Add bug list entry

Author: rodiazet

docs/bugs.json

@@ -1,4 +1,18 @@
 [
+    {
+        "uid": "SOL-2026-2",
+        "name": "UnusedStoreEliminatorStaleReturnDataSize",
+        "summary": "The Yul optimizer's ``UnusedStoreEliminator`` may incorrectly remove ``returndatacopy(...)`` operations when using a stale value from ``returndatasize()`` that was invalidated by subsequent call operations.",
+        "description": "The ``UnusedStoreEliminator`` is a Yul optimizer step that removes redundant memory and storage writes. One of the operations eligible for removal is ``returndatacopy(...)``. This particular operation has a quirk - unlike any other instruction for bulk memory copying it reverts on out-of-bounds access. A revert is one of the side-effects that the optimizer guarantees to preserve so the operation can only be removed when it is certain that it cannot revert. This is the case when the entire return data buffer is copied to memory, i.e. when the start offset is zero and the length equals ``returndatasize()``. The optimizer was special-cased to detect and optimize only this specific pattern, since it matches the code produced by the code generator for external calls. However, the check did not account for the possibility of ``returndatasize()`` values becoming stale. The size of the return data buffer is updated by ``call()``, ``staticcall()``, ``delegatecall()``, and ``callcode()``. If a ``returndatasize()`` value is stored in a variable before such an operation and then used in a subsequent ``returndatacopy(...)``, the stored size may no longer reflect the actual return data buffer size. Despite this, the optimizer would consider it safe to remove, bypassing the revert and allowing the code to continue, possibly leading to unexpected behavior. Since the code generator never produces code that interleaves multiple calls and access to their return data, the bug only affected inline assembly or handwritten Yul code. The necessary condition is the use of an optimizer sequence including the ``UnusedStoreEliminator`` step (which is the default).",
+        "link": "https://blog.soliditylang.org/2026/04/29/unusedstore-eliminator-stale-returndatasize-bug/",
+        "introduced": "0.8.13",
+        "fixed": "0.8.35",
+        "severity": "very low",
+        "conditions": {
+            "yulOptimizer": true,
+            "evmVersion": ">=byzantium"
+        }
+    },
     {
         "uid": "SOL-2026-1",
         "name": "TransientStorageClearingHelperCollision",

docs/bugs_by_version.json

@@ -1869,6 +1869,7 @@
     },
     "0.8.13": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1884,6 +1885,7 @@
     },
     "0.8.14": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1897,6 +1899,7 @@
     },
     "0.8.15": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1908,6 +1911,7 @@
     },
     "0.8.16": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1918,6 +1922,7 @@
     },
     "0.8.17": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1927,6 +1932,7 @@
     },
     "0.8.18": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1936,6 +1942,7 @@
     },
     "0.8.19": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1960,6 +1967,7 @@
     },
     "0.8.20": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1969,57 +1977,66 @@
     },
     "0.8.21": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication"
         ],
         "released": "2023-07-19"
     },
     "0.8.22": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication"
         ],
         "released": "2023-10-25"
     },
     "0.8.23": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2023-11-08"
     },
     "0.8.24": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2024-01-25"
     },
     "0.8.25": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2024-03-14"
     },
     "0.8.26": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2024-05-21"
     },
     "0.8.27": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2024-09-04"
     },
     "0.8.28": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2024-10-09"
     },
     "0.8.29": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
@@ -2041,32 +2058,38 @@
     },
     "0.8.30": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2025-05-07"
     },
     "0.8.31": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2025-12-03"
     },
     "0.8.32": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision"
         ],
         "released": "2025-12-18"
     },
     "0.8.33": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision"
         ],
         "released": "2025-12-18"
     },
     "0.8.34": {
-        "bugs": [],
+        "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize"
+        ],
         "released": "2026-02-18"
     },
     "0.8.4": {