transient storage introduces new storage semantics with novel security implications

# transient storage introduces new storage semantics with novel security implications Transient storage (EIP-1153) provides key-value storage that persists only within a single transaction, automatically clearing at transaction end. Solidity 0.8.28 added full language support for transient storage of value types. However, 0.8.34 fixed a compiler bug where clearing a regular storage variable could unintentionally clear a transient storage variable at the same slot position, and vice versa. This bug demonstrates that the interaction between storage and transient storage at the compiler level is not yet fully understood, suggesting additional vulnerability classes may emerge as adoption grows. One intended use case for transient storage is as a cheaper reentrancy guard — since [[reentrancy is possible whenever external calls precede state updates]], transient storage locks can enforce mutual exclusion at lower gas cost than persistent storage. However, transient storage only persists within a single transaction, meaning cross-transaction reentrancy guards still require persistent storage. --- Relevant Notes: - [[solidity compiler packs multiple small values into one storage slot but writing requires reading the full slot]] — the storage model that transient storage coexists with - [[reentrancy is possible whenever external calls precede state updates]] — transient storage enables cheaper reentrancy guards - [[checks-effects-interactions pattern prevents reentrancy by updating state before external calls]] — the pattern that transient-storage locks complement - [[transient storage violates composability assumptions in multi-contract interactions because values persist across external calls within a transaction]] — the cross-call persistence concern that arises from transient storage's transaction-wide scope - [[solidity via-IR transient storage clearing helper collision emits wrong opcode when clearing both persistent and transient variables of the same type]] — SOL-2026-1 demonstrates that dual-storage-domain complexity produces compiler-level confusion bugs - [[ERC-4337 multi-UserOperation bundles require manual transient storage cleanup because transient values from one sender persist into subsequent sender validation]] — a concrete exploitation of transient storage transaction-scope in the ERC-4337 multi-sender bundle context Topics: - [[solidity-behaviors]] - [[evm-internals]]