SNARKeling Treasure Hunt

First Flight #59
Beginner FriendlyGameFiFoundry
100 EXP
Submission Details
Impact: medium
Likelihood: low

Compatibility: Solidity version ^0.8.27 includes PUSH0 opcode which may fail deployment on certain L2 chains

Author Revealed upon completion

Root + Impact

Description

  • Normally, smart contracts are designed to be cross-chain compatible to allow seamless deployment across Ethereum Mainnet and various L2 networks without requiring bytecode modifications.

  • Starting from Solidity version 0.8.20, the compiler (solc) switches the default target EVM version to Shanghai. The Shanghai upgrade introduced a new opcode called PUSH0 (0x5f).

  • While Ethereum Mainnet and major L2s support this, some EVM-compatible sidechains or lagging L2 networks may not yet support the PUSH0 opcode. If the contract is compiled with the default ^0.8.27 settings and deployed to an unsupported network, the deployment and any subsequent execution will fail entirely.

// Root cause in the codebase with @> marks to highlight the relevant section
// Found in contracts/src/TreasureHunt.sol Line: 2
@> pragma solidity ^0.8.27;

Risk

Likelihood:

  • The likelihood is Low because most major L2 networks (like Arbitrum, Optimism, and Base) have already adopted the Shanghai upgrade. However, the risk remains if the protocol intends to deploy on newer, less prominent, or delayed rollups/sidechains.

Impact:

  • The impact is Medium because if this issue occurs, it leads to a complete denial of service for that specific chain. The contract deployment will revert, preventing users from interacting with the protocol on that network.

Proof of Concept

Explanation: The contract strictly uses pragma solidity ^0.8.27;. When compiled using frameworks like Foundry or Hardhat without explicitly overriding the EVM version, the compiler defaults to Shanghai. The resulting bytecode will contain the PUSH0 (0x5f) opcode. Attempting to deploy or execute this bytecode in a pre-Shanghai EVM environment will result in an Invalid Opcode error.

// File: contracts/src/TreasureHunt.sol
pragma solidity ^0.8.27; // Automatically targets Shanghai EVM, generating PUSH0

Recommended Mitigation

Explanation: To ensure maximum cross-chain compatibility and prevent deployment friction across diverse EVM environments, the protocol should either configure the deployment framework to target an older EVM version (like paris) or downgrade the Solidity pragma to 0.8.19 which natively defaults to paris and does not include PUSH0.

Option A (Framework Configuration - Preferred): Update your foundry.toml (or equivalent framework config) to explicitly set the EVM version:

evm\_version = "paris"

Option B (Code Modification): Pin the Solidity compiler to version 0.8.19.

- pragma solidity ^0.8.27;
+ pragma solidity 0.8.19;

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!