Submission Details
Impact:
Likelihood:
Floating Pragma
Root + Impact
Description
The contract uses a floating pragma (^), allowing the contract to be compiled with any compiler version starting from 0.8.24 up to, but not including, 0.9.0.
@>
Risk
Likelihood: Low
-
Different compiler versions will be used across different development environments and deployments
-
CI/CD pipelines might use the latest compatible version automatically
Impact:
-
Different compiler versions may introduce inconsistent behaviour
-
Bug fixes and optimizations in specific versions might be missed
-
Security patches in newer versions might not be applied consistently
Proof of Concept
// This contract can be compiled with multiple versions:
// Could use 0.8.24, 0.8.25, 0.8.26, etc.
contract SnowmanAirdrop is EIP712, ReentrancyGuard {
// Contract code...
}
// Deployment 1 (Local): Compiles with 0.8.24
// Deployment 2 (Test): Compiles with 0.8.25
// Deployment 3 (Prod): Compiles with 0.8.26
// Each deployment might behave slightly differently
Recommended Mitigation
// Remove this code
- pragma solidity ^0.8.24;
// Add this code
+ pragma solidity 0.8.24;
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.