GivingThanks

Summary:

The GivingThanks contract and Charity Register solidity pragma version is wide and not specific which makes it vulnerable to compatibility issues and security risks. The version (^0.8.0) allows the compiler to use any version of solidity.

Vulnerability Details:

There is lack of a specific solidity pragma version in the GivingThanks and Charity Register contracts;

1. The contracts are open to potential security vulnerabilities when a newer compiler version is introduced which may introduce bugs.

2. Lack of specific pragma version can cause inconsitent audit reports meaning various audidtors can compile the contract with different solidity compiler versions and can also lead to missed vulnerability.

3. There will be unintended changes in the compiler behaviour when a different solidity version compiler is introduced (such as; bug fixes, patch updates or even new features) during compilation.

Impact:

1. The severity is low.

2. Using a wide solidity pragma version can lead compilation issues and increase unreliablity of audits.

Tools Used:

1. Manual code review.

2. Aderyn.

Recommendations:

Introduce a specific version of Solidity in the following GivingThanks andCharity Register, such as;

• src/CharityRegistry.sol

  pragma solidity 0.8.20;

  ​

• src/GivingThanks.sol

  pragma solidity 0.8.20;