search

code-423n4 / 2021-09-yaxis-findings

0 stars 0 forks source link

Old Solidity compiler version #29

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact

The solc version used is 0.6.12 which was released in July 2020 (one year is a long time for Solidity given the fast release pace) and is two breaking releases behind. This misses several optimizations and the built-in arithmetic checks in 0.8.x.

Proof of Concept

https://github.com/sushiswap/miso/blob/2cdb1486a55ded55c81898b7be8811cb68cfda9e/contracts/Auctions/BatchAuction.sol#L1

Tools Used

Manual Analysis

Recommended Mitigation Steps

Consider upgrading to 0.7.x if not 0.8.x.

GalloDaSballo commented 3 years ago

Duplicate of #98

loudoguno commented 3 years ago

adding duplicate label as per judge in findings sheet