Swivel v3 contest - ak1's results

Different solidity compiler is used for some of the contracts. Creator: Compounding.sol , Creator.sol, Interfaces.sol , LibFuse.sol , Protocols.sol,VaultTracker.sol - pragma solidity 0.8.13; Erc20.sol , IRedeemer.sol- pragma solidity ^0.8.0; FixedPointMathLib.sol - pragma solidity >=0.8.0; LibCompound.sol - pragma solidity >=0.8.4; ZcToken.sol - pragma solidity ^0.8.4; IERC5095.sol - pragma solidity ^0.8.0;

Similarly, Markeplace, Vaulttracker are also have the same way of compiling.

Contracts should be deployed with the same compiler version and flags that they have been tested the most with. Locking the pragma helps ensure that contracts do not accidentally get deployed using, for example, the latest compiler which may have higher risks of undiscovered bugs. Contracts may also be deployed by others and the pragma indicates the compiler version intended by the original authors.

The study says that locking the compiler version would be safe. Please refer the following recommendation. https://consensys.net/blog/developers/solidity-best-practices-for-smart-contract-security/ https://swcregistry.io/docs/SWC-103 https://consensys.github.io/smart-contract-best-practices/development-recommendations/solidity-specific/locking-pragmas/ https://github.com/ConsenSys/smart-contract-best-practices/issues/125

Though it is high cause of concern to me, instead of marking this as high/medium, I am placing this in QA for judges to decide on this.