Summary
According to the documentation, the contract is intended to be deployed on the Arbitrum network using version 0.8.23:
## Compatibilities
- Solc Version: 0.8.23
- Chain(s) to deploy contract to:
- Arbitrum
- Tokens
- `SantaToken`
The Solidity files use pragma solidity 0.8.23;, which, when compiled, utilizes the opcode PUSH0. This opcode is not supported on the Arbitrum network, causing contract deployment to fail.
https://docs.arbitrum.io/for-devs/concepts/differences-between-arbitrum-ethereum/solidity-support
The Foundry.toml file uses "paris" for the EVM version, but this setting is only applicable for tests, as explained in the Foundry documentation:
https://book.getfoundry.sh/reference/config/solidity-compiler
evm_version
Type: string
Default: london
Environment: FOUNDRY_EVM_VERSION or DAPP_EVM_VERSION
The EVM version to use during tests. The value must be an EVM hardfork name, such as london, byzantium, etc.
Vulnerability Details
SOLIDITY 0.8.23
The following POC demonstrates the deployment issue using 0.8.23.
Use the Arbitrum testnet by claiming free Arbitrum Sepolia ETH on Alchemy and use their RPC for testing this POC. We will also use a fork to avoid spending testnet ETH.
Setup a fork:
anvil --fork-url 'https://arb-sepolia.g.alchemy.com/v2/<API_KEY>' --gas-limit 100000000000
forge create src/SantaToken.sol:SantaToken --constructor-args $ADMIN_ADDR --private-key $TEST_NET_SECU_PUB --rpc-url 127.0.0.1:8545
forge create ./src/SantaToken.sol:SantaToken --constructor-args $ADMIN_ADDR --private-key $TEST_NET_SECU_PUB --rpc-url 'http://127.0.0.1:8545'
[⠢] Compiling...
No files changed, compilation skipped
Error:
(code: -32000, message: intrinsic gas too high -- CallGasCostMoreThanGasLimit, data: None)
As observed, the deployment fails. To confirm it's related to Arbitrum, let's test on the Ethereum Sepolia network.
Deploy on ETH Sepolia testnet
Setup a fork
anvil --fork-url 'https://eth-sepolia.g.alchemy.com/v2/<API_KEY>' --gas-limit 100000000000
forge create ./src/SantaToken.sol:SantaToken --constructor-args $ADMIN_ADDR --private-key $TEST_NET_SECU_PUB --rpc-url 'http://127.0.0.1:8545'
[⠢] Compiling...
No files changed, compilation skipped
Deployer: ***
Deployed to: 0xc0cc44A995eE7bea6BC2564782CC92A2613ab87e
Transaction hash: 0x729be160024483e5815a870e06e17afeb1df4c3327d79216b8f612ba4d364f84
The deployment is successful
SOLIDITY 0.8.19
Now, let's change the pragma version in our Solidity files to 0.8.19.
Setup a fork
anvil --fork-url 'https://arb-sepolia.g.alchemy.com/v2/<API_KEY>' --gas-limit 100000000000
Deploy the contract on ARB Sepolia testnet
forge create ./src/SantaToken.sol:SantaToken --constructor-args $ADMIN_ADDR --private-key $TEST_NET_SECU_PUB --rpc-url 'http:
[⠢] Compiling...
No files changed, compilation skipped
Deployer: ***
Deployed to: 0xc0cc44A995eE7bea6BC2564782CC92A2613ab87e
Transaction hash: 0x57e29d69c98baf710f86590a320566665923594414bffdd55a796abe67b489d5
Verify that minting works:
cast call 0xc0cc44A995eE7bea6BC2564782CC92A2613ab87e\
"balanceOf(address)(uint256)" $ADMIN_ADDR\
--rpc-url 'http://127.0.0.1:8545'
Result
cast send 0xc0cc44A995eE7bea6BC2564782CC92A2613ab87e "mint(address)" $ADMIN_ADDR \
--rpc-url 'http://127.0.0.1:8545' --private-key $TEST_NET_SECU_PUB
Result
$:
blockHash 0x0415285568ff35d767269a96df985c2afa9ed3bcfe95267c35d6c2ed84a9343d
blockNumber 2050981
contractAddress
cumulativeGasUsed 68074
effectiveGasPrice 3076562501
gasUsed 68074
logs [{"address":"0xc0cc44a995ee7bea6bc2564782cc92a2613ab87e","topics":["0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef","0x0000000000000000000000000000000000000000000000000000000000000000","0x000000000000000000000000***"],"data":"0x0000000000000000000000000000000000000000000000000de0b6b3a7640000","blockHash":"0x0415285568ff35d767269a96df985c2afa9ed3bcfe95267c35d6c2ed84a9343d","blockNumber":"0x1f4ba5","transactionHash":"0xd665b841daf7b46314d1d33c629b4e233d8598362f37d4967e53dbd455e211aa","transactionIndex":"0x0","logIndex":"0x0","transactionLogIndex":"0x0","removed":false}]
logsBloom 0x00000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000001000008000000000000000000000000000000000000000000000000020000000000000000000800000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000002000000000000000000000000000800000000000000000000000020001000000000000000000000000000000000000000000000000000000000000000
root
status 1
transactionHash 0xd665b841daf7b46314d1d33c629b4e233d8598362f37d4967e53dbd455e211aa
transactionIndex 0
type 2
cast call 0xc0cc44A995eE7bea6BC2564782CC92A2613ab87e\
"balanceOf(address)(uint256)" $ADMIN_ADDR\
--rpc-url 'http://127.0.0.1:8545'
Result
Impact
The impact is high as the deployment will fail, forcing the team to downgrade the Solidity version and undergo a new audit process to ensure no other functionalities are affected by this downgrade.
Tools Used
Manual review
Recommendations
Downgrade the contract's pragma version and test the implementation to ensure it works after the downgrade.
Always test your contract on a testnet before releasing it to ensure full functionality as expected.
