Improper Compiler Version Declaration in Vyper Contract
Summary
The contract uses an incorrect syntax to declare the Vyper compiler version: # pragma version 0.4.0. In Vyper, compiler versions must be specified using the # @version directive. Failing to properly lock the compiler version can result in the contract being compiled with unintended Vyper versions, leading to potential inconsistencies, breaking changes, or security vulnerabilities.
Vulnerability Details
The following incorrect version declaration was found:
This is not recognized by the Vyper compiler and will be treated as a plain comment, meaning no compiler version enforcement will occur.
Impact
Compiler version is not locked, leading to the risk of compiling the contract under unintended or incompatible Vyper versions.
Potential breaking changes or security issues if future compiler updates alter behavior.
May cause deployment errors or unintended runtime logic if compiled with the wrong Vyper version.
Tools Used
Manual code review
Recommendations
Replace the incorrect version declaration with the correct # @version directive.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.