frank-beard
commented
2 years ago solidity complier version issues are considered out of scope
Open code423n4 opened 2 years ago
frank-beard
commented
2 years ago solidity complier version issues are considered out of scope
GalloDaSballo
commented
2 years ago Appreciate flagging up, but setting to non-critical
Handle
0xRajeev
Vulnerability details
Impact
The contracts use the latest Solidity compiler version 0.8.7 released in August. While this version supports the London upgrade among other optimizations and internal bug fixes, using the latest solc version may also be susceptible to undiscovered bugs that may be discovered and fixed in a few months.
Proof of Concept
https://github.com/code-423n4/2021-09-defiProtocol/blob/52b74824c42acbcd64248f68c40128fe3a82caf6/contracts/contracts/Factory.sol#L1
Tools Used
Manual Analysis
Recommended Mitigation Steps
Consider using a few releases older e.g. 0.8.4 which has been around for a few more months and so a bit more time-tested.