NFT Dealers

First Flight #58

Beginner FriendlyFoundry

100 EXP

View all submissions

Previous Next

Submission Details

Impact: low

Likelihood: low

[L-3] Wide Solidity Pragma

Author Revealed upon completion

Root + Impact

Description

Both contracts use a floating pragma (^0.8.34), which allows compilation with any future 0.8.x release. New compiler versions may introduce breaking changes, undiscovered bugs, or different optimization behaviour. Locking to a specific version ensures reproducible builds and consistent behaviour across environments.

// src/NFTDealers.sol:2

@> pragma solidity ^0.8.34;

// src/MockUSDC.sol:2

@> pragma solidity ^0.8.34;

Risk

Likelihood:

A developer or CI pipeline using a newer 0.8.x compiler may produce different bytecode.
EVM version selection (e.g. Shanghai vs Cancun) can differ across compiler versions.

Impact:

Non-deterministic builds; potential incompatibility with L2 chains that don't support newer opcodes like PUSH0.

Proof of Concept

# Build with 0.8.34 — works as expected

solc --version # 0.8.34

# Build with hypothetical 0.8.40 — may produce different bytecode or enable new behaviour

Recommended Mitigation

Pin to an exact compiler version in both contracts.

-pragma solidity ^0.8.34;

+pragma solidity 0.8.34;

Rewards breakdown

nSLOC

253

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!