Use of Floating Pragma Version Instead of a Strict One
Summary
The smart contracts use floating pragma versions, which can lead to the unintentional use of outdated or incompatible Solidity compiler versions, potentially introducing bugs or security vulnerabilities.
Vulnerability Details
Floating pragma statements (e.g., ^0.8.0) specify a range of acceptable compiler versions rather than locking to a specific version. This can result in:
Deployment with compiler versions that introduce breaking changes or semantic differences.
Exposure to experimental features that haven't been thoroughly tested.
Difficulties in reproducing builds, making debugging and auditing more complex.
Strict versioning ensures consistency across environments and avoids surprises caused by compiler updates.
Impact
The use of floating pragmas can compromise contract stability, security, and reproducibility.
Tools Used
Manual Code Review
Recommendations
Use an exact compiler version (e.g., pragma solidity 0.8.23;) to ensure predictable and secure contract behavior.
Lead Judging Commences
Floating Pragma
Floating pragma usage could lead to compilation inconsistencies
Floating Pragma
Floating pragma usage could lead to compilation inconsistencies
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.