Floating Pragma is set. #19
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
Comments
code423n4
added
0 (Non-critical)
This was referenced Dec 6, 2021
Closed
0xean
added
1 (Low Risk)
|
upgrading to low-risk for this and all the duplicates as this is a best practice for all deployments. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
cyberboy
Vulnerability details
Note: Please ignore my last submission. It was an error
Impact
Contracts should be deployed using the same compiler version/flags with which they have been tested. Locking the pragma (for e.g. by not using ^ in pragma solidity 0.5.10) ensures that contracts do not accidentally get deployed using an older compiler version with unfixed bugs
Proof of Concept
https://github.com/code-423n4/2021-11-streaming/blob/main/Streaming/src/Locke.sol
Is using
pragma solidity ^0.8.0;
Also, the imports are using floating pragmas
Tools Used
Recommended Mitigation Steps
The correct will be
pragma solidity 0.8.0;
And should be made across all the imports.
The text was updated successfully, but these errors were encountered: