Use of non-locked `pragma` for non-library/interface contract
Summary
A non-locked pragma is being used for a non-library/interface contract.
Vulnerability Details
There are 4 instances of this issue.
| File Link | Instance Count | Instance Link |
|---|---|---|
| Beedle.sol | 1 | 2 |
| File Link | Instance Count | Instance Link |
|---|---|---|
| Fees.sol | 1 | 2 |
| File Link | Instance Count | Instance Link |
|---|---|---|
| Lender.sol | 1 | 2 |
| File Link | Instance Count | Instance Link |
|---|---|---|
| Ownable.sol | 1 | 2 |
Impact
While floating pragmas can make sense for libraries to allow them to be included with multiple different versions of applications, it may be a security risk for application implementations. A known vulnerable compiler version may accidentally be selected or security tools might fall-back to an older compiler version. It is recommended to pin to a concrete compiler version. See Locking Pragmas for more information.
Tools Used
baudit: a custom static code analysis tool; manual review
Recommendations
Avoid floating pragmas for non-library/interface contracts.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.