Bump version to v0.1.2 + update README

GNSPS · Jan 7, 2021 · 9cb61ce · 9cb61ce
1 parent e470a89
commit 9cb61ce
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -10,6 +10,18 @@ Given this library has an all-internal collection of methods it doesn't make sen
 
 ## Important Fixes Changelog
 
+_**2021-01-07**_
+
+A bug regarding zero-length slices was disclosed by @MrChico following an audit to the Optimism codebase.
+
+The exact bug happened under the following conditions: if memory slots higher then the current free-memory pointer were tainted before calling the `slice` method with a desired length of `0`, the returned bytes array, instead of being a zero-length slice was an array of arbitrary length based on the values that previously populated that memory region.
+
+Overall, the usage of zero-length slices should be pretty unusual and, as such, hopefully, this bug does not have far-reaching implications. Nonetheless, *please update the library to the new version if you're using it in production*.
+
+**TL;DR: if you're using the `slice` method with a length parameter of '0' in your codebase, please update to version 0.1.2 of the bytes library ASAP!**
+
+_**2020-11-01**_
+
 There was a **critical bug** in the `slice` method, reported on an audit to a DXDao codebase.
 
 Previously, no checks were being made on overflows of the `_start` and `_length` parameters since previous reviews of the codebase deemed this overflow "unexploitable" because of an inordinate expansion of memory (i.e., reading an immensely large memory offset causing huge memory expansion) resulting in an out-of-gas exception.
@@ -22,6 +34,10 @@ This made me realize that in permissioned blockchains where gas is also not a li
 
 ## _Version Notes_:
 
+* Version `v0.1.2` has a major bug fix.
+
+* Version `v0.1.1` has a critical bug fix.
+
 * Version `v0.9.0` now compiles with Solidity compilers `0.5.x` and `0.6.x`.
 
 * Since version `v0.0.7` the library will only compile on Solidity versions `>0.4.22` so, if you need `v0.4.x` support for your project just use `v0.0.6` of the library with:

diff --git a/ethpm.json b/ethpm.json
@@ -1,6 +1,6 @@
 {
   "package_name": "bytes",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Solidity bytes tightly packed arrays utility library.",
   "authors": [
     "Gonçalo Sá <[email protected]>"

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "solidity-bytes-utils",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Solidity bytes tightly packed arrays utility library.",
   "main": "truffle.js",
   "repository": {