lucas-manuel
commented
3 years ago Informational, won't address
Open code423n4 opened 3 years ago
lucas-manuel
commented
3 years ago Informational, won't address
Handle
0xRajeev
Vulnerability details
Impact
The project is using Solidity compiler 0.6.11 which was released in July 2020, while the latest compiler version is 0.8.3. Using such an older version makes the project susceptible to any compiler bugs fixed since then and prevents it from leveraging the newly introduced features.
Proof of Concept
https://github.com/maple-labs/maple-core/blob/60a341f5cb4b5c4d85320d3ee1b2bae4322c5078/contracts/Loan.sol#L2
https://github.com/ethereum/solidity/releases/tag/v0.6.11
https://github.com/ethereum/solidity/releases/tag/v0.7.6
Tools Used
Manual Analysis
Recommended Mitigation Steps
Given Solidity’s fast release cycle, consider using a more recent version of the compiler, such as version 0.7.6.