SCWE-061: Outdated Compiler Version
Stable Version v1.0
This content is in the version-(v1.0) and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).
Relationships¶
- CWE-1103: Use of Outdated or Insecure Software
https://cwe.mitre.org/data/definitions/1103.html
Description¶
Using an outdated compiler version can expose a smart contract to vulnerabilities that have already been patched in newer versions. Compiler versions often include security fixes, optimizations, and new features that are crucial for the safety and performance of contracts.
Remediation¶
To mitigate this vulnerability, always use the most up-to-date stable version of the Solidity compiler. Ensure that your development environment is regularly updated to incorporate the latest security patches, optimizations, and features provided by newer versions of the compiler.
Vulnerable Contract Example¶
pragma solidity 0.4.24; // Outdated compiler version
contract Vulnerable {
uint public value;
function setValue(uint _value) public {
value = _value;
}
}