A critical bug was found in the implementation of Views in the protocol PtHangzH, which is currently in the exploration phase of the governance procedure. We have prepared a patch for the protocol.
If the protocol is rejected, either by failing to meet the quorum or the supermajority, we intend to submit a patched version in the next voting period.
If the protocol is voted as is, Nomadic Labs will configure the next Octez distribution to automatically patch the bug through the User Activated Protocol Override mechanism. We at Marigold recommend using that distribution as soon as it is available.
Details about the bug
In the Michelson interpreter, calling a view changes key constants in the caller's environment, but does not restore them correctly. As a result, instructions such as SELF, SENDER and AMOUNT will give incorrect results . Consequently, the instructions following a call to the view do not have the right semantic, and could, for example, originate operations that appear to have been sent from the contract providing the view.