Floating Pragma in non-interface files can be potential security risk

[burhankhaja]

Hats username: @ghost
Twitter username: @imaybeghost
Discord username: @burhan_khaja
wallet: 0x022df5782baf4ec29BB89529de3c89CdA7AF5B7d

Severity: low

Description
Majority of the soldiity files in the codebase are defined with concrete 0.8.23 version, but still there are these non-inteface files that have unspecific compiler versions in their pragma definitions

• LinkedIdList.sol
• AUT_TokenGated_Roles_v1.sol
• LibMetadata.sol {library}
• AncillaryData.sol {library}
• ClaimData.sol

While this often makes sense for libraries to allow them to be included with multiple different versions of an application, it may be a security risk for the actual application implementation itself. A known vulnerable compiler version may accidentally be selected or security tools might fall-back to and older compiler version ending up actually checking a different evm compilation that is ultimately deployed on the blockchain.

Recommendation
Avoid floating pragmas. Pin a concrete 0.8.23 compiler version to the said files.