• Critical Vulnerability Mitigation: This release addresses a critical vulnerability that previously posed a risk of unauthorized access to Operator assets. To mitigate this, a new verification step has been introduced during the creation of Holder accounts. These accounts can now only be generated using the CreateWithSeed(base, seed, programId) approach. Notably, the format of the HolderCreate instruction has been modified, incorporating seed-based data and its length. This change aligns with the system instruction SystemProgram::CreateAccountWithSeed. The potential attack scenario involved intercepting accounts created by Neon EVM during iterative transactions, particularly accounts designed to accommodate extensive contracts deployed within a transaction. Neon EVM now expands the size of these accounts over multiple Solana transactions due to the platform's 10kB resizing limitation for PDA accounts. The attacker's strategy included specifying instructions for creating a Holder account once the account exists but remains uninitialized, allowing them to withdraw the stored LAMPORTs after closing the account.
• Solidity/Viper Contract Support: This release adds support for block.timestamp and block.number in Solidity/Viper contracts for the CREATE2 instruction and mapping indexes. Please note that this change requires corresponding implementation on the Neon Proxy side.
• Solana State Optimization: Significant optimizations have been made for applying changes to the Solana state. This improvement minimizes the number of requests to the Solana state by consolidating multiple changes for one Solana account into a single change in the Solana state.
• Precompiled Contracts in Emulator: Neon EVM now allows the use of precompiled contracts from the emulator. This enables a proxy to make direct calls to precompiled contracts in eth_call.
• EIP-2930 Support: The release incorporates support for EIP-2930, which introduces the new version of Ethereum transactions with access lists. For further details, please refer to the Ethereum documentation. Note that this change necessitates implementation on the Neon Proxy side.