Summary

The identified vulnerability involves using a dangling/wide version of Solidity in the contracts, exemplified by pragma solidity ^0.8.20 instead of the more secure locked pragma solidity 0.8.20.

Vulnerability Details

The vulnerability arises from the lack of specificity in the Solidity compiler version specified in the contracts. For instance, pragma solidity ^0.8.20 leaves the codebase susceptible to relying on default compiler settings, introducing potential inconsistencies and deployment failures, especially on Ethereum chains that do not support specific opcodes or features introduced in later compiler versions.

Impact

The vulnerability introduces potential risks and compatibility issues across different Ethereum chains. Not specifying a precise Solidity compiler version in the contracts may result in deployment failures, particularly on chains that do not support certain opcodes or features introduced in later compiler versions.

Tools Used

Manual Review

Recommendations

It is strongly recommended to explicitly specify the Solidity compiler version in pragma statements within the contracts. For example, adopting pragma solidity 0.8.20 ensures compatibility and consistent behavior across different Ethereum chains.