search

code-423n4 / 2021-10-ambire-findings

0 stars 0 forks source link

use of floating pragma #51

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Handle

JMukesh

Vulnerability details

Impact

Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.

Proof of Concept

most of contract used floating pragma

Tools Used

manual review

Recommended Mitigation Steps

use fixed solidity version

Ivshti commented 2 years ago

resolved in https://github.com/AmbireTech/adex-protocol-eth/commit/0580f13b96202f6570f8b56db7df197303511e19

GalloDaSballo commented 2 years ago

Usage of a fixed pragma can also be enforced via the compiler settings in the framework (hardhat, brownie) as such code behaves predictably

That said, the sponsor has implemented the fix and as such the finding was helpful