F-2025-0014·code-quality
Use of floating pragma allows potential compiler version changes and reduces build determinism
TL;DR
Contracts use floating pragma ^0.8.27 which permits any compatible compiler. Locking the pragma improves build determinism and prevents accidental compiler upgrades.
Severity
INFO
Impact
LOW
Likelihood
LOW
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description
Description
The contracts in the MatChain Genesis License protocol use floating pragma statements:
solidity
pragma solidity ^0.8.27;
This floating pragma (indicated by the ^ character) allows the contract to be compiled with any Solidity version from 0.8.27 up to (but not including) 0.9.0. This flexibility introduces risks:
- Different compiler versions may introduce subtle behavior changes.
- Security fixes in newer compiler versions might not be applied consistently.
- Build determinism is reduced across different environments and times.
03Section · Recommendation
Recommendation
Lock the pragma to a specific compiler version in all contracts:
solidity
pragma solidity 0.8.27;
This ensures that all contract deployments use exactly the same compiler version, increasing build determinism and preventing accidental upgrades to potentially incompatible compiler versions.
Status
Fixed
