Suggesting to upgrade the UniswapImports contract from Solidity version 0.6.6 to 0.8.7.

[c4-submissions]

Lines of code

https://github.com/code-423n4/2023-11-zetachain/blob/main/repos/protocol-contracts/contracts/zevm/UniswapPeriphery.sol#L2

Vulnerability details

Impact

Suggesting upgrading the UniswapImports contract from Solidity version 0.6.6 to 0.8.7. Newer versions of Solidity include optimizations and security enhancements.

Proof of Concept

// SPDX-License-Identifier: MIT pragma solidity 0.8.7;

import "@uniswap/v2-periphery/contracts/UniswapV2Router02.sol";

contract UniswapImports {}

Tools Used

VS Code

Recommended Mitigation Steps

Key Points to Consider:

Compiler Version:

The pragma solidity 0.8.7; statement updates the compiler version to 0.8.7, which includes several improvements and breaking changes compared to 0.6.6. Breaking Changes:

Solidity 0.8.x introduces built-in overflow/underflow checks, meaning any arithmetic operation will revert on overflow/underflow without the need for SafeMath. The address type member .balance is now payable. If your contract or imported contracts use .balance on a non-payable address, it might need changes.

Maintaining Functionality: The core functionality and the contract's structure were not altered. The import statement for UniswapV2Router02 remains the same, assuming that the Uniswap contract is compatible with Solidity 0.8.7. It's crucial to check that all imported contracts and libraries are compatible with the new compiler version.

In summary, the change was made to ensure that the UniswapImports contract remains compatible, secure, and efficient, leveraging the benefits of the newer Solidity version. This is a standard practice in smart contract development to keep contracts up-to-date with the latest compiler versions.

Assessed type

Other

[c4-pre-sort]

DadeKuma marked the issue as insufficient quality report

[c4-judge]

0xean marked the issue as unsatisfactory: Overinflated severity