False positive: "Source file does not specify required compiler version"

[PaulRBerg]

All of my contracts have the following pragma:

pragma solidity >=0.5.0 <0.6.0;

When I run truffle-security though, I get this:

Warning: Source file does not specify required compiler version! Consider adding "pragma solidity ^0.5.7;"

[nbanmp]

As this is not an issue directly related to truffle-security itself, but instead with the api behind it, I have transferred the issue to the mythx-developer-support repository.

[nbanmp]

Not specifying an exact compiler version can result in potentially undesired behavior, and this is what MythX is reporting.

From https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-103:

Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

Do you have a suggestion for a clearer warning message to avoid the confusion?

[nbanmp]

Closing this issue for now. If you disagree, please re-open it with any comments / questions.