Submission Details
Severity:
Solidity version 0.8.20 may not work on other chains due to `PUSH0`
Summary
The compiler for Solidity 0.8.20 switches the default target EVM version to Shanghai, which includes the new PUSH0 opcode.
Vulnerability Details
There are 9 instances of this issue.
View 9 Instances
File: src/Beedle.sol
2:
| File Link | Instance Count | Instance Link |
|---|---|---|
| Beedle.sol | 1 | 2 |
File: src/Fees.sol
2:
| File Link | Instance Count | Instance Link |
|---|---|---|
| Fees.sol | 1 | 2 |
File: src/Lender.sol
2:
| File Link | Instance Count | Instance Link |
|---|---|---|
| Lender.sol | 1 | 2 |
File: src/Staking.sol
2:
| File Link | Instance Count | Instance Link |
|---|---|---|
| Staking.sol | 1 | 2 |
File: src/interfaces/IERC20.sol
2:
| File Link | Instance Count | Instance Link |
|---|---|---|
| IERC20.sol | 1 | 2 |
File: src/interfaces/ISwapRouter.sol
2:
| File Link | Instance Count | Instance Link |
|---|---|---|
| ISwapRouter.sol | 1 | 2 |
File: src/utils/Errors.sol
2:
| File Link | Instance Count | Instance Link |
|---|---|---|
| Errors.sol | 1 | 2 |
File: src/utils/Ownable.sol
2:
| File Link | Instance Count | Instance Link |
|---|---|---|
| Ownable.sol | 1 | 2 |
File: src/utils/Structs.sol
2:
| File Link | Instance Count | Instance Link |
|---|---|---|
| Structs.sol | 1 | 2 |
Impact
This opcode may not yet be implemented on all L2 chains, so deployment on those chains will fail.
Tools Used
baudit: a custom static code analysis tool; manual review
Recommendations
To avoid L2 chain compatibility issues related to PUSH0, set the EVM version to target at compilation time.
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
70628 USDC / LOC
18,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.