Rapid Coffee Nuthatch
High
https://github.com/sherlock-audit/2024-11-vvv-exchange-update/blob/main/vvv-platform-smart-contracts/contracts/vc/VVVVCTokenDistributor.sol#L2 https://github.com/sherlock-audit/2024-11-vvv-exchange-update/blob/main/vvv-platform-smart-contracts/contracts/vc/VVVVCInvestmentLedger.sol#L2C1-L2C24 Vulnerability Details Using Solidity version 0.8.20+ introduces the PUSH0 opcode, but its support is inconsistent across different blockchains. As of now, the deployment status is as follows:
Arbitrum: ❌ No support for PUSH0 BNB Chain: ❌ No support for PUSH0 Avalanche: ❌ No support for PUSH0 Ethereum: ✅ PUSH0 is supported Base: ✅ PUSH0 is supported This lack of uniform support could lead to compatibility issues when deploying across different chains. Impact
- Failed deployments on multiple major chains
- Wasted gas fees
- Broken cross-chain functionality
- Project deployment delays
Mitigation Recommended
- Primary Solution:
# foundry.toml
[profile.default]
src = 'contracts'
out = 'out'
libs = ['node_modules', 'lib']
test = 'test'
cache_path = 'cache_forge'
- solc_version = '0.8.23'
+ solc_version = '0.8.19' # Downgraded from 0.8.23 for cross-chain compatibility
+ evm_version = 'paris' # Prevents PUSH0 opcode usage
runs = 2000
auto_detect_remappings = false