alex-sumner
commented
9 months ago No attack scenario provided, just the correct observation that any version of the Solidity compiler may contain bugs and therefore testing should be done using the same version as is used to create the deployed contract. This is our practice.
Github username: @https://github.com/pokhrelanmol Twitter username: @Anmolpokhrel6 Submission hash (on-chain): 0x20f11875ce52f42f6e8639675bf5a8a95c1f5c3a0f7dc9d43b1d1d1c1e7d7d3b Severity: low
Description: Description\ Not using the fix solidity version can cause issue in deployment. Attack Scenario\ Contracts should be deployed with the same compiler version and flags used during development and testing. Locking the pragma helps to ensure that contracts do not accidentally get deployed using another pragma. For example, an outdated pragma version might introduce bugs that affect the contract system negatively or recently released pragma versions may have unknown security vulnerabilities.
In this case, the contracts do not compile with the ^0.7.0 version, instead it will compile with the latest solidity which may contains bugs.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
use the fixed pragma solidity version