Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Billions in crypto liquidated as bitcoin crashes to $82,000

    July 12, 2026

    Security Alert – Mist can be vulnerable when navigating to malicious DApps

    July 12, 2026

    Zcash price has climbed above $500 as Ironwood upgrade optimism lifts trader activity

    July 12, 2026
    Facebook X (Twitter) Instagram
    Block Buzz News
    • Bitcoin
    • Coinbase
      • Litecoin
      • Altcoins
    • Blockchain
    • Crypto
    • Ethereum
    • Lithosphere News Releases
    Facebook X (Twitter) Instagram YouTube
    Block Buzz News
    Home » Security Alert – Solidity – Variables can be overwritten in storage
    Ethereum

    Security Alert – Solidity – Variables can be overwritten in storage

    Sophia BrownBy Sophia BrownJuly 12, 2026No Comments2 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Summary: In some situations, variables can overwrite other variables in storage.

    Affected Solidity compiler versions: 0.1.6 to 0.4.3 (including 0.4.4 pre-release versions)

    Detailed description:

    Storage variables that are smaller than 256 bits are packed together into the same 256 bit slot if they can fit. If a value larger than what is allowed by the type is assigned to the first variable, that value will overwrite the second variable.

    This means if an attacker can cause an overflow in the value of the first variable, then the second variable can be modified. Creating an overflow in the first variable is possible using arithmetics or by directly passing in a value from the call data (values in call data are aligned to 32 bytes, and padding is neither verified nor enforced).

    Contracts that only use the types listed below for state variables are not affected. Arrays, mappings and structs (based on those following types) are also not affected:

    • signed integers, including sizes smaller than 256 bits
    • bytesNN types, including sizes smaller than 256 bits
    • unsigned integers (uint) of 256 bits

    Contracts with types smaller than 256 bits that are never next to each other (note that state variables of base contracts are “pulled in”) are not affected.

    The Ethereum multisignature wallet contract is not affected.
    Note that addresses take up 160 bits, so contracts that only use addresses and 256-bit types are safe. Additionally, addresses and booleans are almost never manipulated via arithmetic operations in practice, so contracts using only addresses, booleans and 256 bit types should also be safe.

    The following contracts may be affected:
    Contracts containing two or more contiguous state variables where the sum of their sizes is less than 256 bits and the first state variable is not a signed integer and not of bytesNN type.

    Types smaller than 256 bits include:
    bool, enums, uint8, …, uint248, int8, …, int248, address, any contract type

    Recommended action:

    • Recompile contracts that have not yet been deployed using at least Solidity release 0.4.4 (not the pre-release or nightly version).
    • Deactivate, remove funds from, or upgrade already deployed contracts.

    This vulnerability was found by [github.com/catageek](https://github.com/catageek): [https://github.com/ethereum/solidity/issues/1306](https://github.com/ethereum/solidity/issues/1306)



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Sophia Brown

    Related Posts

    Security Alert – Mist can be vulnerable when navigating to malicious DApps

    July 12, 2026

    Uncle Rate and Transaction Fee Analysis

    July 12, 2026

    Analysis of Storage Corruption Bug

    July 12, 2026

    Whoa… Geth 1.5 | Ethereum Foundation Blog

    July 12, 2026
    Add A Comment
    Leave A Reply Cancel Reply

    Top Posts

    Kalshi gets CFTC support in Ohio sports market appeal

    May 13, 2026

    UK gov’t could sell $6.3B seized bitcoin to help economy, report

    May 13, 2026

    MicroStrategy invents a new way to dilute shareholders with STRK

    May 13, 2026

    Switzerland town launches Hedera powered municipal biodiversity voucher system

    May 13, 2026
    Don't Miss
    Coinbase

    Billions in crypto liquidated as bitcoin crashes to $82,000

    By John SmithJuly 12, 2026

    BTC’s price fell to $82K today during one of crypto’s worst months since the catastrophic…

    Security Alert – Mist can be vulnerable when navigating to malicious DApps

    July 12, 2026

    Zcash price has climbed above $500 as Ironwood upgrade optimism lifts trader activity

    July 12, 2026

    Users blast curators Re7 and Silo for handling of DeFi turmoil

    July 12, 2026
    Stay In Touch
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    About Us

    BlockBuzzNews: Your daily dose of the latest in cryptocurrency trends, insights, and updates!

    Our Picks

    Billions in crypto liquidated as bitcoin crashes to $82,000

    July 12, 2026

    Security Alert – Mist can be vulnerable when navigating to malicious DApps

    July 12, 2026

    Zcash price has climbed above $500 as Ironwood upgrade optimism lifts trader activity

    July 12, 2026
    Most Popular

    Kalshi gets CFTC support in Ohio sports market appeal

    May 13, 2026

    UK gov’t could sell $6.3B seized bitcoin to help economy, report

    May 13, 2026

    MicroStrategy invents a new way to dilute shareholders with STRK

    May 13, 2026

    Type above and press Enter to search. Press Esc to cancel.