Use of floating pragma statement #1
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
resolved
Finding has been patched by sponsor (sponsor pls link to PR containing fix)
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sponsor vault
Vault
Handle
jayjonah8
Vulnerability details
Impact
In Vault.sol as well as other files, floating pragmas are used. Contracts should be deployed with the same compiler version and flags that they have been tested with thoroughly. Locking the pragma helps to ensure that contracts do not accidentally get deployed using, for example, an outdated compiler version that might introduce bugs that affect the contract system negatively.
Proof of Concept
https://swcregistry.io/docs/SWC-103
https://github.com/code-423n4/2022-01-sandclock/blob/main/sandclock/contracts/Vault.sol#L2
Tools Used
Manual code review
Recommended Mitigation Steps
change pragma statements from: "pragma solidity ^0.8.10;" to "pragma solidity 0.8.10;"
The text was updated successfully, but these errors were encountered: