Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

apegurus/outdated-compiler-version

Name: outdated-compiler-version
Author: apegurus

skills/vulnerability-patterns/outdated-compiler-version/SKILL.md

npx skillsauth add apegurus/solidity-argus outdated-compiler-version

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Outdated Compiler Version

Preconditions

Contract is compiled with a Solidity version significantly behind the latest stable release
The compiler version used has known bugs or is missing important security features

Vulnerable Pattern

// Old version missing built-in overflow checks
pragma solidity 0.7.6;

contract Token {
    mapping(address => uint256) public balances;

    function transfer(address to, uint256 amount) external {
        // No overflow protection — 0.7.x lacks built-in checks
        // Requires manual SafeMath usage
        balances[msg.sender] -= amount;
        balances[to] += amount;
    }
}

// Slightly newer but still has known bugs
pragma solidity 0.8.0;
// 0.8.0 had ABI encoding bugs fixed in later patches

Detection Heuristics

Check the pragma solidity version in all contract files
Compare against the latest stable Solidity release — flag if significantly outdated
Cross-reference the exact version against the Solidity known bugs list
Check if the contract misses key safety features from newer versions:
- <0.8.0: no built-in overflow/underflow checks
- <0.8.4: no custom errors (gas efficiency)
- <0.8.20: no PUSH0 opcode support
Flag if the version has known critical bugs (check https://solidity.readthedocs.io/en/latest/bugs.html)

False Positives

The version is intentionally chosen for compatibility with a specific deployment target or toolchain
The version is recent (within 1-2 minor versions of latest) and has no known critical bugs
The project has documented reasons for the specific version choice

Remediation

Upgrade to the latest stable Solidity version unless there's a specific compatibility constraint
Cross-reference the current version against the known bugs list before and after upgrading
When upgrading across major boundaries (e.g., 0.7 to 0.8), review all arithmetic for compatibility with built-in overflow checks

// Use latest stable version
pragma solidity 0.8.24;

contract Token {
    mapping(address => uint256) public balances;

    function transfer(address to, uint256 amount) external {
        balances[msg.sender] -= amount; // Built-in overflow check
        balances[to] += amount;
    }
}

apegurus/outdated-compiler-version

skills/vulnerability-patterns/outdated-compiler-version/SKILL.md

- Contract is compiled with a Solidity version significantly behind the latest stable release

development

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus outdated-compiler-version

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:29 AM106.7s1 file scanned

SKILL.md

name:: outdated-compiler-version
description:: Solidity pragma pins to an outdated major/minor compiler line
pattern_category:: logic-error
- regex:: pragma solidity 0\.[0-7]\.
severity:: Informational
confidence:: High
swc:: SWC-102

Outdated Compiler Version

Preconditions

Contract is compiled with a Solidity version significantly behind the latest stable release
The compiler version used has known bugs or is missing important security features

Vulnerable Pattern

// Old version missing built-in overflow checks
pragma solidity 0.7.6;

contract Token {
    mapping(address => uint256) public balances;

    function transfer(address to, uint256 amount) external {
        // No overflow protection — 0.7.x lacks built-in checks
        // Requires manual SafeMath usage
        balances[msg.sender] -= amount;
        balances[to] += amount;
    }
}

// Slightly newer but still has known bugs
pragma solidity 0.8.0;
// 0.8.0 had ABI encoding bugs fixed in later patches

Detection Heuristics

Check the pragma solidity version in all contract files
Compare against the latest stable Solidity release — flag if significantly outdated
Cross-reference the exact version against the Solidity known bugs list
Check if the contract misses key safety features from newer versions:
- <0.8.0: no built-in overflow/underflow checks
- <0.8.4: no custom errors (gas efficiency)
- <0.8.20: no PUSH0 opcode support
Flag if the version has known critical bugs (check https://solidity.readthedocs.io/en/latest/bugs.html)

False Positives

The version is intentionally chosen for compatibility with a specific deployment target or toolchain
The version is recent (within 1-2 minor versions of latest) and has no known critical bugs
The project has documented reasons for the specific version choice

Remediation

Upgrade to the latest stable Solidity version unless there's a specific compatibility constraint
Cross-reference the current version against the known bugs list before and after upgrading
When upgrading across major boundaries (e.g., 0.7 to 0.8), review all arithmetic for compatibility with built-in overflow checks

// Use latest stable version
pragma solidity 0.8.24;

contract Token {
    mapping(address => uint256) public balances;

    function transfer(address to, uint256 amount) external {
        balances[msg.sender] -= amount; // Built-in overflow check
        balances[to] += amount;
    }
}

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/vulnerability-patterns/outdated-compiler-version ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT