solidity/v2.0.1 is the release of the security fix for a medium-severity vulnerability found in the WalletRegistry contract. The patch blocks the possibility of leveraging the EVM stack depth limit to invalidate a valid ECDSA DKG result. Detailed description of the problem can be found in the relevant pull request: #3756
The release commit hash is signed by the development team, verifiable on Keybase. Our Keybase usernames are all associated with the Keep organization and with our GitHub usernames.
Commit hash for clean builds is b3f4aea4d616bec2b40b8a4cee50756deef6c5da.
Signatures of commit hash from the development team (verify these in the Keybase app):
-
@tomaszslabon
BEGIN KEYBASE SALTPACK SIGNED MESSAGE. kXR7VktZdyH7rvq v5weRa0zk7xdHzK Gm9BtmKb2FhcVia 1x14PuUuG7fVaLE jQhGdMxCf8Am1oH 8AYyFXjCObIF1W0 3MPdXXi4QiqwRkD P3cw1qa06kDvSkZ 7P4eSMpnCT9IECT Ns5Za1zpicpUZoY nFADF2H5FOKeWkD PMRwGqC1fbyAsvD dURGqd5Ho9EPzsU AidhEbClH2ZkYhJ IRPHt0RBNBHMcxC Nr9dgHXQV2wISMD . END KEYBASE SALTPACK SIGNED MESSAGE. -
@lukasz-zimnoch
BEGIN KEYBASE SALTPACK SIGNED MESSAGE. kXR7VktZdyH7rvq v5weRa0zk90sDpX wIX07Cfy2Yz31Xq 8mliRvTpoVIDeBV VZiP1JZd9acKPiR PCj7Go82UwGVDLJ 4KuXGBC6zi5AMJj M2QjWgRpOmRo0xR lzSRz4GDakaCuIT P1vrBiP4lHGlJ7y NCz8IkPcsLOrbuF 0uAdVIuRudj9b7w qwpRcJcssJke0Aj bzIjkoxQFtnQB4R ZBhVx0RBNBHMcxC Nr9dgHXQV2wISMD . END KEYBASE SALTPACK SIGNED MESSAGE.
Finally, note that the full set of work that went into the solidity/v2.0.1 version can be found in the corresponding solidity/v2.0.1 milestone.