Forwarded from Remedy
First high-severity Solidity compiler bug since 2016 — identified by Hexens
Hexens has identified a HIGH severity vulnerability in the Solidity compiler itself.
Not in a specific project. In Solidity.
The issue, TSTORE Poison, can silently corrupt contract storage and introduce critical vulnerabilities without obvious indicators. This makes it particularly dangerous for developers and auditors who rely on compiler-level guarantees.
To assess the ecosystem-wide impact, we used Glider to scan integrated chains and evaluate the potential blast radius. Cross-chain impact analysis at this scale is exactly what Glider is designed for.
🔎 Technical write-up:
https://hexens.io/research/solidity-compiler-bug-tstore-poison
📢 Official announcement:
https://x.com/solidity_lang/status/2024181697168945228?s=46
If you develop or audit Solidity smart contracts, we strongly recommend reviewing the report
Hexens has identified a HIGH severity vulnerability in the Solidity compiler itself.
Not in a specific project. In Solidity.
The issue, TSTORE Poison, can silently corrupt contract storage and introduce critical vulnerabilities without obvious indicators. This makes it particularly dangerous for developers and auditors who rely on compiler-level guarantees.
To assess the ecosystem-wide impact, we used Glider to scan integrated chains and evaluate the potential blast radius. Cross-chain impact analysis at this scale is exactly what Glider is designed for.
🔎 Technical write-up:
https://hexens.io/research/solidity-compiler-bug-tstore-poison
📢 Official announcement:
https://x.com/solidity_lang/status/2024181697168945228?s=46
If you develop or audit Solidity smart contracts, we strongly recommend reviewing the report
X (formerly Twitter)
Solidity (@solidity_lang) on X
Full bug explainer: https://t.co/vHHui8jAZF
Thanks to @hexens for the discovery and thorough report, @_SEAL_Org and @dedaub for their swift response and help in identifying affected contracts.
Thanks to @hexens for the discovery and thorough report, @_SEAL_Org and @dedaub for their swift response and help in identifying affected contracts.
🔥1
https://blog.cryptographyengineering.com/2026/03/02/anonymous-credentials-an-illustrated-primer/
匿名凭证的构造原理
匿名凭证的构造原理
A Few Thoughts on Cryptographic Engineering
Anonymous credentials: an illustrated primer
This post has been on my back burner for well over a year. This has bothered me, since with every month that goes by, I become more convinced that anonymous authentication the most important topic …