First Flight #4: Boss Bridge

First Flight #4

Beginner FriendlyFoundryBridge

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

Potential Incompatibility Risks of Using the Latest Solidity Version (0.8.20)

azmaeengh

Summary

The provided Solidity smart contract code is using the latest version of Solidity (0.8.20) as indicated by the pragma solidity 0.8.20; statement. While it's generally a good idea to use the latest version of Solidity to take advantage of the latest security fixes and features, there are potential issues that could arise from this.

Vulnerability Details

Impact

Potentials issue that may arise from using the latest Solidity Version:

Incompatibility with older EVM versions: Solidity 0.8.20 switches the default target EVM version to Shanghai, which means that the generated bytecode will include PUSH0 opcodes. If you intend to deploy your contract on a chain other than mainnet like L2 chains that may not yet support PUSH0, the deployment of your contracts will fail.
Potential for breaking changes: The Solidity compiler is rapidly evolving, with regular non-breaking releases and approximately one breaking release per year. If the smart contract is deployed on a network that does not support the latest EVM features used in the Solidity version, it could lead to issues.
Security Risks: While the latest version of Solidity often includes security enhancements, it doesn't automatically make your contract secure. There are many potential risks to be aware of when working with Solidity, such as reentrancy attacks, integer overflow/underflow, and frontrunning. It's crucial to understand these risks and how to mitigate them.
Deployment of contracts via assembly: The deployToken function in your contract uses inline assembly to deploy a new contract. While this is a powerful feature, it also introduces potential security risks if not used correctly. For example, if the contract bytecode passed to the function is maliciously altered, it could lead to unexpected behavior.
Lack of version compatibility: If the contract interacts with other contracts or is intended to be used by other contracts, there could be compatibility issues if those contracts are written in an older version of Solidity. This is because some features and syntax used in the latest version of Solidity may not be available or may behave differently in older versions.

Recommendations

In conclusion, while using the latest version of Solidity can provide access to the latest features and security enhancements, it's important to consider the potential issues and take appropriate measures to mitigate them. This includes thoroughly testing your contract on different EVM versions, understanding and mitigating potential security risks, and ensuring compatibility with other contracts that may interact with your contract.

Recommendation is to use older versions (preferably 0.8.18, at the time of writing) to prevent unexpected results, changes, and behavior.

Updates

Lead Judging Commences

0xnevi Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

zksync lack support for PUSH0

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.