Sablier

Summary

Currently the project utilizes Solidity version >=0.8.22, which introduces the PUSH0 opcode as part of the Shanghai hard fork. While the development team aims for compatibility with any EVM-compatible network, the use of this Solidity version may produce bytecode that is not supported by all targeted networks.

Vulnerability Details

Issue with PUSH0 Opcode

• Context: The PUSH0 opcode, introduced in Solidity 0.8.20 is part of the EVM changes in the Shanghai hard fork.

• Problem: Not all EVM-compatible networks have adopted the Shanghai hard fork. Consequently, the bytecode produced with PUSH0 may not be executable on networks that have not implemented these changes.

Deterministic Address Generation

• Context: Contract addresses in Ethereum and EVM-compatible networks are deterministically generated based on the deploying address and nonce, relying on the bytecode being consistent.

• Problem: Using different versions of the Solidity compiler across different networks can result in varying bytecodes, breaking the deterministic nature of contract addresses and counterfactual deployment strategies.

Impact

1. Incompatible Deployments:

   • Contracts compiled with Solidity >=0.8.22 may fail to deploy or execute on networks that do not support the Shanghai hard fork due to the presence of the PUSH0 opcode.

2. Deterministic Address Inconsistency:

   • Variations in bytecode due to different compiler versions can lead to inconsistencies in contract addresses across networks, impacting functionalities that rely on precomputed addresses and counterfactual deployment.

Tools Used

Manual code review

Recommendations

1. Change Solidity Compiler Version:

   • Action: Downgrade to Solidity version 0.8.19 or earlier.

   • Rationale: This will avoid the use of the PUSH0 opcode and ensure compatibility across all EVM-compatible networks, regardless of their adoption of the Shanghai hard fork.

2. Define EVM Version in Compiler Configuration:

   • Action: Explicitly specify an EVM version in the compiler settings that is widely supported across all targeted networks.

   • Reference: Utilize resources such as the Foundry documentation to configure the evm_version setting (see Foundry EVM version configuration).

Note: The provided affected lines of code are just examples. I did not see any added value in providing all the links, which would make the report harder to read. For that reason, I decided to simply point out that this issue is present in all the contracts within v2-core and v2-periphery.