Snowman Merkle Airdrop
First Flight #42
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: low
Invalid

Floating Pragma Issue

knowashish1997

Root + Impact

Description

  • Solidity pragma specifies the compiler version(s) that should be used to compile the contract. A fixed pragma ensures consistent compilation across different environments.

  • The caret symbol (^) allows the contract to be compiled with any version equal to or greater than 0.8.24, which could lead to inconsistent behaviour across different compiler versions.

/// SPDX-License-Identifier: MIT
@>pragma solidity ^0.8.24;

Risk

Likelihood: Low

  • Different development environments may use different compiler versions above 0.8.24

  • CI/CD pipelines might automatically use the latest compiler version available

Impact:

  • Different bytecode is generated across different environments

  • Potential optimization inconsistencies between deployments

Proof of Concept

// This contract can be compiled with any of these versions:
// 0.8.24
// 0.8.25 (when released)
// 0.8.26 (when released)
// etc.
pragma solidity ^0.8.24;
contract Snowman is ERC721, Ownable {
// Contract code...
}

Recommended Mitigation

- pragma solidity ^0.8.24;
+ pragma solidity 0.8.24;
contract Snowman is ERC721, Ownable {
// Contract code...
}
Updates

Lead Judging Commences

yeahchibyke Lead Judge about 1 month ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.