cannon icon indicating copy to clipboard operation
cannon copied to clipboard

Published 20 hours ago verified publisher icon ethereum-optimism

Integer overflow risks, update Solidity version pragma to 0.8.x

Open shazow opened this issue 3 years ago • 3 comments

The Challenge.sol contract uses uint256 without overflow checks, and there is some arithmetic in places that would benefit from overflow checks.

Updating the pragma to 0.8.x would include built-in solc overflow checks, easy fix that's worth doing.

shazow avatar Mar 31 '22 15:03 shazow

Thanks for the issue 🙏 We will definitely do this.

norswap avatar Apr 01 '22 13:04 norswap

We will soon be looking at an upgrade to the latest solidity version. But note that some overflows are a feature, not a bug, to emulate uint32 behavior of registers, where overflows are expected to happen. We'll need to be careful with introducing safe-math-by-default behavior of 0.8.x to not break expected MIPS behavior.

protolambda avatar May 01 '23 15:05 protolambda

IIRC the specific overflow issue was in the challenge game (maybe something about being able to wrap around the binary search cursor?).

Could make sense to disable overflow protections in the VM implementation as needed, while still have it in the higher-level contracts.

But yea, worth considering these choices carefully when the time comes. :)

shazow avatar May 01 '23 16:05 shazow