matter-labs
Since this repo is intended to be a package, you need a floating point pragma
As of today, all the solidity typing using strict versioning, like so:
pragma solidity 0.8.20
While this is perfect for deploying contracts at a specific pragma, what needs to be understood is that a lot of the code in this repo is going to be used as a package as opposed to a stand-alone contract. For example, the zksync docs tell users to install the @matter-labs/zksync package (which, is this repo... sort of) in order to make account abstraction contracts that interact with the system contracts.
Because of this, we need this repo to have a floating pragma, like how openzeppelin or chainlink using floating pragma. Chainlink might be an even better example, because like zksync, they both deploy the contracts and use some as libraries for users.
Now, most auditors will sort of blindly say "oh, you have to use a strict pragma" but this is incorrect in this case because this is meant to be a dependency for smart contract builders building on zksync. If you said:
"Hey, all builders must use only version 0.8.20 of solidity" - then sure, you could do this, but I don't think that is the intention here, and that leads to a very poor developer experience anyways.
So, to summarize:
- Figure out which contracts are going to be used as libraries, and give them floating pragmas. You can even call them out in the comments of the file as to why they have floating pragmas
- When you send these to audit, tell them they must be floating pragmas because they are libraries, and the security researchers must consider that when working through them. This way, they can consider all the vulnerabilities associated with different versions of solidity.
Bumping this, need floating pragma for this to a compatible dependency with other libraries.
