Closed code423n4 closed 3 years ago
fairside-core
commented
3 years ago The pragma statements were left unlocked to allow flexibility in development. I believe that since this is not a functional finding, it should be marked as 0 (non-critical).
cemozerr
commented
3 years ago Duplicate of https://github.com/code-423n4/2021-05-fairside-findings/issues/25. Labeling it as low risk as it could indeed cause the contracts to accidentally be compiled or deployed using an outdated or buggy compiler version
Handle
shw
Vulnerability details
Impact
In most contracts, the pragma statements are declared as
pragma solidity >=0.6.0 <0.8.0;, which are unlocked and could cause the contracts to accidentally be compiled or deployed using an outdated or buggy compiler version.Proof of Concept
Referenced code: Please use
grep -R pragma .to find the unlocked pragma statements.Recommended Mitigation Steps
Should lock pragmas to a specific compiler version. Besides, consider the known compiler bugs in the following references and check whether the contracts include those bugs.
Solidity compiler bugs: Solidity repo - known bugs Solidity repo - bugs by version