Closed c4-bot-9 closed 6 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as primary issue
They will eventually be resolved just like PUSH0 rectified by Paris over Shanghai.
QA is more appropriate.
hansfriese changed the severity to QA (Quality Assurance)
hansfriese marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVault.sol#L1-L963 https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVaultFactory.sol#L1-L139 https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/TwabERC20.sol#L1-L105
Vulnerability details
Impact
The
PrizeVault.sol
,PrizeVaultFactory.sol
,TwabERC20.sol
contracts, designed to operate on Ethereum L2 solutions such asOptimism
,Arbitrum
, andBase
, may encounter deployment and operational challenges if it utilizes any of the new opcodes introduced in the . This upgrade includes several new opcodes that enhance Ethereum's functionality, such as those related to shard blob transactions (EIP-4844) and others.If these L2 platforms have not yet integrated the
Dencun upgrade
, any attempt to deploy or interact with thePrizeVault.sol
,PrizeVaultFactory.sol
,TwabERC20.sol
contracts that relies on these new opcodes will likely fail. This is because theEthereum Virtual Machine
(EVM) on these L2s would not recognize or know how to execute the new instructions, leading to reverts or other unexpected behaviors.Proof of Concept
Decun Upgrade
Tools Used
Manual Review
Recommended Mitigation Steps
Compatibility Check: Confirm that Optimism, Arbitrum, and Base have implemented the Dencun upgrade.
Development Strategy: If any L2 hasn't updated, consider conditional logic in contracts or wait to deploy until the L2 is compatible.
Assessed type
Error