Vyper smart contract audit by ChainSecurity

LIMITED REVIEW – Vyper Compiler Built

ins and Bytecode Generation

Download Audit Report
Summary

Limited code reviews are best-effort checks and don’t provide assurance comparable to a non-limited code assessment. This review was not conducted as an exhaustive search for bugs, but rather as a best-effort sanity check for the pull requests of interests. The review was executed by one engineer over a period of two weeks. Given the large scope and codebase and the limited time, the findings aren’t exhaustive.

The subjects covered by our review are detailed in the Review Overview section.

The large number of issues related to the behavior of the compiler if the builtin functions are folded or not shows that special attention should be given to this part of the compiler. We find that the ongoing effort of merging the general Vyper semantics and folding semantics is the right approach to solve those issues altogether.

The general subjects covered are memory allocation and safety, order of evaluation and semantics of the builtin functions. No major issue was found in the aforementioned subjects.

About LIMITED REVIEW – Vyper Compiler Built

“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”

Source: https://docs.vyperlang.org/en/stable/