DeFiFoundry
60,000 USDC
View results
Submission Details
Severity: medium
Invalid

Support for the PUSH0 opcode

Summary

PUSH0 opcode is not supported on Arbitrum chain.

Vulnerability Details

All of the contracts in scope have the version pragma fixed to be compiled using Solidity 0.8.25, which includes the PUSH0 opcode in the compiled bytecode.

Both in the docs and in the Readme, the project has clearly stated they are planning to deploy the contracts on Arbitrum.

However, on Arbitrum the PUSH0 opcode is not supported yet. Since the project is using a solidity version higher than 0.8.20 and shanghai as the evm version (see the foundry.toml file), the PUSH0 opcode will be introduced in the bytecode.

Impact

The bytecode will not be compatible with the Arbitrum chain.
Deploying the protocol on Arbitrum with the current Solidity version (0.8.25) and evm version (shanghai) may result in unexpected behavior or failure due to the unsupported PUSH0 opcode on the chain.

Tools Used

Manual review.

Recommendations

Set evm version configuration parameter with Foundry. You can make the following change to the foundry.toml file:

-- evm_version = "shanghai"
++ evm_version = "paris" # to prevent usage of PUSH0, which is not supported on all chains
Updates

Lead Judging Commences

inallhonesty Lead Judge
11 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.