Risk of Deploying Contracts with Unlocked Pragma
Summary
Unlocked pragma (for e.g. by not using ^ in pragma solidity 0.7.6) can lead the contract to accidentally get deployed using an older compiler version with unfixed bugs
Vulnerability Details
This vulnerability is related to using an unlocked pragma in the contract. For example, not using the ^ symbol in the pragma statement like pragma solidity 0.7.6 can lead to the accidental deployment of the contract using an older compiler version. Older compiler versions may have known bugs or vulnerabilities that have been addressed in later versions.
Impact
Deploying contracts with an unlocked pragma may result in deploying the contract with an outdated compiler version. This can lead to vulnerabilities and bugs that have been previously fixed in more recent compiler releases. The impact can range from minor inconveniences to severe security vulnerabilities, depending on the specific compiler version and the bugs or vulnerabilities present in it.
Tools Used
Manual
Recommendations
The Contract should be deployed using the same compiler version/flags with which they have been tested. Locking the pragma (for e.g. by not using ^ in pragma solidity 0.7.6) ensures that contract do not accidentally get deployed using an older compiler version with unfixed bugs.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.