Omniscia Vector Finance Audit
Compilation
Compilation
The project utilizes brownie
as its development pipeline tool, containing an array of tests and scripts coded in Python.
To compile the project, the compile
command needs to be issued via the brownie
CLI tool:
brownie compile
The brownie
tool automatically selects Solidity version 0.8.7
based on the pragma
statements contained within the contracts.
The project contains discrepancies with regards to the Solidity version used as the pragma
statements are open-ended (^0.8.0
).
We advise the Vector Finance team to lock their pragma
version to 0.8.7
, the same version utilized for our static analysis as well as optimizational review of the codebase.
The utilization of the brownie
tool caused issues in our efforts to statically analyze the project. As evidenced by brownie#772 and brownie#941, the build artifacts of the tool are generally incompatible with static analysis tools.
To be able to run our suite of static analysis tools, we ported the codebase to a barebones truffle
installation to produce the proper compilation artifacts.
During compilation with the truffle
pipeline, no errors were identified that relate to the syntax or bytecode size of the contracts.