This is a LIMITED REVIEW: a time-bound effort to provide security insights on a codebase without reviewing it fully
The subjects covered by our review are detailed in the Review Overview section.
We found that the O(1) selector table is a good optimization and provides substantial gas savings, especially for large contracts. As pointed out by Incorrect dense selector when one bucket is empty, this new feature brings some edge cases that are hard to cover with tests, and even using fuzzing. We recommend that testing should be performed with special care for such part of the compiler.
As described in Arguments buffer size too large when calling ecmul and ecrecover can return undefined data in some edge case, issues were found in the fixes of the recent security advisory. These issues were shortly fixed and we can confidently assert that the security advisories that were initially in scope for this review have been resolved.
The large number of issues found in the builtins functions shows that special attention should be given to this part of the compiler and more testing should be done on that side.
Finally, although Vyper v0.3.10 fixes a substantial amount of issue and improve the compiler greatly, the large number of high-severity issues discovered during this assessment along with the limited scope of this review make further assessments necessary.
The review was executed by one engineer over two weeks. It’s important to note that, due to the extensive scope and codebase, our time-limited review does not capture the full depth of a comprehensive security analysis.