Description

The pragma directive used within source code, "^0.5.11", allows older versions of the Solidity compiler to be used.

Because truffle-config.js defines a specific version of the Solidity compiler, which is used for typical compilation, this issue is considered informational.

Exploit Scenario

A change to a build script or bug present in a build tool causes an older version of the Solidity compiler to be used, which may succeed under certain circumstances due to the pragma directive that appears within source code.

Recommendation

Update all pragma directives to use an exact version number.

In addition, consider using solc 0.5.3 for deployment, and the latest version for development, as described in #106.

All pragmas are updated to use 0.5.12. 0.5.3 will be used for any deployments