Project may fail to be deployed to chains not compatible with Shanghai hardfork
Summary
The current settings for compiling contracts in the protocol may produce bytecode that is incompatible with some of the L2 target deployement chains. This is due to the use of solidity version > 0.8.20 for the TSender.sol contract, and the huff contract which uses the Shanghai evm_version. Their bytecodes include the new PUSH0 opcode introduced in the Shanghai hard fork.
Vulnerability Details
The huff contract use Shanghai as evm_version for compiling the bytecode. As a result, it uses the push0 opcodes to push the 0x00 into the stack. The push0 opcode has the specificity of being more gas efficient that the push1 opcode. The TSender.sol uses the 0.8.24 solidity version that came after 0.8.20 which introduced the push0 opcode For reference.
Example of the runtime bytecode of the TSender_NoCheck.huff :
Impact
This opcode is not supported in all chains, and can cause the contracts to fail on deployment.
Tools Used
Manual review
Recommendations
Check that the chain that you are deploying to has the PUSH0 opcode. If not consider deploying only the TSender.sol with an earlier version of solidity compiler.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.