Use of Floating pragma

[hats-bug-reporter[bot]]

Github username: @https://github.com/pokhrelanmol Twitter username: @Anmolpokhrel6 Submission hash (on-chain): 0xe116fd630d11388a3056de46140cfc687eb20249d5169403b9a396d8a109adb4 Severity: low

Description: Description

Not using the fix solidity version can cause issue in deployment.

Attack Scenario

Not using the fix solidity version can cause issue in deployment. Attack Scenario Contracts should be deployed with the same compiler version and flags used during development and testing. Locking the pragma helps to ensure that contracts do not accidentally get deployed using another pragma. For example, an outdated pragma version might introduce bugs that affect the contract system negatively or recently released pragma versions may have unknown security vulnerabilities.

In this case, the contracts do not compile with the ^0.8.0 version, instead it will compile with the latest solidity which may contains bugs.

1. Proof of Concept (PoC) File

   // SPDX-License-Identifier: BUSL-1.1
   pragma solidity ^0.8.0;

2. Revised Code File (Optional) consider using fix and more stable solidity version

   // SPDX-License-Identifier: BUSL-1.1
   pragma solidity 0.8.19;

[alex-sumner]

No attack scenario provided, just the correct observation that any version of the Solidity compiler may contain bugs and therefore testing should be done using the same version as is used to create the deployed contract. This is our practice.