Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Project may fail to be deployed to chains not compatible with Shanghai hardfork

alra

Summary

DOS due to incompatible solc version, featuring push0 opcode, with EVM chains which haven't upgraded to Shanghai.
The project has

Vulnerability Details

Using the more updated version of Solidity can add new features and enhance security. As described in https://github.com/ethereum/solidity/releases, Version 0.8.20 is the latest version of Solidity, which includes support for Shanghai. If the desired EVM chain to deploy does not support PUSH0 at this moment, all calls to the contract will fail, auto inducing a DOS.

Impact

If project decides to deploy with the openzeppelin version its config files point to, which is the latest, it would have a DOS due to the incompatibility with the push0 opcode on other EVM chains which haven't upgraded to the Shanghai version.

Tools Used

Manual review

Recommendations

To be more secured and future-proofed, please consider using the version of Solidity 0.8.18 for the imported contracts featuring 0.8.20 version.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.