Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Solidity Misconfiguration: Floating Pragma
Abstract
The contract uses a floating
pragma and the Solidity compiler is not locked to a specific version.Explanation
Developers can specify a range of compatible Solidity compiler versions to use when creating a smart contract. This is not recommended because the contract is usually developed and tested in only one of the possible versions. This leaves open the possibility of compiling it using an outdated version of the compiler that has known security vulnerabilities.
Example 1: The following line of code sets the
Example 1: The following line of code sets the
pragma so that the smart contract will not compile in versions earlier than 0.4.5 and it will also not work on compilers of version 0.5.0 and later.
pragma solidity ^0.4.5;
References
[1] Enterprise Ethereum Alliance Source code, pragma, and compilers
[2] Standards Mapping - Common Weakness Enumeration CWE ID 664
[3] Standards Mapping - Smart Contract Weakness Classification SWC-103
desc.structural.solidity.swc103