feat: Upgrade built-in solidity compiler to 0.8.28 and create a bounty

Dockerfile

@@ -2,11 +2,11 @@
 
 # This enforces that the packages downloaded from the repositories are the same
 # for the defined date, no matter when the image is built.
-ARG UBUNTU_TAG=noble-20240827.1
-ARG APT_UPDATE_SNAPSHOT=20240827T030400Z
+ARG UBUNTU_TAG=noble-20241015
+ARG APT_UPDATE_SNAPSHOT=20241015T030400Z
 
 # Built-in binaries version
-ARG BUILTINS_VERSION=0.7.2
+ARG BUILTINS_VERSION=0.8.0
 
 ################################################################################
 # cross base stage
@@ -150,7 +150,7 @@ COPY --from=builtins --chmod=755 /opt/bundle/cast-2cdbfac-linux-riscv64 /usr/bin
 COPY --from=builtins --chmod=755 /opt/bundle/lua-5.4.3-linux-riscv64 /usr/bin/lua-5.4.3
 COPY --from=builtins --chmod=755 /opt/bundle/lua-5.4.7-linux-riscv64 /usr/bin/lua-5.4.7
 COPY --from=builtins --chmod=755 /opt/bundle/reth-1.0.5-linux-riscv64 /usr/bin/reth-1.0.5
-COPY --from=builtins --chmod=755 /opt/bundle/solc-0.8.27-linux-riscv64 /usr/bin/solc-0.8.27
+COPY --from=builtins --chmod=755 /opt/bundle/solc-0.8.28-linux-riscv64 /usr/bin/solc-0.8.28
 COPY --from=builtins --chmod=755 /opt/bundle/sqlite-3.32.2-linux-riscv64 /usr/bin/sqlite-3.32.2
 COPY --from=builtins --chmod=755 /opt/bundle/sqlite-3.43.2-linux-riscv64 /usr/bin/sqlite-3.43.2
 COPY --from=riscv64-build-stage /opt/build/bubblewrap/bwrap /usr/bin/bwrap

populate.sh

@@ -182,17 +182,17 @@ SOLIDITY_DESCRIPTION=$(jq -r '.description' "$SOLIDITY_INFO_FILE")
 SOLIDITY_IMG_LINK=$(jq -r '.imgLink' "$SOLIDITY_INFO_FILE")
 SOLIDITY_SPONSOR_NAME="Spencer Smart"
 
-# 0.8.27
+# 0.8.28
 
 bounty_index=$(go run ./cli state | jq '.bounties | length')
 
 go run ./cli send bounty \
     -f "$DEV_ACCOUNT" \
-    -n "Solidity 0.8.27" \
+    -n "Solidity 0.8.28" \
     -i "$SOLIDITY_IMG_LINK" \
     -d "$SOLIDITY_DESCRIPTION" \
     --duration "$ONE_DAY" \
-    -c 'tests/bounties/dist/solc-0.8.27-bounty.tar.xz' \
+    -c 'tests/bounties/dist/solc-0.8.28-bounty.tar.xz' \
     -t "$TOKEN_ADDRESS"
 
 go run ./cli send sponsor \

tests/bounties/Makefile

@@ -64,7 +64,7 @@ build/busybox-%-bounty/aliases.sh:
 # Solidity
 ###################
 
-SOLC_VERSIONS= 0.8.27
+SOLC_VERSIONS= 0.8.28
 
 all: $(patsubst %,dist/solc-%-bounty.tar.xz,$(SOLC_VERSIONS))
 

tests/bounties/src/adder/setup-exec-env.sh

@@ -2,7 +2,7 @@
 set -euo pipefail
 shopt -s expand_aliases
 
-SOLC_VERSION=0.8.27
+SOLC_VERSION=0.8.28
 
 FOUNDRY_REF=2cdbfac
 alias cast="cast-$FOUNDRY_REF"

tests/bounties/src/adder/src/IAdder.sol

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
-pragma solidity ^0.8.27;
+pragma solidity ^0.8.28;
 
 interface IAdder {
     function number() external view returns (uint256);

tests/bounties/src/adder/src/IRegistry.sol

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
-pragma solidity ^0.8.27;
+pragma solidity ^0.8.28;
 
 interface IRegistry {
     function get(string memory name) external view returns (address addr);

tests/bounties/src/adder/src/Registry.sol

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
-pragma solidity ^0.8.27;
+pragma solidity ^0.8.28;
 
 import {IRegistry} from "./IRegistry.sol";
 

tests/bounties/src/adder/src/safe/Adder.sol

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
-pragma solidity ^0.8.27;
+pragma solidity ^0.8.28;
 
 import {IAdder} from "src/IAdder.sol";
 

tests/bounties/src/adder/src/unsafe/Adder.sol

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
-pragma solidity ^0.8.27;
+pragma solidity ^0.8.28;
 
