search

Cyfrin / 2023-07-beedle

19 stars 17 forks source link

Use fixed solidity version #643

Open codehawks-bot opened 1 year ago

codehawks-bot commented 1 year ago

Use fixed solidity version

Severity

Low Risk

Relevant GitHub Links

https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Beedle.sol#L2

https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Staking.sol#L2

https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Fees.sol#L2

https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L2

Summary

Vulnerability Details

The contract contains "^" while defining the solidity version. It means that it will accept any solidity version at that version or the latest one. Compiling with a newly released version of solidity may result in the code having multiple bugs which would be fixed over time but the contract would already be using it which might result in unexpected behavior.

Impact

The compiler for Solidity 0.8.20 switches the default target EVM version to Shanghai, which includes the new PUSH0 opcode. This opcode may not yet be implemented on all L2s, so deployment on these chains will fail. To work around this issue, use an earlier & fixed EVM version. While the project itself may or may not compile with 0.8.20, other projects with which it integrates, or which extend this project may, and those projects will have problems deploying these contracts/libraries.

Tools Used

Manual Review

Recommendations

Use a fixed solidity version.

pragma solidity 0.8.19;
PatrickAlphaC commented 1 year ago

good suggestion, not security issue per se, moving to info.