diff options
| author | chriseth <chris@ethereum.org> | 2017-04-18 17:40:00 +0800 |
|---|---|---|
| committer | chriseth <chris@ethereum.org> | 2017-04-18 17:40:00 +0800 |
| commit | 11d30ec04fcc7d017fe3c419c6ad64f657a17e96 (patch) | |
| tree | 42657ac09468d4c09c0eb67a856ad7f23fd8ad83 | |
| parent | 10c32362ead6b5198221a48605e16c89a7800deb (diff) | |
| download | dexon-solidity-11d30ec04fcc7d017fe3c419c6ad64f657a17e96.tar.gz dexon-solidity-11d30ec04fcc7d017fe3c419c6ad64f657a17e96.tar.zst dexon-solidity-11d30ec04fcc7d017fe3c419c6ad64f657a17e96.zip | |
Some changes after review.
| -rw-r--r-- | docs/bugs.json | 2 | ||||
| -rw-r--r-- | docs/bugs.rst | 5 | ||||
| -rw-r--r-- | docs/security-considerations.rst | 3 |
3 files changed, 5 insertions, 5 deletions
diff --git a/docs/bugs.json b/docs/bugs.json index 4e7f1245..2a8d167a 100644 --- a/docs/bugs.json +++ b/docs/bugs.json @@ -30,7 +30,7 @@ "name": "OptimizerStaleKnowledgeAboutSHA3", "summary": "The optimizer did not properly reset its knowledge about SHA3 operations resulting in some hashes (also used for storage variable positions) not being calculated correctly.", "description": "The optimizer performs symbolic execution in order to save re-evaluating expressions whose value is already known. This knowledge was not properly reset across control flow paths and thus the optimizer sometimes thought that the result of a SHA3 operation is already present on the stack. This could result in data corruption by accessing the wrong storage slot.", - "severity": "low/medium", + "severity": "medium", "fixed": "0.4.3", "conditions": { "optimizer": true diff --git a/docs/bugs.rst b/docs/bugs.rst index 083759f3..8c6f58b1 100644 --- a/docs/bugs.rst +++ b/docs/bugs.rst @@ -6,7 +6,7 @@ List of Known Bugs ################## -Below, you can find a JSON-formatted list of known security-relevant bugs in the +Below, you can find a JSON-formatted list of some of the known security-relevant bugs in the Solidity compiler. The file itself is hosted in the `Github repository <https://github.com/ethereum/solidity/blob/develop/docs/bugs.json>`_. The list stretches back as far as version 0.3.0, bugs known to be present only @@ -20,8 +20,7 @@ Contract source verification tools and also other tools interacting with contracts should consult this list according to the following criteria: - It is mildly suspicious if a contract was compiled with a nightly - compiler version instead of a released version. These compiler versions - might contain undocumented bugs. + compiler version instead of a released version - It is also mildly suspicious if a contract was compiled with a version that was not the most recent at the time the contract was created. For contracts created from other contracts, you have to follow the creation chain diff --git a/docs/security-considerations.rst b/docs/security-considerations.rst index 1afaf051..1e92afa7 100644 --- a/docs/security-considerations.rst +++ b/docs/security-considerations.rst @@ -22,7 +22,8 @@ you should be more careful. This section will list some pitfalls and general security recommendations but can, of course, never be complete. Also, keep in mind that even if your smart contract code is bug-free, the compiler or the platform itself might -have a bug. All known security-relevant bugs of the compiler can be found in the +have a bug. A list of some publicly known security-relevant bugs of the compiler +can be found in the :ref:`list of known bugs<known_bugs>`, which is also machine-readable. Note that there is a bug bounty program that covers the code generator of the Solidity compiler. |