Solidity pragma should be specific, not wide

[hats-bug-reporter[bot]]

Github username: @0xmahdirostami Twitter username: 0xmahdirostami Submission hash (on-chain): 0x043ecfb1a268e58df701e8b70701f98617a303ba8adf0501e03b0b0510d645bb Severity: low

Description:

Description

Consider using a specific version of Solidity in your contracts instead of a wide version. For example, instead of pragma solidity ^0.8.0;, use use pragma solidity 0.8.0;

Found in src/circles/Circles.sol Line: 2 Found in src/hub/Hub.sol Line: 2 ...

impact

This leads to potential security flaws between deployed contracts depending on the compiler version chosen for any particular file. It also greatly increases the cost of maintenance as different compiler versions have different semantics and behavior.

[kakarottosama]

I admire you, mahdirostami as top auditor in Hats with all your submission which is a high quality one. but for this one, I think a Low is not suitable, it's more like a suggestion as it can be implemented or not, and it doesn't directly impact the code. Some popular project are deploying their code with this floating pragma and it's not even an issue.

[0xmahdirostami]

@kakarottosama thanks for your comment sir. I personally believe that if a project comes to audit, they want the most possible issues. If we filter issues, and example not report this, how could they find out they will be possible issues about pragma? I always try to report all issues or suggestions and let the sposnosr decide whether to go on them or not.

[benjaminbollen]

Thank you for your report on the Solidity pragma specification. After review, we've determined this is not an issue.

Our current pragma usage is intentional and fits the specific requirements of the Circles v2 project. We appreciate your attention to coding standards and thank you for your contribution to this security review.