Eggstravaganza

Summary

PUSH0 Opcode Compatibility Risk

Vulnerability Details

The contracts use Solidity version ^0.8.23, which compiles with the Shanghai EVM target by default starting from Solidity 0.8.20. This introduces the PUSH0 opcode in the bytecode. However, some EVM-compatible chains (e.g., certain L2s) may not support PUSH0, leading to deployment failures.

According to the documentation, the contracts are supposed to be compatible to Any EVM-compatible chain;

Found in:
src/EggHuntGame.sol Line: 2 (src/EggHuntGame.sol#L2)

src/EggVault.sol Line: 2 (src/EggVault.sol#L2)

src/EggstravaganzaNFT.sol Line: 2 (src/EggstravaganzaNFT.sol#L2)

Impact

If deployed on a chain that does not support the PUSH0 opcode (e.g., zkSync Era), the contracts will fail to deploy, disrupting the EggHuntGame functionality and preventing players from participating.

Proof of Concepts

1. Open your terminal and run cast call --rpc-url $CHAIN_RPC_URL --create 0x5f, you should have foundry installed. Replace $CHAIN_RPC_URL which respective networks url.

2. A response of 0x indicates PUSH0 support, while an error indicates it's unsupported.

Example:

• Run cast call --rpc-url https://1rpc.io/zksync2-era --create 0x5f

• Will return Error: server returned an error response: error code 3: Failed to serialize transaction: toAddressIsNull

Tools Used

• Manual review

• Aderyn static analyzer

• Foundry

Recommendations

Explicitly specify the target EVM version in the compiler configuration to match the deployment chain. For example, use --evm-version paris for pre-Shanghai compatibility if targeting L2s.

Alternatively, use an older Solidity version (e.g., 0.8.19) that does not default to PUSH0.