Developer Tools

SolSmith tool uncovers 25 miscompilation bugs in Solidity compiler

25 bugs found over 3 years, some hiding for years.

Deep Dive

A new paper by researcher Bhargava Shastry introduces SolSmith, a semantics-aware differential fuzz testing tool designed to catch miscompilation bugs in the Solidity compiler—the most popular compiler for Ethereum smart contracts. Over three years of testing, SolSmith discovered 25 previously unnoticed bugs that cause the compiler to produce incorrect code, with some defects hiding for multiple years. These miscompilation bugs can lead to vulnerabilities in smart contracts, potentially costing users millions in lost funds.

SolSmith works by generating valid Solidity test programs that specifically stress-test the compiler's code generation and optimization components. This approach catches bugs missed by routine testing. The paper also provides a qualitative and quantitative analysis of the bugs, classifying them by nature, root cause, and impact on end-users. The findings highlight common pitfalls in optimizing compilers and offer actionable insights for improving compiler testing rigor in blockchain development.

Key Points
  • SolSmith found 25 miscompilation bugs in the Solidity compiler over three years.
  • Some bugs went unnoticed for multiple years, posing hidden risks to smart contracts.
  • The tool generates valid test programs to stress code generation and optimization components.

Why It Matters

Improving Solidity compiler correctness directly reduces vulnerabilities in Ethereum smart contracts, protecting billions in digital assets.

📬 Get the top 10 AI stories daily