jkilpatr
commented
2 years ago I'm on the fenced if this should be severity 0 or 1, I suppose low risk is a good classification considering there is in fact a risk of an insecure solidity version being used but I would like a clear example of a vulnerable version within the range of currently possible versions that would have an impact.
Duplicate of #42
albertchon
Handle
shw
Vulnerability details
Impact
Unlocked/floating pragma is used in the
Gravitycontract. Locking the pragma helps ensure that the contract is not accidentally deployed using an outdated compiler version with unfixed bugs.Proof of Concept
Referenced code: Gravity.sol#L1
Recommended Mitigation Steps
Lock pragmas to a specific Solidity version. Consider the compiler bugs in the following links and ensure that they do not affect the contract. It is also recommended to use the latest version of Solidity when writing and deploying contracts (see Solidity docs).
Related links: Solidity repo - known bugs Solidity repo - bugs by version