Outdated Compiler
Detects contracts compiled with outdated Solidity versions that contain known bugs or miss important safety features.
Outdated Compiler
Overview
The outdated compiler detector identifies contracts compiled with Solidity versions that have known bugs, missing safety features, or are no longer maintained. Key milestones: 0.8.0 added overflow checks, 0.6.0 added explicit virtual/override, 0.5.0 added calldata length validation.
Detection Methodology
Infers compiler version from bytecode metadata hash (CBOR-encoded at the end of bytecode) and checks against known vulnerability databases for that version.
Examples
Sample Sigvex Output
{
"detector_id": "outdated-compiler",
"severity": "low",
"confidence": 0.95,
"description": "Contract compiled with Solidity 0.6.12. This version lacks default arithmetic overflow/underflow protection (added in 0.8.0) and has 3 known compiler bugs.",
"location": { "function": "contract-level", "offset": 0 }
}Related Detectors
- Integer Overflow — overflow detection
- Floating Pragma — floating pragma versions
- Deprecated Functions — deprecated features