Solidity pragma should be specific, not wide
Description
The contract uses a non-specific Solidity pragma version, which allows compilation with multiple versions of the Solidity compiler. While this does not directly introduce security vulnerabilities, it can lead to unexpected behavior if the contract is compiled with a newer Solidity version that introduces breaking changes or new optimizations.
For example, the following pragma statement allows any compiler version >= 0.8.0:
This means the contract could be compiled with 0.8.0, 0.8.1, ... 0.8.20, etc., potentially introducing unexpected changes in future Solidity releases.
Impact
Inconsistent behavior across deployments – A contract compiled today might behave differently if compiled in the future with a newer Solidity version.
Potential compatibility issues – Future Solidity versions may introduce breaking changes that affect the contract’s logic.
This issue does not impact security directly but is considered a best practice to ensure consistent contract behavior across different environments.
Tools Used
Aderyn
Recommendations
Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of pragma solidity ^0.8.19;, use pragma solidity 0.8.19;
Appeal created
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.