[ { "uid": "SOL-2025-1", "name": "LostStorageArrayWriteOnSlotOverflow", "summary": "Operations that involve clearing or copying from arrays that straddle the end of storage could result in silent data retention.", "description": "Solidity makes it possible to define variables that extend past the last (2**256-th) slot of storage, which results in wrap-around back to slot zero. Since EVM uses 256-bit integer arithmetic, most operations on such variables just work. The only situation which requires special attention is iteration against absolute slot addresses: the invariant that the last slot belonging to a variable has the highest address does not hold. When implemented incorrectly, a loop over an array will immediately terminate if the container spans the end of storage - due to the initial position already being greater than the end position. This affected storage array clearing loops generated by both evmasm and IR pipelines. Additionally, (only in the evmasm pipeline) c
Rocky Fikki rfikki
rfikki
/ solidity_compiler_version_bugs.md
Created
January 22, 2026 14:16
Lists of known solidity bugs based on compiler version
rfikki
/ WrappedCurrencyCoin.sol
Created
August 21, 2025 11:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.20; | |
| import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; | |
| import "@openzeppelin/contracts/access/Ownable.sol"; | |
| /// @title CurrencyCoin Interface | |
| /// @notice Interface for interacting with the CurrencyCoin contract | |
| interface CurrencyCoin { |
rfikki
/ CurrencyAirdropClaim.sol
Created
August 15, 2025 01:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity 0.8.30; | |
| import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; | |
| import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; | |
| import "@openzeppelin/contracts/access/Ownable.sol"; | |
| import "@openzeppelin/contracts/security/Pausable.sol"; | |
| import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; | |
| import "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol"; |
rfikki
/ WrappedCurrencyCoin.sol
Last active
July 22, 2025 21:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.20; | |
| import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; | |
| import "@openzeppelin/contracts/access/Ownable.sol"; | |
| /** | |
| * @title Interface for the external CurrencyCoin contract. | |
| * @dev This interface defines the functions that the WrappedCurrencyCoin contract | |
| * will call on the original 2015 Currency.sol contract. |
rfikki
/ gist:80703762d5e836790215a8421df9e6d5
Created
July 4, 2025 18:44
— forked from simondlr/gist:45f0c8024a88d8dc54f8
Standard Token Contract on Ethereum
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Most, basic default, standardised Token contract. | |
| //Based on standardised APIs & slightly extended. https://github.com/ethereum/wiki/wiki/Standardized_Contract_APIs | |
| //adds AddressApproval & AddressApprovalOnce events | |
| //approve & approveOnce works on premise that approved always takes precedence. | |
| //adds unapprove to basic coin interface. | |
| contract Coin { | |
| function sendCoin(uint _value, address _to) returns (bool _success) {} | |
| function sendCoinFrom(address _from, uint _value, address _to) returns (bool _success) {} | |
| function coinBalance() constant returns (uint _r) {} |
rfikki
/ WrappedCurrencyCoin.sol
Created
June 18, 2025 21:55
WrappedCurrencyCoin wrapper for 2015 currency.sol located here: 0x8494F777d13503BE928BB22b1F4ae3289E634FD3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.20; | |
| import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; | |
| import "@openzeppelin/contracts/access/Ownable.sol"; | |
| interface CurrencyCoin { | |
| function coinBalanceOf(address _owner) external returns (uint256); | |
| function sendCoin(uint256 _amount, address _receiver) external; |
rfikki
/ Democracy.sol
Last active
June 10, 2025 09:18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Contract at 0x318143cFd742FB637f4833FF0EAfEe66c9a35327 | |
| Created: (Aug-25-2015 02:58:28 AM UTC) | |
| Solidity version: 0.1.3-0/.-/clang/int linked to libethereum-0.9.92-0/.-/clang/int | |
| Change to: v0.1.3+commit.028f561d tested on 3.5 | |
| Text Wrap Enable Optimization | |
| https://chriseth.github.io/browser-solidity/#version=soljson-v0.3.5+commit.5f97274a.js&optimize=true | |
| Bytecode: |
rfikki
/ Currency.sol
Created
February 15, 2025 14:35
Source Verification for Etherscan.io Contract: 0x8494F777d13503BE928BB22b1F4ae3289E634FD3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Submitted to Etherscan.io for verification for contract at 0x8494F777d13503BE928BB22b1F4ae3289E634FD3 | |
| /* rfikki was here in 2015 */ | |
| contract currency { | |
| struct Account { | |
| uint balance; | |
| mapping ( address => uint) withdrawers; | |
| } |
rfikki
/ FinneyDonationGamble
Created
January 11, 2025 14:35
— forked from FrankHold/FinneyDonationGamble
Ethereum Contract 0x233820087a752349ee20daab1c18e0b7c546d3f6 : Finney Donation Gamble - Solidity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Doku see https://drive.google.com/file/d/0Bzjj9RC5wV6KRndsd1FQOGFPb0E/view?usp=sharing | |
| contract FinneyDonationGamble { | |
| // Basics | |
| address foundation = 0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae; | |
| // History | |
| uint256 Bets_total_number; // Number of bets | |
| uint256 Bets_since_last_win; // Number of bets since last win | |
| uint256 Sum_of_Payouts; // Sum pay out | |
| uint256 Sum_of_Donations; // Sum donations |
rfikki
/ Trexsample.sol
Created
May 16, 2023 08:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| *Code author/customizations by rfikki - rocky@safecommerce.io | |
| *Created for illustration only | |
| *Using OpenZeppelin as basis | |
| *To be submitted for verification at Etherscan.io on 2023-xx-xx | |
| */ | |
| // File: @openzeppelin/contracts/utils/Context.sol | |
NewerOlder