This is a LIMITED REVIEW: a time-bound effort to provide security insights on a codebase without reviewing it fully.
The subjects covered by our review are detailed in the Review Overview section. Two pull requests, PR 2974 and PR 3182, implement a large scale refactoring, while the other PRs implement local fixes. Due to time limitations, pull request 3182 was not covered and requires further attention.
We find that the new type system implementation benefits the code in terms of readability. Some aspects of type checking are improvable, as can be seen for example in Function type_from_annotation performs no validation, HashMap are declarable outside of the storage scope or InterfaceT type comparison is incorrect for return types. Further investigation is required to cover all the changes to the type system and is likely to uncover more issues.
Focusing our attention on the other pull requests in scope, we can assert that most of the pull requests reviewed correctly implement the targeted fixes. However, some pull requests only partially implement fixes, such as Note on PR 3167: fix: codegen for function calls as argument in builtin functions, or introduce changes in semantics that need further consideration, as pointed out in Note on Pull Request 3104: refactor: optimize calldatasize check . A single pull request incorrectly implements fixes, and breaks existing compiler features (Note on PR 3211: fix: restrict STATICCALL to view).
The development of the compiler is showing substantial progress. The high number of issues uncovered make further reviews necessary, and particular attention should be given to syntactic manipulations for the validation of semantics, which are error prone as shown in Function _check_iterator_modification has false positive and false negatives , AnnAssign allows tuples assignment, Assign forbids them and HashMap variable can be left-hand of assignment if wrapped in Tuple.