search

code-423n4 / 2021-06-pooltogether-findings

0 stars 0 forks source link

Floating Pragma #74

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

JMukesh

Vulnerability details

Impact

Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

https://swcregistry.io/docs/SWC-103

Proof of Concept

https://github.com/code-423n4/2021-06-pooltogether/blob/85f8d044e7e46b7a3c64465dcd5dffa9d70e4a3e/contracts/ControlledToken.sol#L3

https://github.com/code-423n4/2021-06-pooltogether/blob/85f8d044e7e46b7a3c64465dcd5dffa9d70e4a3e/contracts/PrizePool.sol#L3

https://github.com/code-423n4/2021-06-pooltogether/blob/85f8d044e7e46b7a3c64465dcd5dffa9d70e4a3e/contracts/StakePrizePool.sol#L3

https://github.com/code-423n4/2021-06-pooltogether/blob/85f8d044e7e46b7a3c64465dcd5dffa9d70e4a3e/contracts/Ticket.sol#L3

https://github.com/code-423n4/2021-06-pooltogether/blob/85f8d044e7e46b7a3c64465dcd5dffa9d70e4a3e/contracts/Ticket.sol#L3

Tools Used

manual analysis

Recommended Mitigation Steps

use fixed solidity version for ex- pragma solidity 0.6.12

asselstine commented 3 years ago

See https://github.com/code-423n4/2021-06-pooltogether-findings/issues/109

dmvt commented 3 years ago

duplicate of #109