Open hats-bug-reporter[bot] opened 3 weeks ago
Thank you for submitting the issue. We've resolved it and pushed the changes, which can be found here: https://github.com/Velvet-Capital/velvet-core/commit/25ef3e7a2bdf56f57901dba2f84ebf5ed5df7835
@burhankhaja
Github username: @burhankhaja Twitter username: imaybeghost Submission hash (on-chain): 0xb676d6c212e9d4738e196da1102d0743a6d1310fcde01ddee8b6e721d8d8b995 Severity: low
Description: Description\ Majority of the soldiity files in the codebase are defined with concrete 0.8.17 version,except for :
While this often makes sense for libraries to allow them to be included with multiple different versions of an application, it may be a security risk for the actual application implementation itself. A known vulnerable compiler version may accidentally be selected or security tools might fall-back to and older compiler version ending up actually checking a different evm compilation that is ultimately deployed on the blockchain.
Recommendation\ In
ChecksAndValidations.sol
Pin concreate 0.8.17 versionAttack Scenario\ potential security risk
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)