Skip to content

Releases: GNSPS/solidity-bytes-utils

v0.8.0 - Solidity >0.8.0 support!

13 Apr 00:02
Compare
Choose a tag to compare

This version introduces breaking changes to support the new Solidity v0.8.x syntax.

It also marks a new versioning system that will always match Solidity's major version, that is how you can assess compatibility going forward.

❤️

v0.1.1 - Critical Bug Fix v2

01 Oct 14:14
Compare
Choose a tag to compare

Please update to this version that fully mitigates the memory corruption bug disclosed on October 1st.

Thank you to @shanefontaine for reviewing the fixes!

v0.1.0 - Critical bug fix

30 Sep 19:51
Compare
Choose a tag to compare

With this version we up the minor version in an attempt to signal the importance of the fix in an, otherwise, very stable project for a while.

From the README:

There was a critical bug in the slice method, reported on an audit to a DXDao codebase.

Previously, no checks were being made on overflows of the _start and _length parameters since previous reviews of the codebase deemed this overflow "unexploitable" because of an inordinate expansion of memory (i.e., reading an immensely large memory offset causing huge memory expansion) resulting in an out-of-gas exception.

However, as noted in the review mentioned above, this is not the case. The slice method in versions <=0.9.0 actually allows for arbitrary kind of (i.e., it allows memory writes to very specific values) arbitrary memory writes _in the specific case where these parameters are user-supplied inputs and not hardcoded values (which is uncommon).

This made me realize that in permissioned blockchains where gas is also not a limiting factor this could become problematic in other methods and so I updated all typecasting-related methods to include new bound checks as well.

TL;DR: if you're using the slice method with user-supplied inputs in your codebase please update the bytes library immediately!

v0.0.8 - Additional uint typecasting methods

26 Jun 18:56
Compare
Choose a tag to compare

Changelog:

  • This version introduces all the missing unsigned integer typecasting methods (uint64, uint96, uint128). Thank you @bh2smith for his contribution! 🎉

v0.0.7 - Upgrade to Solidity v0.5.0

27 Feb 02:18
14ca2bd
Compare
Choose a tag to compare

Changelog:

  • Refactored codebase to support Solidity's v0.5.x breaking syntax changes. (Thank you for the awesome contribution @fubuloubu!)
  • Refactored tests. (Ditched the ThrowProxy pattern)

v0.0.6 - Addition of new typecast methods

11 Feb 20:02
9776282
Compare
Choose a tag to compare

Changelog:

  • Several smaller-than-32-bytes new typecasting methods [uint8, uint16, uint32]. (Thank you @hihiben !! 😄 )
  • New bytes32 typecasting method.

v0.0.5 - Critical fix for `slice()`

25 Jan 01:50
cdaba01
Compare
Choose a tag to compare

A new release containing one critical fix!

Changelog:

  • Critical fix to the slice() method when slicing multiples of 32 bytes. (Thank you @chetmurthy !! 😄 )

v0.0.4 - Production Release

16 Jan 19:44
34383c7
Compare
Choose a tag to compare

v0.0.4 - production Release

The first audit has been completed and reviewed. The library is now ready for production use. 🎉

Note: This release has an artificial bump of the version string to be able to override an earlier, misnamed version in EPM.

v0.0.3-ac.2

10 Jan 15:34
ceca52e
Compare
Choose a tag to compare
v0.0.3-ac.2 Pre-release
Pre-release

This version is the first (and hopefully last) audit pass to the v0.0.3-ac.1, this library's first audit candidate.

Several errors have been corrected and I am now confident in the good functioning of the library.

Changelog:

  • Memory arrays concatenation that had the second array's length be a multiple of 32 bytes do not waste a full 32 bytes slot in the allocation anymore
  • Concatenation of storage arrays had a nasty flaw when crossing the first 32 bytes slot threshold in storage. All is good now!

v0.0.3-ac1

15 Dec 17:54
c1eb809
Compare
Choose a tag to compare
v0.0.3-ac1 Pre-release
Pre-release

Version bump for a critical fix in one of the equality methods.

Still not audited and being released as a pre-release. The bug was caught pre-audit.

Changelog:

  • Fix for critical bug in the storage/memory equality method when comparing zero-length memory arrays.