Summary

The MorpheusAI project team mentioned in the introduction that the deployed blockchain includes Ethereum and Arbitrum. To ensure compatibility and consistency, they have compiled all their smart contracts using Solidity pragma version greater than or equal to 0.8.20. However, this particular version introduces a new opcode called PUSH0, which is only available starting from Solidity version 0.8.20. Since PUSH0 is not supported by certain chains, like Arbitrum, it poses a compatibility risk for MorpheusAI's contracts.

Vulnerability Details

The root cause of the vulnerability is that Solidity pragma version greater than or equal to 0.8.20 introduces the PUSH0 opcode, which may not be supported by all EVM-compatible chains. This incompatibility could affect the proper execution of MorpheusAI's contracts on certain blockchains.

Impact

Using Solidity pragma version greater than or equal to 0.8.20 could result in incorrect contract deployment and functionality on certain chains.

Tools Used

Manual Review

Recommendations

To address this compatibility risk, it is recommended that MorpheusAI's project team consider changing the Solidity pragma version to 0.8.19 for all relevant contracts. This version, which does not include the PUSH0 opcode, may ensure better compatibility across various EVM-compatible chains.