First high-severity Solidity compiler bug since 2016 — identified by Hexens
Hexens has identified a HIGH severity vulnerability in the Solidity compiler itself.
Not in a specific project. In Solidity.
The issue, TSTORE Poison, can silently corrupt contract storage and introduce critical vulnerabilities without obvious indicators. This makes it particularly dangerous for developers and auditors who rely on compiler-level guarantees.
To assess the ecosystem-wide impact, we used Glider to scan integrated chains and evaluate the potential blast radius. Cross-chain impact analysis at this scale is exactly what Glider is designed for.
🔎 Technical write-up:
https://hexens.io/research/solidity-compiler-bug-tstore-poison
📢 Official announcement:
https://x.com/solidity_lang/status/2024181697168945228?s=46
If you develop or audit Solidity smart contracts, we strongly recommend reviewing the report
Hexens has identified a HIGH severity vulnerability in the Solidity compiler itself.
Not in a specific project. In Solidity.
The issue, TSTORE Poison, can silently corrupt contract storage and introduce critical vulnerabilities without obvious indicators. This makes it particularly dangerous for developers and auditors who rely on compiler-level guarantees.
To assess the ecosystem-wide impact, we used Glider to scan integrated chains and evaluate the potential blast radius. Cross-chain impact analysis at this scale is exactly what Glider is designed for.
🔎 Technical write-up:
https://hexens.io/research/solidity-compiler-bug-tstore-poison
📢 Official announcement:
https://x.com/solidity_lang/status/2024181697168945228?s=46
If you develop or audit Solidity smart contracts, we strongly recommend reviewing the report
