Unlocked pragma
Summary
The Soulmate contracts contain an unlocked pragma statement. An unlocked pragma allows the compiler version to be changed at any time, which can lead to unpredictable behavior and potential security risks.
Vulnerability Details
The pragma statement used is:
This does not lock the contract to a specific compiler version. Leaving the pragma unlocked means different compiler versions could compile the contract as the project progresses, which may introduce breaking changes.
Impact
An unlocked pragma:
Opens the contract up to changes and incompatibilities as compiler versions advance.
Can result in unexpected behavior if newer compiler versions handle code differently.
Is less secure since new compiler versions may expose issues not caught in initial audits.
This could lead to loss of funds, contract malfunction, or exploitation if vigilance around pragma changes decreases over time.
Tools Used
Manual Review
Recommendations
Lock the pragma version by specifying an exact compiler release, for example:
This guarantees compatibility and immutable behavior across the pragma as development continues. Locking the pragma prevents accidental errors that stem from undisciplined compiler version changes.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.