Real Wagmi project plans to deploy their smart contracts on multiple EVM-compatible blockchains. To ensure compatibility and consistency, they have compiled all their smart contracts using Solidity pragma version 0.8.21. However, this particular version introduces a new opcode called PUSH0, which is only available starting from Solidity version 0.8.20. Since PUSH0 is not supported by certain chains, like Arbitrum, it poses a compatibility risk for Real Wagmi's contracts.
Vulnerability Detail
The root cause of the vulnerability is that Solidity pragma version 0.8.21 introduces the PUSH0 opcode, which may not be supported by all EVM-compatible chains. As a result, contracts compiled with this version of Solidity may not function correctly on chains that do not support the Shanghai hard fork. This incompatibility could affect the proper execution of Real Wagmi's contracts on certain blockchains.
Impact
The impact of this vulnerability is associated with the potential deployment and execution issues of Real Wagmi's smart contracts on chains not supporting the PUSH0 opcode. Using Solidity pragma version 0.8.21 could result in incorrect contract deployment and functionality on certain chains. Additionally, using different Solidity versions for compiling contracts on various chains can lead to bytecode variations affecting contract address determinism, possibly violating counterfactuality.
To address this compatibility risk, it is recommended that Real Wagmi consider changing the Solidity pragma version to 0.8.19 for all relevant contracts. This version, which does not include the PUSH0 opcode, may ensure better compatibility across various EVM-compatible chains.
Alternatively, Real Wagmi could explore setting the evm_version to "paris" when compiling, which can help ensure compatibility with different chains, including those like Arbitrum that do not support PUSH0.
0xpep7
medium
Project may fail to be deployed to Arbitrum chain
Summary
Real Wagmi project plans to deploy their smart contracts on multiple EVM-compatible blockchains. To ensure compatibility and consistency, they have compiled all their smart contracts using Solidity pragma version 0.8.21. However, this particular version introduces a new opcode called PUSH0, which is only available starting from Solidity version 0.8.20. Since PUSH0 is not supported by certain chains, like Arbitrum, it poses a compatibility risk for Real Wagmi's contracts.
Vulnerability Detail
The root cause of the vulnerability is that Solidity pragma version 0.8.21 introduces the PUSH0 opcode, which may not be supported by all EVM-compatible chains. As a result, contracts compiled with this version of Solidity may not function correctly on chains that do not support the Shanghai hard fork. This incompatibility could affect the proper execution of Real Wagmi's contracts on certain blockchains.
Impact
The impact of this vulnerability is associated with the potential deployment and execution issues of Real Wagmi's smart contracts on chains not supporting the PUSH0 opcode. Using Solidity pragma version 0.8.21 could result in incorrect contract deployment and functionality on certain chains. Additionally, using different Solidity versions for compiling contracts on various chains can lead to bytecode variations affecting contract address determinism, possibly violating counterfactuality.
Code Snippet
https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L2 https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/Vault.sol#L2 https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/abstract/ApproveSwapAndPay.sol#L2 https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/abstract/DailyRateAndCollateral.sol#L2 https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/abstract/LiquidityManager.sol#L2 https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/abstract/OwnerSettings.sol#L2 https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/libraries/Constants.sol#L2
Tool used
Manual Review
Recommendation
To address this compatibility risk, it is recommended that Real Wagmi consider changing the Solidity pragma version to 0.8.19 for all relevant contracts. This version, which does not include the PUSH0 opcode, may ensure better compatibility across various EVM-compatible chains.
Alternatively, Real Wagmi could explore setting the
evm_versionto "paris" when compiling, which can help ensure compatibility with different chains, including those like Arbitrum that do not support PUSH0.References:
Duplicate of #84