PUSH0 is not supported by all chains
Summary
This report addresses a low-severity issue identified in the smart contract codebase, specifically related to the compatibility of the generated bytecode with various Ethereum Virtual Machine (EVM) versions. The core of the issue is the use of Solidity compiler version 0.8.20, which defaults to the Shanghai EVM version, incorporating the PUSH0 opcode in the bytecode.
Vulnerability Details
Affected Files:
Description: The Solidity compiler version 0.8.20 targets the Shanghai EVM version by default, resulting in the inclusion of the PUSH0 opcode in the compiled bytecode. This opcode may not be supported on all blockchain networks, especially on Layer 2 (L2) chains or those that have not updated to the Shanghai version, potentially leading to deployment failures.
Impact
The use of the PUSH0 opcode in smart contracts compiled with Solidity 0.8.20 without specifying an appropriate EVM version for the target chain could result in deployment issues on networks that do not support this opcode. This limitation restricts the deployment and functionality of the smart contracts on various blockchain platforms, potentially affecting their interoperability and reach.
Tools Used
The issue was identified through manual review of the smart contract code and the Solidity compiler documentation.
Recommendations
Immediate Action: Developers should explicitly specify the target EVM version when compiling smart contracts with Solidity 0.8.20, ensuring compatibility with the intended deployment blockchain network.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.