Floating pragma version in all contract
Summary
Pragma directives should be fixed to clearly identify the Solidity version with which the contracts will be compiled. Throughout the codebase, multiple instances of floating pragma directives (^0.8.23) being used were identified.
Vulnerability Details
The floating Pragma specifies an array of compiler versions for smart contract compilation. A pragma version does not affect the compiler's version and can only instruct the compiler to check if it matches the Pragma. If the result is negative, the compiler generates an error.
Impact
The primary risk is that using different compiler versions could introduce incompatibilities and potential security vulnerabilities. If a floating version resolves to a newer compiler that includes breaking changes or deprecated features, it could result in runtime errors or unexpected behavior on EVM-compatible chains that do not support those changes. This inconsistency may lead to loss of funds, failed transactions, or exploit opportunities for attackers targeting these discrepancies.
Tools Used
Manual analyzed
Recommendations
Consider using fixed pragma directives.
Lead Judging Commences
Floating Pragma
Floating pragma usage could lead to compilation inconsistencies
Floating Pragma
Floating pragma usage could lead to compilation inconsistencies
Appeal created
Floating Pragma
Floating pragma usage could lead to compilation inconsistencies
Floating Pragma
Floating pragma usage could lead to compilation inconsistencies
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.