PlamenTSV
commented
5 months ago Support for Shangshai became live on L2s not too long ago.
Open hats-bug-reporter[bot] opened 5 months ago
PlamenTSV
commented
5 months ago Support for Shangshai became live on L2s not too long ago.
FHieser
commented
4 months ago Can you provide a list of L2s that doesnt have the Shangshai Support?
IronsideSec
commented
4 months ago @FHieser Avalanche and fantom doesn't support Source : https://push0.info/
FHieser
commented
4 months ago Is this a trusted website? It doesnt contain any links to prove this and might as well be hardcoded.
IronsideSec
commented
4 months ago Is this a trusted website? It doesnt contain any links to prove this and might as well be hardcoded. @FHieser
the site is used on mutiple issue/PR discussions in contests repositories. Check at https://github.com/search?q=https%3A%2F%2Fpush0.info%2F&type=issues. So, seems legit.
But it is upto date till jan2024. And tracks only big L2s
Looks like, AVAX and FTM supoorts push0 now https://github.com/ava-labs/coreth/issues/325 https://github.com/Fantom-foundation/Tosca/issues/465
FHieser
commented
4 months ago So youre essentially saying that the website is invalid. xD Sorry my man, but I will have to tag this as invalid
Github username: -- Twitter username: -- Submission hash (on-chain): 0x7223eb3bb70995abf62cbf1e87267e68a5b2319e835f89bdee4f18d1c1b43987 Severity: low
Description: Description\ unsuppoted compilation in some L2s
Attack Scenario\ Issue where it was ruled Medium : https://solodit.xyz/issues/m-04-project-may-fail-to-be-deployed-to-chains-not-compatible-with-shanghai-hardfork-code4rena-ambire-ambire-git
Current settings may produce incompatible bytecode with some of the chains supported by the protocol.
The inverter network supports and targets different chains, such as Linea, Optimism, Polygon, etc.
All of the contracts in scope have the version pragma fixed to be compiled using Solidity >0.8.20, some are in 0.8.23. This new version of the compiler uses the new PUSH0 opcode introduced in the Shanghai hard fork, which is now the default EVM version in the compiler and the one being currently used to compile the project.
This could also become a problem if different versions of Solidity are used to compile contracts for different chains. The differences in bytecode between versions can impact the deterministic nature of contract addresses, potentially breaking counterfactuality.
Recommendation :
Change the Solidity compiler version to 0.8.19 or define an evm version in delpyment using foundry.toml, which is compatible across all of the intended chains to be supported by the protocol (see https://book.getfoundry.sh/reference/config/solidity-compiler?highlight=evm_vers#evm_version).
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)