This page is a placeholder. All examples on this page are currently AI-generated and are not correct. This documentation will be completed in the future with accurate, tested examples.
Overview
Opcode: 0x56
Introduced: Frontier (EVM genesis)
JUMP performs an unconditional jump to a destination in the bytecode. The destination MUST be a valid JUMPDEST opcode - any other destination causes InvalidJump error and halts execution.
This strict validation prevents arbitrary code execution and maintains the EVM’s security model.
Specification
Stack Input:
Stack Output: None
Gas Cost: 8 (GasMidStep)
Operation:
Behavior
JUMP alters program flow by changing the program counter:
- Consumes 8 gas (GasMidStep)
- Pops destination address from stack
- Validates destination is valid JUMPDEST
- Updates program counter to destination
- Execution continues at new location
Validation Requirements:
- Destination must be JUMPDEST opcode (0x5b)
- Destination must not be inside PUSH data
- Destination must be within bytecode bounds
- Failure causes InvalidJump error
Examples
Basic Jump
Function Call Pattern
Bytecode pattern:
Invalid Jump
Jump Into PUSH Data
Gas Cost
Cost: 8 gas (GasMidStep)
Comparison:
- JUMP: 8 gas (unconditional)
- JUMPI: 10 gas (conditional)
- PC: 2 gas (read counter)
- JUMPDEST: 1 gas (destination marker)
Total Jump Cost:
Edge Cases
Out of Bounds
Destination Too Large
Stack Underflow
Jump to Self
Common Usage
Function Calls
Solidity internal functions use JUMP for calls:
Compiled pattern:
Switch Statements
Early Exit
Implementation
Testing
Test Coverage
Security
Jump Validation is Critical
Without validation, arbitrary code execution:
EVM prevents this:
- Destination MUST be JUMPDEST
- JUMPDEST cannot be in PUSH data
- Static analysis pre-validates all JUMPDESTs
Dynamic Jump Attacks
VULNERABLE pattern:
Attack scenario:
- Attacker finds valid JUMPDEST in unintended code path
- Bypasses access control or validation logic
- Executes privileged operations
SAFE pattern:
Infinite Loops
JUMP can create infinite loops that consume all gas:
Not a vulnerability:
- Gas limit prevents DoS
- Only affects caller
- Transaction reverts on out-of-gas
JUMPDEST Analysis
Bytecode analysis must handle PUSH data correctly:
Valid JUMPDEST is only at position 3, not position 1.
Implementation must:
- Skip PUSH data during analysis
- Mark only real JUMPDESTs as valid
- Reject jumps into PUSH data
Compiler Behavior
Function Dispatch
Solidity generates jump tables:
Compiled dispatch (simplified):
Internal Function Calls
Compiled to:
References