rcstanciu
commented
1 year ago Comment from Optimism
Description: Solidity versions
Reason: No real vuln is described
Closed github-actions[bot] closed 1 year ago
rcstanciu
commented
1 year ago Comment from Optimism
Description: Solidity versions
Reason: No real vuln is described
ak1
medium
Different solidity versions observed in smart contract
Summary
Most of the contracts are using the pragma version of 0.8.15. But some of the contracts are using 0.8.0, and 0.6.0
Example :
CrossDomainOwnable.sol = 0.8.0 CrossDomainOwnable2.sol = 0.8.0 oracle.sol = 0.6.0
other contracts are using 0.8.15
There could be possibilities that any vulnerability can be found in any of the version which is used in future which could cause any of the contracts.
in worst case , if all the versions found with bugs, then the protocol would suffer from multiple direction.
The amount of work involved to fix them also increase.
Vulnerability Detail
Refer the summary section.
Impact
Refer the summary section.
Code Snippet
Some of the contract files are given with marked line numbers below.
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L2/L2ERC721Bridge.sol#L2
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L2/CrossDomainOwnable.sol#L2
https://github.com/sherlock-audit/2023-01-optimism/blob/main/op-geth/contracts/checkpointoracle/contract/oracle.sol#L1
Tool used
Manual Review
Recommendation
We would suggest to use latest version of solidity version or the version which is mostly adopted.