Pragma isn't specified correctly which can lead to nonfunction/damaged contract when deployed on Arbitrum
Summary
Pragma isn't specified correctly which can lead to a nonfunction/damaged contract when deployed on Arbitrum.
Vulnerability Details
When asked about the chains that the project is going to be deployed on, the sponsor said that the current plan is to deploy on Optimism but might also be deployed on other EVM-compatible chains. This means the protocol can be deployed on Arbitrum too. This is where not specifying the pragma becomes problematic. Pragma has been set to ^0.8.19 allowing the contracts to be compiled with any version greater than or equal to 0.8.19. The problem with this is that Arbitrum is not compatible with 0.8.20 and newer - https://docs.arbitrum.io/solidity-support. Contracts compiled with those versions will result in a nonfunctional or potentially damaged version that won't behave as expected. The default behaviour of the compiler would be to use the newest version which would mean by default it will be compiled with the newest version, which will produce broken code. What is important to note here is that the foundry.toml file does not specify any compiler version, hence chances are high that the code will be compiled with versions greater than 0.8.19.
Impact
Damaged or nonfunctional contracts when deployed on Arbitrum
Tools Used
Manual review
Recommendations
Do the following:
pragma solidity >=0.8.0 <=0.8.19
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.