15,000 USDC
View results
Submission Details
Severity: low
Valid

Pragma isn't specified correctly which can lead to nonfunction/damaged contract when deployed on Arbitrum

Summary

Pragma isn't specified correctly which can lead to a nonfunction/damaged contract when deployed on Arbitrum

Vulnerability Details

Pragma has been set to ^0.8.18 allowing the contracts to be compiled with version 0.8.20. The problem with this is that Arbitrum is NOT compatible with 0.8.20 and newer. Contracts compiled with those versions will result in a nonfunctional or potentially damaged version that won't behave as expected. The default behaviour of the compiler would be to use the newest version which would mean by default it will be compiled with the 0.8.20 version which will produce broken code.

For more info - https://docs.arbitrum.io/solidity-support

The foundry.toml file also does not specify which solidity version will be used. The project is meant to be forked and is meant to be deployed on any EVM-compatible chain. Hence, a specific version needs to be used.

Impact

Damaged or nonfunctional contracts when deployed on Arbitrum

Tools Used

Manual review

Recommendations

Constrain the pragma version:

pragma solidity >=0.8.0 <=0.8.19

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.