search

synapsecns / sanguine

Synapse Monorepo
MIT License
36 stars 28 forks source link

Reevaluate choice of 0.8.17 Solidity version in `contracts-core` #1471

Open ChiTimesChi opened 10 months ago

ChiTimesChi commented 10 months ago

Since the development of the messaging contracts started, quite a few Solidity version have been published. We have three options here:

  1. Do nothing, and leave 0.8.17 as is.
  2. Update to 0.8.19. This is the last version that is compatible with all the "EVM-compatible" chains out of the box (e.g. has the default target EVM as Paris).
    • This allows to use named params in mappings: mapping(address agent => uint256 index) private _agentIndexes;
    • This also allows to define custom operators of user-defined types, though very unlikely this is going to make anyone's life easier.
  3. Update to 0.8.21+. This will require configuring Foundry to explicitly use Paris EVM version (so that the contracts could be deployed on any chain).
ChiTimesChi commented 10 months ago

Another thing to consider: updating to 0.8.20+ unlocks usage of OZ 5.0 libraries, as could be seen in #1477

trajan0x commented 10 months ago

@ChiTimesChi so I was wondering about these recommendations from slither:

image

Felt like a version waiting almost a year was too much so looked at git and crytic/slither#1773 (which updated to 0.8.18) was merged after less than a month so seems like 0.8.18 is definitely out of date & overkill.

I think 0.8.20 would also be fine, diff seems small, just want to be extra cautious given vyper cve.

Also, I think the targeting is true from 0.8.20 on since that's when push0 was introduced

greptile-apps[bot] commented 2 months ago

To address the issue of reevaluating the Solidity version in contracts-core, follow these steps:

  1. Update Solidity Version in Contracts:

    • Modify the Solidity version pragma in all Solidity files. For example, in contracts/base/Version.sol, change: 
      pragma solidity 0.8.17;

      to:

      pragma solidity 0.8.19;

  2. Update Configuration Files:

    • In package.json, ensure the Solidity version used by tools is updated. If necessary, update dependencies that specify a Solidity version.
    • In .solhint.json, ensure the compiler-version rule is set to the new version if it is not turned off.

  3. Rebuild Contracts:

    • Run the build scripts to ensure everything compiles correctly with the new version: 
      yarn build:contracts

This will update the Solidity version to 0.8.19, allowing the use of new features while maintaining compatibility with all EVM-compatible chains.

References

/packages/contracts-core/contracts/base/Version.sol /packages/contracts-core /packages/contracts-core/package.json /packages/contracts-core/.solhint.json

Ask Greptile