Last Man Standing

First Flight #45

Beginner FriendlyFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: medium

Invalid

Solidity pragma should be specific, not wide

sidrahh12

Solidity pragma should be specific, not wide

Description

Solidity pragma versions should be as specific as possible to ensure consistent compiler behavior across different environments. Using a wide version range (^) allows multiple compiler versions to be used.
The current implementation uses a wide version range (^0.8.20), which could lead to:
- Unexpected behavior if different compiler versions are used
- Potential security issues if newer compiler versions introduce breaking changes
- Inconsistent verification results across platforms

pragma solidity ^0.8.20; // @> Wide version range allows multiple compiler versions

Risk

Likelihood:

Different team members or deployment environments may use different compiler versions
Future compiler versions may introduce unexpected behavior

Impact:

Potential inconsistencies in contract behavior
Verification challenges across different platforms
Possible introduction of undetected vulnerabilities

Proof of Concept

Developer A installs latest Solidity (0.8.25) which satisfies ^0.8.20
Developer B uses pinned version (0.8.20)
CI system uses 0.8.22 (latest in its package cache)
All compile successfully but produce different bytecode:

// Example of how different compiler versions could be used:

// Developer A uses 0.8.20

// Developer B uses 0.8.25

// CI system uses 0.8.22

// All would be considered valid but might produce different results

Recommended Mitigation

Additional recommendations:

Document compiler version in README.md

- pragma solidity ^0.8.20;

+ pragma solidity 0.8.20;

Updates

Appeal created

inallhonesty Lead Judge 16 days ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.