The contracts use the new Solidity ABI encoder, ABIEncoderV2.
This experimental encoder is not ready for production.
More than 3% of all GitHub issues for the Solidity compiler are related to experimental features, primarily ABIEncoderV2. Several issues and bug reports are still open and unresolved.
ABIEncoderV2 has been associated with more than 20 high-severity bugs, some of which are so recent that they have not yet been included in a Solidity release.
For example, in March 2019 a severe bug introduced in Solidity 0.5.5 was found in the encoder.
Short term, use neither ABIEncoderV2 nor any other experimental Solidity feature.
Refactor the code such that structs do not need to be passed to or returned from functions.
Long term, integrate static analysis tools like Slither into your CI pipeline to detect unsafe pragmas.
- ToB Audit Advanced Blockchain Finding 18
- Patching
- ABIEncoderV2 Issues & Bugs
- Avoid ABIEncoderV2
- Refactor Code