diff --git a/README.md b/README.md index d59472f3..8a535c85 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ Visit [Scout's website](https://coinfabrik.github.io/scout/) to view the full do | [avoid-format-string](https://coinfabrik.github.io/scout/docs/detectors/avoid-format-string) | [The `format!` macro is not recommended. A custom error is recommended instead.](https://coinfabrik.github.io/scout/docs/vulnerabilities/avoid-format-string) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/avoid-format-string/avoid-format-string-1) | Enhacement | | [unprotected-self-destruct](https://coinfabrik.github.io/scout/docs/detectors/unprotected-self-destruct) | [If users are allowed to call terminate_contract, they can intentionally or accidentally destroy the contract.](https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-self-destruct) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/unprotected-self-destruct/unprotected-self-destruct-1) | Critical | | [iterators-over-indexing](https://coinfabrik.github.io/scout/docs/detectors/iterators-over-indexing) | [Iterating with hardcoded indexes is slower than using an iterator. Also, if the index is out of bounds, it will panic.](https://coinfabrik.github.io/scout/docs/vulnerabilities/iterators-over-indexing) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/iterators-over-indexing/iterators-over-indexing-1) | Enhacement | -| [ink-version](https://coinfabrik.github.io/scout/docs/detectors/ink-version) | [Using a pinned version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available.](https://coinfabrik.github.io/scout/docs/vulnerabilities/ink-version) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/ink-version/ink-version-1) | Enhacement | +| [ink-version](https://coinfabrik.github.io/scout/docs/detectors/ink-version) | [Using an old version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available.](https://coinfabrik.github.io/scout/docs/vulnerabilities/ink-version) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/ink-version/ink-version-1) | Enhacement | | [unprotected-set-code-hash](https://coinfabrik.github.io/scout/docs/detectors/unprotected-set-code-hash) | [If users are allowed to call terminate_contract, they can intentionally modify the contract behaviour.](https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-set-code-hash) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/set-code-hash/set-code-hash-1) | Critical | | [unprotected-mapping-operation](https://coinfabrik.github.io/scout/docs/detectors/unprotected-mapping-operation) | [Modifying mappings with an arbitrary key given by the user could lead to unintented modifications of critical data, modifying data belonging to other users, causing denial of service, unathorized access, and other potential issues.](https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-mapping-operation) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/unprotected-mapping-operation/unprotected-mapping-operation-1) | Critical | | [lazy-delegate](https://coinfabrik.github.io/scout/docs/detectors/lazy-delegate) | [Delegated calls in ink! need lazy storage.](https://coinfabrik.github.io/scout/docs/vulnerabilities/lazy-delegate) | [1](https://github.com/CoinFabrik/scout/tree/main/test-cases/lazy-delegate/lazy-delegate-1) | Critical | diff --git a/docs/docs/vulnerabilities/20-ink-version.md b/docs/docs/vulnerabilities/20-ink-version.md index 60bbcb39..23b5bf90 100644 --- a/docs/docs/vulnerabilities/20-ink-version.md +++ b/docs/docs/vulnerabilities/20-ink-version.md @@ -7,7 +7,7 @@ - Detectors: [`ink-version`](https://github.com/CoinFabrik/scout/tree/main/detectors/ink-version) - Test Cases: [`ink-version-1`](https://github.com/CoinFabrik/scout/tree/main/test-cases/ink-version/ink-version-1) -Using a pinned version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available. +Using an old version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available. ## Exploit Scenario diff --git a/docs/docs/vulnerabilities/README.md b/docs/docs/vulnerabilities/README.md index 017f7dc0..850bf8ba 100644 --- a/docs/docs/vulnerabilities/README.md +++ b/docs/docs/vulnerabilities/README.md @@ -315,7 +315,7 @@ security implications, under the [Best practices](#vulnerability-categories) cat ### 20 - Ink version -Using a pinned version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available. +Using an old version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available. We classified this issue, a deviation from best practices which could have security implications, under the [Best practices](#vulnerability-categories) category and assigned it an Enhancement severity.