HOPR is an open incentivized mixnet which enables privacy-preserving point-to-point data exchange. HOPR is similar to Tor but actually private, decentralized and economically sustainable.
Github username: --
Submission hash (on-chain): 0x63f3d8b1e124ef3ce4c7437e2d4926aa1c9dadaf3e016bfc75608cbd95cfd6d5
Severity: medium
Description:Description\
The default behaviour of compiler would be to use the newest version which would mean by default it will be compiled with the 0.8.21 version which will produce broken code.
Attack Scenario\
Contracts compiled with non specified versions will result in a non-functional or potentially damaged version that won't behave as expected.
The problem with compiling is that if the project is deployed in future to Arbitrum, the Arbitrum chain is NOT compatible with 0.8.20 and later.
Github username: -- Submission hash (on-chain): 0x63f3d8b1e124ef3ce4c7437e2d4926aa1c9dadaf3e016bfc75608cbd95cfd6d5 Severity: medium
Description: Description\
The default behaviour of compiler would be to use the newest version which would mean by default it will be compiled with the 0.8.21 version which will produce broken code.
Attack Scenario\
Contracts compiled with non specified versions will result in a non-functional or potentially damaged version that won't behave as expected.
The problem with compiling is that if the project is deployed in future to Arbitrum, the Arbitrum chain is NOT compatible with 0.8.20 and later.
Attachments https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/utils/EnumerableStringSet.sol#L3 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/utils/EnumerableTargetSet.sol#L5 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/utils/TargetUtils.sol#L5 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/node-stake/NodeSafeRegistry.sol#L2 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/node-stake/NodeStakeFactory.sol#L2 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/node-stake/permissioned-module/NodeManagementModule.sol#L2 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/interfaces/IAvatar.sol#L7 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/interfaces/INetworkRegistryRequirement.sol#L2 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/interfaces/INodeManagementModule.sol#L2
Pragma has been set to ^0.8.0 allowing the contracts to be compiled with a compiler usually with the latest one i.e., 0.8.21.
Corrupted or non-functional contracts when deployed on Arbitrum.
Lock or Constrain pragma as follows: pragma solidity 0.8.19 or pragma solidity >=0.8.0 <=0.8.19