Closed code423n4 closed 2 years ago
Massively disagree with the finding, 0.6.12 is a well known solidity version, also widely used. There's nothing inherently wrong with using this compiler and changing wouldn't save gas, if anything, with the automatic overflow detection, it would be more work to optimize for gas
Agree with sponsor, it is hard to argue that an upgrade to Solidity version 0.8.4
will generate gas savings.
Handle
defsec
Vulnerability details
Impact
Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks are available for free.
The advantages of versions 0.8.* over <0.8.0 are:
Proof of Concept
(https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/a5c71b72222d84b6414ca0339ed1761dc79fe56e/contracts/SettToRenIbbtcZap.sol) (https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/6f700995129182fec81b772f97abab9977b46026/contracts/IbbtcVaultZap.sol) (https://github.com/Badger-Finance/ibbtc/blob/d8b95e8d145eb196ba20033267a9ba43a17be02c/contracts/Zap.sol)
Tools Used
None
Recommended Mitigation Steps
Consider to upgrade pragma to at least 0.8.4.