Open code423n4 opened 2 years ago
Usage of a fixed pragma can also be enforced via the compiler settings in the framework (hardhat, brownie) as such code behaves predictably
That said, the sponsor has implemented the fix and as such the finding was helpful
Handle
JMukesh
Vulnerability details
Impact
Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
Proof of Concept
most of contract used floating pragma
Tools Used
manual review
Recommended Mitigation Steps
use fixed solidity version