Support for the PUSH0 opcode
Summary
PUSH0 opcode is not supported on Arbitrum chain.
Vulnerability Details
All of the contracts in scope have the version pragma fixed to be compiled using Solidity 0.8.25, which includes the PUSH0 opcode in the compiled bytecode.
Both in the docs and in the Readme, the project has clearly stated they are planning to deploy the contracts on Arbitrum.
However, on Arbitrum the PUSH0 opcode is not supported yet. Since the project is using a solidity version higher than 0.8.20 and shanghai as the evm version (see the foundry.toml file), the PUSH0 opcode will be introduced in the bytecode.
Impact
The bytecode will not be compatible with the Arbitrum chain.
Deploying the protocol on Arbitrum with the current Solidity version (0.8.25) and evm version (shanghai) may result in unexpected behavior or failure due to the unsupported PUSH0 opcode on the chain.
Tools Used
Manual review.
Recommendations
Set evm version configuration parameter with Foundry. You can make the following change to the foundry.toml file:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.