vulnerability in the Ethereum programming language Solidity compiler, which causes dead code to be included in the bytecode of deployed contracts, significantly increasing the gas cost when deploying and operating smart contracts. Dedaub stated that the team found this error while evaluating the open-source binary decompiler Gigahorse. The vulnerability occurs when library methods are only called by the contract's constructor.Through the analysis with Gigahorse, Dedaub found that at least 35% of contracts contain some dead code, with 33% occupying most of their running bytecode. These results are predominantly seen in NFT proxies, but other proxy contracts also have the same issue. For large contracts, this problem can be overlooked, but most deployed contracts are small contracts. The Dedaub team had already discovered this error last November and alerted the Solidity team to confirm the issue. (source link)