Description\
Majority of the soldiity files in the codebase are defined with concrete 0.8.23 version, but still there are these non-inteface files that have unspecific compiler versions in their pragma definitions
LinkedIdList.sol
AUT_TokenGated_Roles_v1.sol
LibMetadata.sol {library}
AncillaryData.sol {library}
ClaimData.sol
While this often makes sense for libraries to allow them to be included with multiple different versions of an application, it may be a security risk for the actual application implementation itself. A known vulnerable compiler version may accidentally be selected or security tools might fall-back to and older compiler version ending up actually checking a different evm compilation that is ultimately deployed on the blockchain.
Recommendation\
Avoid floating pragmas. Pin a concrete 0.8.23 compiler version to the said files.
Hats username: @ghost Twitter username: @imaybeghost Discord username: @burhan_khaja wallet: 0x022df5782baf4ec29BB89529de3c89CdA7AF5B7d
Severity: low
Description\ Majority of the soldiity files in the codebase are defined with concrete
0.8.23version, but still there are these non-inteface files that have unspecific compiler versions in their pragma definitionsWhile this often makes sense for libraries to allow them to be included with multiple different versions of an application, it may be a security risk for the actual application implementation itself. A known vulnerable compiler version may accidentally be selected or security tools might fall-back to and older compiler version ending up actually checking a different evm compilation that is ultimately deployed on the blockchain.
Recommendation\ Avoid floating pragmas. Pin a concrete
0.8.23compiler version to the said files.