SNARKeling Treasure Hunt

First Flight #59

Beginner FriendlyGameFiFoundry

100 EXP

View all submissions

Previous Next

Submission Details

Impact: medium

Likelihood: low

Compatibility: Solidity version ^0.8.27 includes PUSH0 opcode which may fail deployment on certain L2 chains

Author Revealed upon completion

Root + Impact

Description

Normally, smart contracts are designed to be cross-chain compatible to allow seamless deployment across Ethereum Mainnet and various L2 networks without requiring bytecode modifications.
Starting from Solidity version 0.8.20, the compiler (solc) switches the default target EVM version to Shanghai. The Shanghai upgrade introduced a new opcode called PUSH0 (0x5f).
While Ethereum Mainnet and major L2s support this, some EVM-compatible sidechains or lagging L2 networks may not yet support the PUSH0 opcode. If the contract is compiled with the default ^0.8.27 settings and deployed to an unsupported network, the deployment and any subsequent execution will fail entirely.

// Root cause in the codebase with @> marks to highlight the relevant section

// Found in contracts/src/TreasureHunt.sol Line: 2

@> pragma solidity ^0.8.27;

Risk

Likelihood:

The likelihood is Low because most major L2 networks (like Arbitrum, Optimism, and Base) have already adopted the Shanghai upgrade. However, the risk remains if the protocol intends to deploy on newer, less prominent, or delayed rollups/sidechains.

Impact:

The impact is Medium because if this issue occurs, it leads to a complete denial of service for that specific chain. The contract deployment will revert, preventing users from interacting with the protocol on that network.

Proof of Concept

Explanation: The contract strictly uses pragma solidity ^0.8.27;. When compiled using frameworks like Foundry or Hardhat without explicitly overriding the EVM version, the compiler defaults to Shanghai. The resulting bytecode will contain the PUSH0 (0x5f) opcode. Attempting to deploy or execute this bytecode in a pre-Shanghai EVM environment will result in an Invalid Opcode error.

// File: contracts/src/TreasureHunt.sol

pragma solidity ^0.8.27; // Automatically targets Shanghai EVM, generating PUSH0

Recommended Mitigation

Explanation: To ensure maximum cross-chain compatibility and prevent deployment friction across diverse EVM environments, the protocol should either configure the deployment framework to target an older EVM version (like paris) or downgrade the Solidity pragma to 0.8.19 which natively defaults to paris and does not include PUSH0.

Option A (Framework Configuration - Preferred): Update your foundry.toml (or equivalent framework config) to explicitly set the EVM version:

evm\_version = "paris"

Option B (Code Modification): Pin the Solidity compiler to version 0.8.19.

- pragma solidity ^0.8.27;

+ pragma solidity 0.8.19;

Rewards breakdown

nSLOC

220

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!