Sablier

Summary

This report highlights the presence of floating pragma directives within the smart contract codebase. Floating pragma directives, such as pragma solidity >=0.8.22;, can lead to inconsistencies in deployment environments and pose risks to the stability and security of the contract system.

Vulnerability Details

Floating pragma directives indicate that contracts may be deployed with different compiler versions or flags than those used during testing. This lack of version locking increases the likelihood of deployment errors and introduces potential vulnerabilities into the contract system.

Impact

The impact of floating pragma directives includes:

• Deployment Inconsistencies: Contracts deployed with different compiler versions or flags may behave differently than expected, leading to inconsistencies in contract behavior.

• Security Risks: Deploying contracts with untested or outdated compiler versions can introduce bugs or vulnerabilities that compromise the security of the contract system.

Tools Used

Manual code review

Recommendations

To mitigate the risks associated with floating pragma directives, it is recommended to lock pragma directives to specific compiler versions and flags. Ensure that contracts are deployed with the same compiler version and flags that they have been thoroughly tested with. Review and update pragma directives in all affected files, such as those in the src/ directories of v2-core and v2-periphery.

Note: The provided affected lines of code are just examples for the floating pragma. I did not see any added value in providing all the links, which would make the report harder to read. For that reason, I decided to simply point out that this issue is present in all the contracts within v2-core and v2-periphery.