Compilation

The project utilizes hardhat as its development pipeline tool, containing an array of tests and scripts coded in JavaScript.

To compile the project, the compile command needs to be issued via the npx CLI tool to hardhat:

Copy
npx hardhat compile

The hardhat tool automatically selects Solidity version 0.7.5 based on the version specified within the hardhat.config.js file.

The project contains discrepancies with regards to the Solidity version used, however, they are constrained in the external dependencies of the project and can be safely ignored.

The Stakewise team has locked the pragma statements to 0.7.5 which is also the version we utilized for our static analysis as well as optimizational review of the codebase.

During compilation with the hardhat pipeline, no errors were identified that relate to the syntax or bytecode size of the contracts.

Given that the compiler version utilized is one that has been seldomly used in production and the codebase makes extensive use of concepts that strain the capabilities of the compiler such as multiple dynamic array arguments, consecutive keccak256 instructions and more during the audit we also assessed the codebase's susceptibility to those compiler vulnerabilities.

The list of known bugs applicable to the compiler version utilized by the project surface only when abi.decode is utilized (SOL-2021-2), when immutable variables are used (SOL-2021-3), or when keccak256 operations are performed consecutively in an assembly block (SOL-2021-1). Neither of those traits was observable in the codebase and as such it does not suffer from any known vulnerabilities.

We should note that due to the said compiler version being seldomly used in production, we strongly advise the Stakewise team to closely monitor compiler vulnerability disclosures as they are released and to take the appropriate actions necessary to remediate them should they arise.