sbt-ethereum 0.5.2

Steve Randy Waldman

2021-03-16

sbt-ethereum v0.5.2 has been released!

This is an emergency release fixing a serious issue in sbt-ethereum versions 0.5.0 and 0.5.1. Please upgrade any repositories from those versions to v0.5.2 or later ASAP.

If you have imported ABIs into your sbt-ethereum shoebox using v0.5.0 or 0.5.1, you should dereference them with ethContractAbiDefaultDrop and ethContractAbiAliasDrop, and then reimport them. If you have compilations in your database from v0.5.0 or v0.5.1, please get in touch for tips.

Thanks Martin Koeppelmann for helping to unearth this bug!

sbt-ethereum v0.5.0 introduced (via the consuela library) a new, much simpler representation of the JSON ABIs that describe how clients interact with Ethereum contracts. That was a long overdue improvement, as the original library had grown unwieldy as the ABI specification has grown and changed.

Both representations support a canonical sort that sbt-ethereum uses to try to avoid storing duplicates of ABIs identical but for insignificant differences in ordering. (This is more motivated by sbt-ethereum‘s ABI-alias feature than by trying to economize on storage.)

Unfortunately, the new ABI representation overdid the canonical sorting thing, and sorted elements for which ordering is quite the opposite of insignificant, including function inputs and outputs, as well as constructor and event inputs. The ordering of these elements must mach the ordering of parameters declared in smart contract code, in order to be able to invoke functions and constructors, or interpret return values and events, properly. “Sorting” these elements was tantamount to scrambling their meaning.

In most cases, the effect will simply be failed function calls or decoding of values, but in some cases altered orderings may remain tragically compatible. If so, transactions including costly mistakes prompted by the misordered ABIs might unfortunately succeed.

Badly canonicalized ABIs should not be used. Any ABIs imported under sbt-ethereum versions 0.5.0 or 0.5.1 should be dereferenced, and ABIs from compilations stored in the sbt-ethereum shoebox may need to be repaired.

In addition to this emergency fix, sbt-ethereum v0.5.2 includes the following minor improvements:

More flexible interpretation of revert-message error data (so that error data including a “Reverted “ prefix before the standard error data will be interpreted rather than discarded as bad hex).
The byte datatype is properly canonicalized to bytes1 when computing function signatures and identifiers
ethContractAbiDefaultImport and ethContractAbiImport will no longer try automatic imports from Etherscan for chains other than Ethereum mainnet. (At present we query for the ABI at mainnet addresses, so ABI’s pulled for other chains might have been inappropriate. In the future, we may implement correct automatic import for non-mainnet chains that Etherscan supports.)

I’m very grateful for Martin Koeppelmann‘s help in working through the mysteries that led to discovery of the serious ABI cannonicalization bug!