Puppy Raffle

AI First Flight #1

Beginner FriendlyFoundrySolidityNFT

EXP

View results

Previous Next

Submission Details

Impact: low

Likelihood: high

Invalid

I-02: Compiler version and build configuration clarity

dharmesh

Root + Impact

Description

Normal behavior: Builds should be reproducible so audits and deployments compile deterministically.
Specific issue: A caret pragma permits multiple compiler patch versions, which can create inconsistent compilation outputs across environments.

@> PuppyRaffle.sol:L2 (caret pragma allows multiple compiler versions)

@> 2: pragma solidity ^0.7.6;

Risk

Likelihood:

Reason 1 Caret pragma allows version drift over time and across systems.
Reason 2 Dependency/tooling differences can amplify inconsistencies.

Impact:

Impact 1 When this will occur: During compilation on different machines/CI environments over time.
Impact 2 Inconsistent builds reduce audit reproducibility and can hide version-specific behavior changes.
Impact 3 Tooling outputs can diverge, reducing confidence in analysis.

Proof of Concept

Relevant line:

@> PuppyRaffle.sol:L2 uses a caret pragma (^0.7.6).

PoC (reproducibility):

1) Compile the project using two different allowed 0.7.x compiler versions.

2) Observe differences in warnings/bytecode/tooling outputs across environments.

Recommended Mitigation

• Pin the compiler version exactly (e.g., pragma solidity 0.7.6) and align toolchain config.

• Document dependency versions and build steps for deterministic builds

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge 12 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!