## Description According to the documentation, the contract is intended to be deployed on the Arbitrum network using version 0.8.22: ```doc ## Compatibilities - Solc Version: 0.8.22 - Chain(s) to deploy contract to: - Arbitrum - Tokens - `SantaToken` ``` The Solidity files use `pragma solidity 0.8.22;`, which, when compiled, utilizes the opcode PUSH0. This opcode is not supported on the Arbitrum network. https://docs.arbitrum.io/for-devs/concepts/differences-between-arbitrum-ethereum/solidity-support The Foundry.toml file uses "paris" for the EVM version, but this setting is only applicable for tests, as explained in the Foundry documentation: https://book.getfoundry.sh/reference/config/solidity-compiler ```doc evm_version Type: string Default: london Environment: FOUNDRY_EVM_VERSION or DAPP_EVM_VERSION The EVM version to use during tests. The value must be an EVM hardfork name, such as london, byzantium, etc. ``` ## Vulnerability Details ### SOLIDITY 0.8.22 The following POC demonstrates the deployment issue using 0.8.22. Use the Arbitrum testnet by claiming free Arbitrum Sepolia ETH on Alchemy and use their RPC for testing this POC. We will also use a fork to avoid spending testnet ETH. Setup a fork: ```bash anvil --fork-url 'https://arb-sepolia.g.alchemy.com/v2/<API_KEY>' --gas-limit 100000000000 ``` ```bash forge create ./src/SantaToken.sol:SantaToken --constructor-args $ADMIN_ADDR --private-key $TEST_NET_SECU_PUB --rpc-url 'http://127.0.0.1:8545' [⠢] Compiling... No files changed, compilation skipped Error: (code: -32000, message: intrinsic gas too high -- CallGasCostMoreThanGasLimit, data: None) ``` As observed, the deployment fails. To confirm it's related to Arbitrum, let's test on the Ethereum Sepolia network. Deploy on ETH Sepolia testnet Setup a fork ```bash anvil --fork-url 'https://eth-sepolia.g.alchemy.com/v2/<API_KEY>' --gas-limit 100000000000 ``` ```bash forge create ./src/SantaToken.sol:SantaToken --constructor-args $ADMIN_ADDR --private-key $TEST_NET_SECU_PUB --rpc-url 'http://127.0.0.1:8545' [⠢] Compiling... No files changed, compilation skipped Deployer: *** Deployed to: 0xc0cc44A995eE7bea6BC2564782CC92A2613ab87e Transaction hash: 0x729be160024483e5815a870e06e17afeb1df4c3327d79216b8f612ba4d364f84 ``` The deployment is successful ### SOLIDITY 0.8.19 Now, let's change the pragma version in our Solidity files to 0.8.19. Setup a fork ```bash anvil --fork-url 'https://arb-sepolia.g.alchemy.com/v2/<API_KEY>' --gas-limit 100000000000 ``` Deploy the contract on ARB Sepolia testnet ``` forge create ./src/SantaToken.sol:SantaToken --constructor-args $ADMIN_ADDR --private-key $TEST_NET_SECU_PUB --rpc-url 'http://127.0.0.1:8545' [⠢] Compiling... [⠆] Compiling 38 files with 0.8.19 [⠒] Solc 0.8.19 finished in 3.19s Deployer: *** Deployed to: 0xc0cc44A995eE7bea6BC2564782CC92A2613ab87e Transaction hash: 0x57e29d69c98baf710f86590a320566665923594414bffdd55a796abe67b489d5 ``` Verify that minting works: ```bash cast call 0xc0cc44A995eE7bea6BC2564782CC92A2613ab87e\ "balanceOf(address)(uint256)" $ADMIN_ADDR\ --rpc-url 'http://127.0.0.1:8545' ``` Result ```bash $: 0 #<- Value is 0 ``` ```bash cast send 0xc0cc44A995eE7bea6BC2564782CC92A2613ab87e "mint(address)" $ADMIN_ADDR \ --rpc-url 'http://127.0.0.1:8545' --private-key $TEST_NET_SECU_PUB ``` Result ```bash $: blockHash 0x0415285568ff35d767269a96df985c2afa9ed3bcfe95267c35d6c2ed84a9343d blockNumber 2050981 contractAddress cumulativeGasUsed 68074 effectiveGasPrice 3076562501 gasUsed 68074 logs [{"address":"0xc0cc44a995ee7bea6bc2564782cc92a2613ab87e","topics":["0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef","0x0000000000000000000000000000000000000000000000000000000000000000","0x000000000000000000000000***"],"data":"0x0000000000000000000000000000000000000000000000000de0b6b3a7640000","blockHash":"0x0415285568ff35d767269a96df985c2afa9ed3bcfe95267c35d6c2ed84a9343d","blockNumber":"0x1f4ba5","transactionHash":"0xd665b841daf7b46314d1d33c629b4e233d8598362f37d4967e53dbd455e211aa","transactionIndex":"0x0","logIndex":"0x0","transactionLogIndex":"0x0","removed":false}] logsBloom 0x00000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000001000008000000000000000000000000000000000000000000000000020000000000000000000800000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000002000000000000000000000000000800000000000000000000000020001000000000000000000000000000000000000000000000000000000000000000 root status 1 transactionHash 0xd665b841daf7b46314d1d33c629b4e233d8598362f37d4967e53dbd455e211aa transactionIndex 0 type 2 ``` ```bash cast call 0xc0cc44A995eE7bea6BC2564782CC92A2613ab87e\ "balanceOf(address)(uint256)" $ADMIN_ADDR\ --rpc-url 'http://127.0.0.1:8545' ``` Result ```bash $: 1000000000000000000 #<- Value is 1000000000000000000 ``` ## Impact The impact is high for the following reasons: Deployment Failure: This issue directly prevents the deployment of the contract on the Arbitrum network using Solidity 0.8.22, which is a significant obstacle for the project planning to deploy on Arbitrum. Requirement of Version Downgrade: The need to downgrade the Solidity version to avoid this issue necessitates additional work, including re-auditing the contract. This adds time, cost, and complexity to the development process. Potential for Unnoticed Deployment Issues: Developers might not immediately recognize this incompatibility, leading to wasted resources and potentially delayed project timelines. ## Recommendations Downgrade the contract's pragma version and test the implementation to ensure it works after the downgrade. Always test your contract on a testnet before releasing it to ensure full functionality as expected.