Omniscia Vector Finance Audit

Compilation

Compilation

The project utilizes brownie as its development pipeline tool, containing an array of tests and scripts coded in Python.

To compile the project, the compile command needs to be issued via the brownie CLI tool:

brownie compile

The brownie tool automatically selects Solidity version 0.8.7 based on the pragma statements contained within the contracts.

The project contains discrepancies with regards to the Solidity version used as the pragma statements are open-ended (^0.8.0).

We advise the Vector Finance team to lock their pragma version to 0.8.7, the same version utilized for our static analysis as well as optimizational review of the codebase.

The utilization of the brownie tool caused issues in our efforts to statically analyze the project. As evidenced by brownie#772 and brownie#941, the build artifacts of the tool are generally incompatible with static analysis tools.

To be able to run our suite of static analysis tools, we ported the codebase to a barebones truffle installation to produce the proper compilation artifacts.

During compilation with the truffle pipeline, no errors were identified that relate to the syntax or bytecode size of the contracts.