Eggstravaganza

First Flight #37

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Solidity pragma should be specific not wide

cyfe45

Summary

The Solidity pragma directive is too wide, which can lead to inconsistencies in compiler behaviour across different environments.

Vulnerability Details

The codebase specifies a broad Solidity version range, allowing unintended compiler upgrades. This can result in discrepancies due to optimiser changes, new warnings, or security fixes introduced in newer versions.

A wide pragma such as:

pragma solidity ^0.8.23;

Permits compilation with any Solidity version greater than or equal to 0.8.23, potentially introducing unintended behaviour. This breaks the security guarantee of deterministic contract execution, as different compiler versions might generate slightly different bytecode.

3 Found Instances:

Found in src/EggHuntGame.sol [Line: 2]

pragma solidity ^0.8.23;

Found in src/Eggstravaganza.sol [Line: 2]

pragma solidity ^0.8.23;

Found in src/EggVault.sol [Line: 2]

pragma solidity ^0.8.23;

Impact

Subtle changes in compiler behaviour may cause unexpected issues, leading to potential vulnerabilities.

Tools Used

Manual review and Aderyn.

Recommendations

Specify an exact compiler version to ensure consistent behaviour across different deployments. Update the pragma statement to:

pragma solidity 0.8.23;

This ensures that the contract always compiles with a known, tested compiler version, reducing the risk of unintended side effects from future compiler updates.

Using an Importable Solidity File

Define a common Solidity version pragma in a separate file and import it into all your contracts.

Example:

Create a file named Pragma.sol:

// contracts/Pragma.sol

// SPDX-License-Identifier: MIT

pragma solidity 0.8.23;

Then, in all other contracts, import this file:

// contracts/MyContract.sol

// SPDX-License-Identifier: MIT

import "./Pragma.sol";

contract MyContract {

// Your contract logic

}

This ensures that all contracts use the same Solidity version.

Using Foundry Configurations

Use Foundry to specify the Solidity version in the project configuration:

Foundry (foundry.toml)

[profile.default]

solc_version = "0.8.23"

With this approach, even if individual Solidity files contain a broader pragma (e.g., ^0.8.23), the compiler will always use the specified version.

CI/CD Version Enforcement

For large teams or decentralised development, enforce a single Solidity version using Continuous Integration (CI) pipelines:

Run grep -rnw 'src' -e 'pragma solidity' --include \*.sol in the terminal to check for Solidity version inconsistency.

Reject builds if an incorrect Solidity version is used.

Updates

Lead Judging Commences

m3dython Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Floating Pragma

Floating pragma usage could lead to compilation inconsistencies

Floating Pragma

Floating pragma usage could lead to compilation inconsistencies

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.