Submission Details
Severity:
Non-Specific Solidity Pragma Version
Summary
The contract uses a floating pragma ^0.8.13 which allows compilation with any compatible version above 0.8.13, potentially introducing inconsistencies and bugs.
Vulnerability Details
function test_PragmaVersion() public {
// Test compilation with different versions
vm.setEnv("FOUNDRY\_SOLC\_VERSION", "0.8.13");
TwentyOne oldVersion = new TwentyOne();
vm.setEnv("FOUNDRY\_SOLC\_VERSION", "0.8.20");
TwentyOne newVersion = new TwentyOne();
// Verify behavior across versions
address player = makeAddr("player");
vm.deal(player, 2 ether);
vm.startPrank(player);
// Compare card generation between versions
oldVersion.startGame{value: 1 ether}();
uint256\[] memory oldCards = oldVersion.getPlayerCards(player);
newVersion.startGame{value: 1 ether}();
uint256\[] memory newCards = newVersion.getPlayerCards(player);
// Different compiler versions could produce different results
assertFalse(
keccak256(abi.encodePacked(oldCards)) ==
keccak256(abi.encodePacked(newCards))
);
}
Impact
Potential inconsistent behavior across different Solidity versions
Risk of introducing bugs from newer compiler versions
Deployment issues on different chains with varying compiler support
Tools Used
Manual code review
Foundry test framework
Multiple Solidity compiler versions
Recommendations
Lock the pragma to a specific version:
// Before
pragma solidity ^0.8.13;
// After
pragma solidity 0.8.13;
Rewards breakdown
nSLOC
147This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.