Open codehawks-bot opened 1 year ago
[ESCALATION] @PatrickAlphaC the sponsor stated that this would be deployed on Optimism and not Arbitrium.
This issue is only valid on Arbitrium.
[ESCALATION] It should be low as the contract can be redeployed, rest of the issues with the same finding is marked as LOW. This should be LOW as no funds at risk.
If they deployed it, and sent funds to it, and a part of it didn't work, that would be a high issue. I will agree, this report is not very good, as it's not clear what exactly the exploit path is, but this seems like a big issue.
Impact: HIGH Likelihood: LOW
Keeping as medium.
Pragma non-specification can lead to non-functional / corrupted contract when deployed on Arbitrum
Severity
Medium Risk
Relevant GitHub Links
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Staking.sol#L2
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L2
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Fees.sol#L2
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Beedle.sol#L2
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/interfaces/IERC20.sol#L2
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/interfaces/ISwapRouter.sol#L2
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/utils/Errors.sol#L2
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/utils/Ownable.sol#L2
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/utils/Structs.sol#L2
Summary
Pragma has been set to ^0.8.19 allowing the contracts to be compiled with a compiler equal or greater than 0.8.19. The problem with compiling is that Arbitrum is NOT compatible with 0.8.20 and later.
Vulnerability Details
Contracts compiled with non specified versions will result in a non-functional or potentially damaged version that won't behave as expected. The default behaviour of compiler would be to use the newest version which would mean by default it will be compiled with the 0.8.20 version which will produce broken code.
Impact
Corrupted or non-functional contracts when deployed on Arbitrum.
Tools Used
Manual Review
Recommendations
Lock or Constrain pragma as follows: pragma solidity 0.8.19 or pragma solidity >=0.8.0 <=0.8.19