Summary

Contracts should be deployed using the same compiler version/flags with which they have been tested. Locking the floating pragma, i.e. by not using ^ in pragma solidity ^0.8.20, ensures that contracts do not accidentally get deployed using an older compiler version with unfixed bugs.

Refer

https://swcregistry.io/docs/SWC-103

Impact

It accidentally gets deployed using an older compiler version with unfixed bugs.

Contracts Vulnerable

├── contracts
│ ├── Distribution.sol
│ ├── L1Sender.sol
│ ├── L2MessageReceiver.sol
│ ├── L2TokenReceiver.sol
│ ├── MOR.sol
│ ├── interfaces
│ │ ├── IDistribution.sol
│ │ ├── IL1Sender.sol
│ │ ├── IL2MessageReceiver.sol
│ │ ├── IL2TokenReceiver.sol
│ │ ├── IMOR.sol
│ │ ├── tokens
│ │ │ ├── IStETH.sol
│ │ │ └── IWStETH.sol
│ │ └── uniswap-v3
│ │ └── INonfungiblePositionManager.sol
│ ├── libs
│ │ └── LinearDistributionIntervalDecrease.sol
│ └── mock
│ ├── DistributionV2.sol
│ ├── GatewayRouterMock.sol
│ ├── L1SenderV2.sol
│ ├── L2MessageReceiverV2.sol
│ ├── L2TokenReceiverV2.sol
│ ├── NonfungiblePositionManagerMock.sol
│ ├── SwapRouterMock.sol
│ └── tokens
│ ├── StETHMock.sol
│ └── WStETHMock.sol

Tools Used

Nothing

Recommendations

Remove ^ in “pragma solidity ^0.8.20” and change it to “pragma solidity 0.8.20” to be consistent with the rest of the contracts.

-pragma solidity ^0.8.20;
+pragma solidity 0.8.20;