 import {IAdder} from "src/IAdder.sol";
 

tests/bounties/src/adder/src/unsafe/Exploit.sol

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
-pragma solidity ^0.8.27;
+pragma solidity ^0.8.28;
 
 import {IRegistry} from "src/IRegistry.sol";
 import {IAdder} from "src/IAdder.sol";

tests/bounties/src/busybox/info.json

@@ -1,4 +1,4 @@
 {
-    "description": "Find bugs in BusyBox, a software suite that provides several Unix utilities!\n\nDid you know it is one of the most downloaded software in Docker Hub, with more than one billion downloads?\n\nSubmitted shell code will run inside a BusyBox with only ash utility enabled, to win this bounty the shell code must crash it.\n\nThe source code of the bounty can be inspected at:\nhttps://github.com/crypto-bug-hunters/bug-buster/tree/main/tests/bounties/src/busybox",
-    "imgLink": "https://uawartifacts.blob.core.windows.net/upload-files/Busy_Box_c74c024d34.svg"
+  "description": "Find bugs in BusyBox, a software suite that provides several Unix utilities!\n\nDid you know it is one of the most downloaded software in Docker Hub, with more than one billion downloads?\n\nSubmitted shell code will run inside a BusyBox with only ash utility enabled, to win this bounty the shell code must crash it.\n\nThe source code of the bounty can be inspected at:\nhttps://github.com/crypto-bug-hunters/bug-buster/tree/main/tests/bounties/busybox-bounty",
+  "imgLink": "https://uawartifacts.blob.core.windows.net/upload-files/Busy_Box_c74c024d34.svg"
 }

tests/bounties/src/lua/info.json

@@ -1,4 +1,4 @@
 {
-    "description": "Find bugs in Lua, a powerful, efficient, lightweight, embeddable scripting language!\n\nSubmitted Lua code will run inside a sanboxed Lua environment, to win the bounty the code must crash its interpreter or escape the sandbox and exit with segmentation fault status (code 139).\n\nThe source code of the bounty can be inspected at:\nhttps://github.com/crypto-bug-hunters/bug-buster/tree/main/tests/bounties/src/lua",
-    "imgLink": "https://upload.wikimedia.org/wikipedia/commons/c/cf/Lua-Logo.svg"
+  "description": "Find bugs in Lua, a powerful, efficient, lightweight, embeddable scripting language!\n\nSubmitted Lua code will run inside a sanboxed Lua environment, to win the bounty the code must crash its interpreter or escape the sandbox and exit with segmentation fault status (code 139).\n\nThe source code of the bounty can be inspected at:\nhttps://github.com/crypto-bug-hunters/bug-buster/tree/main/tests/bounties/lua-bounty",
+  "imgLink": "https://upload.wikimedia.org/wikipedia/commons/c/cf/Lua-Logo.svg"
 }

tests/bounties/src/solc/info.json

@@ -1,4 +1,4 @@
 {
-  "description": "Find bugs in Solidity, the most popular programming language for smart contracts!\n\nSubmit Solidity code and try to crash the compiler exit with a segmentation fault status (code 139).\n\nThe source code of the bounty can be inspected at:\nhttps://github.com/crypto-bug-hunters/bug-buster/tree/main/tests/bounties/src/solidity",
-  "imgLink": "https://docs.soliditylang.org/en/v0.8.27/_static/img/logo-dark.svg"
+  "description": "Find bugs in Solidity, the most popular programming language for smart contracts!\n\nSubmit Solidity code and try to crash the compiler exit with a segmentation fault status (code 139).\n\nThe source code of the bounty can be inspected at:\nhttps://github.com/crypto-bug-hunters/bug-buster/tree/main/tests/bounties/solidity-bounty",
+  "imgLink": "https://docs.soliditylang.org/en/v0.8.28/_static/img/logo-dark.svg"
 }

tests/bounties/src/sqlite/info.json

@@ -1,4 +1,4 @@
 {
-    "description": "Find bugs in SQLite, the most used database engine in the world!\n\nSubmitted SQL code will run inside a SQLite safe shell open on an empty database, to win the bounty the SQL code must crash the SQLite shell.\n\nThe source code of the bounty can be inspected at:\nhttps://github.com/crypto-bug-hunters/bug-buster/tree/main/tests/bounties/src/sqlite",
-    "imgLink": "https://www.svgrepo.com/show/374094/sqlite.svg"
+  "description": "Find bugs in SQLite, the most used database engine in the world!\n\nSubmitted SQL code will run inside a SQLite safe shell open on an empty database, to win the bounty the SQL code must crash the SQLite shell.\n\nThe source code of the bounty can be inspected at:\nhttps://github.com/crypto-bug-hunters/bug-buster/tree/main/tests/bounties/sqlite-bounty",
+  "imgLink": "https://www.svgrepo.com/show/374094/sqlite.svg"
 }