Solidity Pragma should be specific, and latest solidity compiler version
Description:
Using a strict version of solidity ensures locking the version ensures that contracts are not deployed with a different version of solidity than they were tested with. A wide version might cause unintended results, unexpected behavior or security risks if future versions introduce changes or bugs. Also, using the latest solidity version is adviceable.
Impact:
Compiler Changes: Can cause unexpected bugs due to differences in compiler behavior.
Security Risks: This may expose the contract to known vulnerabilities in older compiler versions.
Inconsistent Behavior: This leads to unpredictable contract behavior across different environments.
Instances
Here are the three (3) instances found
-
Found in src/LikeRegistry.sol Line: 2
-
Found in src/MultiSig.sol Line: 2
-
Found in src/SoulboundProfileNFT.sol Line: 2
Tool Used:
Manual Review
Recommended Mitigation:
Use a specific version of Solidity and the latest version of solidity instead of a wide version in your contracts. For example, instead of pragma solidity ^0.8.25;, use pragma solidity 0.8.25;
Appeal created
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.