The necessary conditions for it being dangerous are:
- Uses dynamic jumps
- Dynamic jump can arrive at an immediate arg containing
JUMPDEST - The code beginning at the newly valid
JUMPDESTdoes not execute an invalid opcode (orREVERT) beforeJUMP,JUMPI,RETURN, orSTOP.
Because solidity and vyper don’t make use of unbounded dynamic jumps, I predict very few (possibly zero) contracts will become vulnerable.
Nevertheless I also propose developing a static analysis tool to identify possibly vulnerable contracts:
A static analysis tool should be developed and made publicly available to test if a contract might become vulnerable, and the program should be run for all current contracts in order to notify projects about potential security issues.
Affected programs will have ample time to migrate.