Omniscia Sovryn Audit
Compilation
Compilation
The project utilizes truffle
as its development pipeline tool, containing an array of tests and scripts coded in JavaScript.
To compile the project, the compile
command needs to be issued via the truffle
CLI tool:
truffle compile
The truffle
tool automatically selects Solidity version 0.5.17
based on the version specified within the truffle-config.js
file.
The project contains discrepancies with regards to the Solidity version used as the pragma
statements are defined as open-ended (^0.5.0
).
We advise the team to strictly lock the contracts to version 0.5.17
, the same version utilized for our static analysis as well as optimizational review of the codebase.
During compilation with the truffle
pipeline, a single warning was identified that has been merged with the findings of the static analysis tools in the respective chapter.
Furthermore, we recommend the team to evaluate an upgrade of the compiler version as the currently utilized version is outdated and contains compiler bugs that have been identified and fixed in recent versions.