As different compiler versions have critical behavior specifics if the contract gets accidentally deployed using another compiler version compared to one they tested with, various types of undesired behavior can be introduced.
Proof of Concept
LIP-73 contracts use unlocked pragma: pragma solidity ^0.8.0, allowing wide enough range of versions.
yondonfu
commented
2 years ago
Handle
hyh
Vulnerability details
Impact
As different compiler versions have critical behavior specifics if the contract gets accidentally deployed using another compiler version compared to one they tested with, various types of undesired behavior can be introduced.
Proof of Concept
LIP-73 contracts use unlocked pragma:
pragma solidity ^0.8.0, allowing wide enough range of versions.Example:
https://github.com/livepeer/arbitrum-lpt-bridge/blob/main/contracts/L2/pool/DelegatorPool.sol#L2
Recommended Mitigation Steps
Consider locking compiler version, for example
pragma solidity 0.8.6.This can have additional benefits, for example using custom errors to save gas and so forth.