Moonwell

Summary

In the MErc20DelegateMadFixer and MErc20DelegateFixer contracts, the current pragma version in use is pragma 0.5.17. While this version is still functional, and some security issues safely implemented by mitigating contracts with other utility contracts such as SafeMath.sol, the risk to the long-term sustainability and integrity of the solidity code increases.

Vulnerability Details

The use of pragma 0.5.17 may expose the contracts to potential vulnerabilities and deprecated functionalities. Newer versions of Solidity introduce various improvements, bug fixes, and security enhancements. By sticking to an older version, the code may miss out on these improvements and could potentially be vulnerable to known exploits or vulnerabilities that have been patched in later versions.

Impact

Using an outdated pragma version like 0.5.17 increases the risk of encountering vulnerabilities or deprecated features that could lead to contract failures, loss of funds, or exploitation by malicious actors. It also hinders the adoption of newer, more secure coding practices and features available in the latest versions of Solidity.

Tools Used

Manual Review

Recommendations

If possible, consider using the latest stable pragma version that has been thoroughly tested to prevent potential undiscovered vulnerabilities, such as pragma between 0.6.12 - 0.7.6, or the latest pragma 0.8.9. For example, after the Solidity version 0.8.0 arithmetic operations revert to underflow and overflow by default, by using this version, utility contracts like SafeMath.sol would not be needed.