Pragma isn't specified correctly, which can lead to non-functional/damaged contracts when deployed on Arbitrum
Summary
The current pragma setting in multiple contracts in scope allows compilation with a series of 0.8.x compiler version(in some cases > 0.8.15 versions), which includes versions that are not compatible with Arbitrum. The problem with this is that Arbitrum is NOT compatible with 0.8.20 and newer. Contracts compiled with those versions will result in a nonfunctional or potentially damaged version that won't behave as expected. The default behavior of compiler would be to use the newest version which would mean by defualt it will be compiled with the 0.8.20 version which will produce broken code.
Vulnerability Detail
Arbitrum is not compatible with Solidity versions 0.8.20 and newer. However, the pragma in some contracts (Use the chainlink prefixed contracts as an example) is set to ^0.8.15, which allows the usage of any 0.8.x compiler version above 0.8.15. This can lead to compatibility issues when deploying the contract on Arbitrum.
Impact
The contracts compiled with incompatible versions of Solidity may not function as expected or could be damaged when deployed on Arbitrum. This can result in unexpected behavior, potential vulnerabilities, or even contract failures.
Code Snippet
Multiple instances in contracts in scope, take this instance in ChainlinkOracle.sol as an example
By setting the pragma to a specific range of compatible versions (0.8.0 to 0.8.19), the contract will be compiled with a version that is known to be compatible with Arbitrum. This helps to ensure that the deployed contract will function properly on the Arbitrum network.
Bauchibred
medium
Pragma isn't specified correctly, which can lead to non-functional/damaged contracts when deployed on Arbitrum
Summary
The current pragma setting in multiple contracts in scope allows compilation with a series of 0.8.x compiler version(in some cases > 0.8.15 versions), which includes versions that are not compatible with Arbitrum. The problem with this is that Arbitrum is NOT compatible with 0.8.20 and newer. Contracts compiled with those versions will result in a nonfunctional or potentially damaged version that won't behave as expected. The default behavior of compiler would be to use the newest version which would mean by defualt it will be compiled with the 0.8.20 version which will produce broken code.
Vulnerability Detail
Arbitrum is not compatible with Solidity versions 0.8.20 and newer. However, the pragma in some contracts (Use the chainlink prefixed contracts as an example) is set to ^0.8.15, which allows the usage of any 0.8.x compiler version above 0.8.15. This can lead to compatibility issues when deploying the contract on Arbitrum.
Impact
The contracts compiled with incompatible versions of Solidity may not function as expected or could be damaged when deployed on Arbitrum. This can result in unexpected behavior, potential vulnerabilities, or even contract failures.
Code Snippet
Multiple instances in contracts in scope, take this instance in ChainlinkOracle.sol as an example
The issue lies in the pragma statement specifying the Solidity version.
Tool used
Manual Review
Recommendation
It is recommended to constrain the pragma statement to ensure compatibility with Arbitrum. Update the pragma statement as follows:
By setting the pragma to a specific range of compatible versions (0.8.0 to 0.8.19), the contract will be compiled with a version that is known to be compatible with Arbitrum. This helps to ensure that the deployed contract will function properly on the Arbitrum network.