Pragma non-specification can lead to non-functional / corrupted contract when deployed on Arbitrum - Githubissues

hats-finance / SafeStaking-by-HOPR-0x607386df18b663cf5ee9b879fbc1f32466ad5a85

HOPR is an open incentivized mixnet which enables privacy-preserving point-to-point data exchange. HOPR is similar to Tor but actually private, decentralized and economically sustainable.

https://hoprnet.org

GNU General Public License v3.0

0 stars 1 forks source link

Pragma non-specification can lead to non-functional / corrupted contract when deployed on Arbitrum #52

Open hats-bug-reporter[bot] opened 11 months ago

hats-bug-reporter[bot] commented 11 months ago

Github username: -- Submission hash (on-chain): 0x63f3d8b1e124ef3ce4c7437e2d4926aa1c9dadaf3e016bfc75608cbd95cfd6d5 Severity: medium

Description: Description\

The default behaviour of compiler would be to use the newest version which would mean by default it will be compiled with the 0.8.21 version which will produce broken code.

Attack Scenario\

Contracts compiled with non specified versions will result in a non-functional or potentially damaged version that won't behave as expected.

The problem with compiling is that if the project is deployed in future to Arbitrum, the Arbitrum chain is NOT compatible with 0.8.20 and later.

Attachments https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/utils/EnumerableStringSet.sol#L3 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/utils/EnumerableTargetSet.sol#L5 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/utils/TargetUtils.sol#L5 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/node-stake/NodeSafeRegistry.sol#L2 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/node-stake/NodeStakeFactory.sol#L2 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/node-stake/permissioned-module/NodeManagementModule.sol#L2 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/interfaces/IAvatar.sol#L7 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/interfaces/INetworkRegistryRequirement.sol#L2 https://github.com/hoprnet/hoprnet/blob/master/packages/ethereum/contracts/src/interfaces/INodeManagementModule.sol#L2

Proof of Concept (PoC) File

Pragma has been set to ^0.8.0 allowing the contracts to be compiled with a compiler usually with the latest one i.e., 0.8.21.

Corrupted or non-functional contracts when deployed on Arbitrum.

Recommendation

Lock or Constrain pragma as follows: pragma solidity 0.8.19 or pragma solidity >=0.8.0 <=0.8.19

QYuQianchen commented 11 months ago

It's irrelevant as contracts are targeting Gnosis chain