Summary

The code uses the string.concat function, which is not available in Solidity 0.8.22, potentially causing the contract to fail to compile or operate correctly.

Finding Description

The function string.concat is used in the uri function within OWPIdentity.sol. This function is incompatible with Solidity version 0.8.22, as it does not support string.concat. This incompatibility could lead to issues during compilation and deployment.

The primary issue here is the absence of support for string.concat in the specified Solidity version, which undermines the reliability of the contract’s execution. Without fixing this, a contract intended for deployment on Ethereum or other EVM chains using this version may be at risk of failing or malfunctioning.

Vulnerability Details

The vulnerability lies in the use of a function that is not supported in the specified version of Solidity. Since string.concat is not available, the function call will cause a compilation error, leading to a failed deployment and making the contract unusable on-chain. This could prevent the contract from being deployed or require urgent patching.

Impact

Impact Level: Medium

The use of unsupported functions in a Solidity contract affects the contract's operational integrity, primarily through deployment failure. If this code is intended for an on-chain deployment, it could potentially cause downtime and reputation damage if discovered in production.

Proof of Concept

In the function uri in OWPIdentity.sol:

This line uses string.concat, which is not available in Solidity 0.8.22, causing a compilation error.

Recommendations

To fix this issue, use abi.encodePacked to concatenate strings. This approach is compatible with Solidity 0.8.22 and achieves the same outcome without using string.concat.

Fixed Code Example:

This modification allows the contract to compile and operate as expected in Solidity 0.8.22.

File location

OWPIdentity.sol