Please note, this content is no longer actively maintained.

The content of the SWC registry has not been thoroughly updated since 2020. It is known to be incomplete and may contain errors as well as crucial omissions.

For currently maintained guidance on known Smart Contract vulnerabilities written primarily as guidance for security reviewers, please see the EEA EthTrust Security Levels specification. As well as the latest release version, an Editor's draft is available, that represents the latest work of the group developing the specification.

General guidance for developers on what to consider to ensure security, that is currently maintained, is also available through the Smart Contract Security Verification Standard (SCSVS).

Title

Outdated Compiler Version

Relationships

• CWE-937: Using Components with Known Vulnerabilities
• EEA EthTrust Security Levels:
• Level [S] Improved Compilers
• Level [S] Compiler Security Bugs
• Level [M] Compiler Bugs and Overriding Requirements
• Recommended Practice Use the Latest Compiler

Description

Using an outdated compiler version can be problematic especially if there are publicly disclosed bugs and issues that affect the current compiler version.

Remediation

It is recommended to use a recent version of the Solidity compiler.

References

• Solidity Release Notes
• Etherscan Solidity Bug Info

Samples

version_0_4_13.sol

pragma solidity 0.4.13;

contract OutdatedCompilerVersion {
    uint public x = 1;
}

Comments

As of August 2023 the current version of the compiler is 0.8.21. There are several dozen compiler bugs that have been fixed between that and version 0.4.13, each of which can lead to data being corrupted, contracts not functioning as expected, or unexpected vulnerabilities in contracts. There have also been significant improvements in compiler capabilities to protect against errors.

See also the sections Level [S] Compiler Security Bugs, Level [S] Improved Compilers, and Level [M] Compiler Bugs and Overriding Requirements