Summary
Limited code reviews are best-effort checks and don’t provide assurance comparable to a non-limited code assessment. This review was not conducted as an exhaustive search for bugs, but rather as a best-effort sanity check for the pull requests of interests. The review was executed by one engineer over a period of two weeks. Given the large scope and codebase and the limited time, the findings aren’t exhaustive.
The largest pull requests that were reviewed revamp the import system and introduce stateless and stateful modules to the Vyper language. The semantic analysis phase has been updated to support these new features and to be globally more robust. Constant folding has been modified so that it no longer breaks Vyper semantics. Additionally, more fined-grained variable read/write analyses have been introduced.
We find that the reviewed pull requests benefit both the language by adding new important features and the codebase in terms of consistency, readability and robustness. While the enforcement of type annotation for loop iterators improve greatly the type-checking phase, multiple issues related to loops were found as highlighted in Loop iterator overflow signed type, Double evaluation of range’s start and Mistyped loop iterable.
Other important issues have that have been identified related to the layout override feature as shown in Overriding storage allocator does not handle stateful modules and Overriding storage allocator does not handle reentrant functions properly.
While no critical issues were found in the implementation of modules, we strongly recommend intensive testing of the new system before releasing it.
At the time of the review, the documentation of the modules system seems to be lacking and we recommend improving it.
About limited review - Vyper compiler modules
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”