Add changelog and bug list entry.

Author: rodiazet

Changelog.md

@@ -3,6 +3,9 @@
 Language Features:
 * General: Add a builtin that computes the base slot of a storage namespace using the `erc7201` formula from ERC-7201.
 
+Important Bugfixes:
+* Yul Optimizer: Fix `UnusedStoreEliminator` incorrectly removing `returndatacopy` operations when the length comes from a stale `returndatasize()` call that was invalidated by subsequent call opcodes.
+
 Compiler Features:
 * Commandline Interface: Disallow selecting the deprecated assembly input mode that was only accessible via `--assemble` instead of treating it as equivalent to `--strict-assembly`.
 * Commandline Interface: Introduce `--experimental` flag required for enabling the experimental mode.
@@ -15,6 +18,7 @@ Compiler Features:
 * Standard JSON Interface: Introduce `settings.experimental` setting required for enabling the experimental mode.
 * Standard JSON Interface: Replace the top-level ``ethdebug`` output with ``ethdebug.resources`` and ``ethdebug.compilation``. Decouple ethdebug outputs from binary compilation so that global ethdebug outputs can be produced without generating bytecode.
 * Yul Optimizer: Improve performance of control flow side effects collector and function references resolver.
+* Yul Optimizer: Remove optimization that eliminated `returndatacopy` operations.
 
 Bugfixes:
 * Yul: Fix incorrect serialization of Yul object names containing double quotes and escape sequences, producing output that could not be parsed as valid Yul.

docs/bugs.json

@@ -1,4 +1,18 @@
 [
+    {
+        "uid": "SOL-2026-2",
+        "name": "UnusedStoreEliminatorStaleReturnDataSize",
+        "summary": "The Yul optimizer's ``UnusedStoreEliminator`` may incorrectly remove ``returndatacopy(...)`` operations when using a stale value from ``returndatasize()`` that was invalidated by subsequent call operations.",
+        "description": "The ``UnusedStoreEliminator`` is a Yul optimizer step that removes redundant memory and storage writes. One of the operations eligible for removal is ``returndatacopy(...)``. This particular operation has a quirk - unlike any other instruction for bulk memory copying it reverts on out-of-bounds access. A revert is one of the side-effects that the optimizer guarantees to preserve so the operation can only be removed when it is certain that it cannot revert. This is the case when the entire return data buffer is copied to memory, i.e. when the start offset is zero and the length equals ``returndatasize()``. The optimizer was special-cased to detect and optimize only this specific pattern, since it matches the code produced by the code generator for external calls. However, the check did not account for the possibility of ``returndatasize()`` values becoming stale. The size of the return data buffer is updated by ``call()``, ``staticcall()``, ``delegatecall()``, and ``callcode()``. If a ``returndatasize()`` value is stored in a variable before such an operation and then used in a subsequent ``returndatacopy(...)``, the stored size may no longer reflect the actual return data buffer size. Despite this, the optimizer would consider it safe to remove, bypassing the revert and allowing the code to continue, possibly leading to unexpected behavior. Since the code generator never produces code that interleaves multiple calls and access to their return data, the bug only affected inline assembly or handwritten Yul code. The necessary condition is the use of an optimizer sequence including the ``UnusedStoreEliminator`` step (which is the default).",
+        "link": "https://blog.soliditylang.org/2026/04/21/unusedstore-eliminator-stale-returndatasize-bug/",
+        "introduced": "0.8.13",
+        "fixed": "0.8.35",
+        "severity": "very low",
+        "conditions": {
+            "yulOptimizer": true,
+            "evmVersion": ">=byzantium"
+        }
+    },
     {
         "uid": "SOL-2026-1",
         "name": "TransientStorageClearingHelperCollision",

docs/bugs_by_version.json

@@ -1869,6 +1869,7 @@
     },
     "0.8.13": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1884,6 +1885,7 @@
     },
     "0.8.14": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1897,6 +1899,7 @@
     },
     "0.8.15": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1908,6 +1911,7 @@
     },
     "0.8.16": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1918,6 +1922,7 @@
     },
     "0.8.17": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1927,6 +1932,7 @@
     },
     "0.8.18": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1936,6 +1942,7 @@
     },
     "0.8.19": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1960,6 +1967,7 @@
     },
     "0.8.20": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication",
             "FullInlinerNonExpressionSplitArgumentEvaluationOrder",
@@ -1969,57 +1977,66 @@
     },
     "0.8.21": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication"
         ],
         "released": "2023-07-19"
     },
     "0.8.22": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow",
             "VerbatimInvalidDeduplication"
         ],
         "released": "2023-10-25"
     },
     "0.8.23": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2023-11-08"
     },
     "0.8.24": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2024-01-25"
     },
     "0.8.25": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2024-03-14"
     },
     "0.8.26": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2024-05-21"
     },
     "0.8.27": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2024-09-04"
     },
     "0.8.28": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2024-10-09"
     },
     "0.8.29": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
@@ -2041,32 +2058,38 @@
     },
     "0.8.30": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2025-05-07"
     },
     "0.8.31": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision",
             "LostStorageArrayWriteOnSlotOverflow"
         ],
         "released": "2025-12-03"
     },
     "0.8.32": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision"
         ],
         "released": "2025-12-18"
     },
     "0.8.33": {
         "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize",
             "TransientStorageClearingHelperCollision"
         ],
         "released": "2025-12-18"
     },
     "0.8.34": {
-        "bugs": [],
+        "bugs": [
+            "UnusedStoreEliminatorStaleReturnDataSize"
+        ],
         "released": "2026-02-18"
     },
     "0.8.4": {