Skip to main content
This page is a placeholder. All examples on this page are currently AI-generated and are not correct. This documentation will be completed in the future with accurate, tested examples.

Overview

Opcode: 0x56 Introduced: Frontier (EVM genesis) JUMP performs an unconditional jump to a destination in the bytecode. The destination MUST be a valid JUMPDEST opcode - any other destination causes InvalidJump error and halts execution. This strict validation prevents arbitrary code execution and maintains the EVM’s security model.

Specification

Stack Input:
Stack Output: None Gas Cost: 8 (GasMidStep) Operation:

Behavior

JUMP alters program flow by changing the program counter:
  1. Consumes 8 gas (GasMidStep)
  2. Pops destination address from stack
  3. Validates destination is valid JUMPDEST
  4. Updates program counter to destination
  5. Execution continues at new location
Validation Requirements:
  • Destination must be JUMPDEST opcode (0x5b)
  • Destination must not be inside PUSH data
  • Destination must be within bytecode bounds
  • Failure causes InvalidJump error

Examples

Basic Jump

Function Call Pattern

Bytecode pattern:

Invalid Jump

Jump Into PUSH Data

Gas Cost

Cost: 8 gas (GasMidStep) Comparison:
  • JUMP: 8 gas (unconditional)
  • JUMPI: 10 gas (conditional)
  • PC: 2 gas (read counter)
  • JUMPDEST: 1 gas (destination marker)
Total Jump Cost:

Edge Cases

Out of Bounds

Destination Too Large

Stack Underflow

Jump to Self

Common Usage

Function Calls

Solidity internal functions use JUMP for calls:
Compiled pattern:

Switch Statements

Early Exit

Implementation

Testing

Test Coverage

Security

Jump Validation is Critical

Without validation, arbitrary code execution:
EVM prevents this:
  • Destination MUST be JUMPDEST
  • JUMPDEST cannot be in PUSH data
  • Static analysis pre-validates all JUMPDESTs

Dynamic Jump Attacks

VULNERABLE pattern:
Attack scenario:
  • Attacker finds valid JUMPDEST in unintended code path
  • Bypasses access control or validation logic
  • Executes privileged operations
SAFE pattern:

Infinite Loops

JUMP can create infinite loops that consume all gas:
Not a vulnerability:
  • Gas limit prevents DoS
  • Only affects caller
  • Transaction reverts on out-of-gas

JUMPDEST Analysis

Bytecode analysis must handle PUSH data correctly:
Valid JUMPDEST is only at position 3, not position 1. Implementation must:
  1. Skip PUSH data during analysis
  2. Mark only real JUMPDESTs as valid
  3. Reject jumps into PUSH data

Compiler Behavior

Function Dispatch

Solidity generates jump tables:
Compiled dispatch (simplified):

Internal Function Calls

Compiled to:

References