Summary

This findings report identifies the potential issue related to the use of the solc compiler version 0.8.20, which introduces the default target EVM version to Shanghai, resulting in the generation of bytecode that includes PUSH0 opcodes. This report stresses the importance of selecting the appropriate EVM version when deploying contracts on chains that may not support PUSH0, especially those other than the mainnet or certain Layer 2 (L2) chains.

Vulnerability Details

• Location in Code:

  • src/ContestManager.sol:2

    pragma solidity ^0.8.20;

    ​

    Kopier kode

  • src/Pot.sol:2

    pragma solidity ^0.8.20;

    ​

    Kopier kode

The solc compiler version 0.8.20 switches the default target EVM version to Shanghai, which results in the inclusion of PUSH0 opcodes in the generated bytecode. This can lead to deployment failures on chains that do not support these instructions. The usage of pragma solidity ^0.8.20 in both ContestManager.sol and Pot.sol locks the compiler version to one that introduces this issue.

Impact

Deploying contracts compiled with solc version 0.8.20 or above on chains that do not support PUSH0 opcodes (such as certain L2 chains) can lead to failed deployments. This would prevent the successful implementation and functioning of smart contracts on those chains, potentially causing interruptions in services and loss of functionality.

Tools Used

• Manual Code Review

Recommendations

• Select Appropriate EVM Version: Ensure to configure the compiler settings to target an EVM version compatible with the deployment network. This involves either downgrading the solc version used for compilation or explicitly setting a different compatible EVM version.