[CERT-9592] Vyper setup

[H00N24]

🚀 Pull Request Overview

This PR adds a Vyper setup into our pipeline.

📜 Tests Checklist

Before submitting this PR, ensure that all tests pass and meet the following conditions:

Category	Status	Compilation Comment	Results Review
fail_to_start	❌ Failed with compilation error	🟢 Yes	🔴 No
violated_rules	✅ Passed, with violations found	🔴 No	🟢 Yes
verified_rules	✅ Passed without violations	🔴 No	🟢 Yes
solana_violated_rules	✅ Passed, with violations found	🔴 No	🟢 Yes

Please verify that your changes meet the above conditions for each category of tests.
If something doesn't match, investigate before submitting the PR.

---

[github-actions]

Certora Run Started (Fail to Start)

• Group ID: 96131bda-ce39-4428-a83b-5d95d7645261

Config	Status	Link	Log File
conf-start-error.conf	Failed (1)	-	tests/evm/conf-start-error.conf-b08cd1f89285.log
conf-start-error.conf --method "counter()"	Failed (1)	-	tests/evm/conf-start-error.conf-e3e81b6fc478.log
conf-verified.conf	Compiled	-	tests/evm/conf-verified.conf-b4a59e9b97b2.log
conf-verified.conf --rule monotone --method "counter()"	Compiled	-	tests/evm/conf-verified.conf-724e9fc88381.log
conf-violations.conf --method "counter()"	Compiled	-	tests/evm/conf-violations.conf-69110eb7f26e.log
conf-violations.conf --rule invertible	Compiled	-	tests/evm/conf-violations.conf-8dc865c7c698.log

Certora Run Summary

• Started 0 jobs
• 2 jobs failed

Download Logs

[certora-run]

Verification Results

• Group ID: 55cd0251-856f-4113-807e-54c33981e3cf

Job	Result	VERIFIED	VIOLATED	Link
conf-violations.conf --rule invertible	✅	2	0	Link
conf-violations.conf	❌	2	1	Link
conf-verified.conf --method "counter()"	✅	3	0	Link
conf-verified.conf	✅	3	0	Link

[Copilot]

Pull Request Overview

This PR adds Vyper support to the action pipeline by introducing a new vyper-version input parameter that allows users to install specific versions of the Vyper compiler.

• Adds vyper-version input parameter for specifying Vyper installation version
• Implements Vyper installation logic using UV tool manager
• Updates documentation to reflect the new Vyper configuration option

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
action.yml	Adds vyper-version input and installation step with version handling logic
README.md	Documents the new vyper-version parameter in EVM-specific inputs section
.github/workflows/main.yml	Demonstrates usage by setting vyper-version to "latest" in test workflow

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The shell script is vulnerable to command injection through the vyper-version input. The input should be properly quoted and validated to prevent malicious commands from being executed.

Suggested change

	if [ '${{ inputs.vyper-version }}' == 'latest' ]; then
	VYPER_PACKAGE="vyper"
	else
	VYPER_PACKAGE="vyper==${{ inputs.vyper-version }}"
	# Validate vyper-version input: allow "latest" or version strings like "0.3.10", "0.3.10-beta"
	if [[ '${{ inputs.vyper-version }}' == "latest" ]]; then
	VYPER_PACKAGE="vyper"
	elif [[ '${{ inputs.vyper-version }}' =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+)?$ ]]; then
	VYPER_PACKAGE="vyper==${{ inputs.vyper-version }}"
	else
	echo "::error title=Invalid Vyper version::The vyper-version input ('${{ inputs.vyper-version }}') is invalid. Only 'latest' or version strings like '0.3.10' are allowed."
	exit 1

[yoav-el-certora]

It got some point here

[H00N24]

It's irrelevant, as this is a direct user input. If someone wants to destroy their own CI, there is very little we can do about it.

[H00N24]

Also, everything is passed as an escaped string, thus it does not really matter what is there, as uv would just try to install a package with that name and fail.

[Copilot]

The installation step lacks error handling. If the Vyper installation fails, users won't get clear feedback about what went wrong. Consider adding error checking and meaningful error messages.

Suggested change

	uv tool install "$VYPER_PACKAGE"
	if ! uv tool install "$VYPER_PACKAGE"; then
	echo "::error title=Vyper Installation Failed::Failed to install Vyper package '$VYPER_PACKAGE'. Please check the version and network connectivity, and try again."
	exit 1
	fi

[certora-run]

Verification Results

• Group ID: cfe4ee5b-f19e-4b8d-9f95-d3c0ced0973c

Job	Result	VERIFIED	Link
conf-verified.conf --rule monotone --method "counter()"	✅	2	Link
conf-verified.conf --rule invertible	✅	2	Link
conf-verified.conf --method "counter()"	✅	3	Link
conf-verified.conf	✅	3	Link

[certora-run]

Verification Results

• Group ID: ee98d771-bfbb-4863-9787-ef11e0d03ef9

Job	Result	SANITY_FAILED	VIOLATED	Link
Default.conf	❌	2	1	Link

[yoav-el-certora]

Approving although adding a parser to the Vyper version might be beneficial

[yoav-el-certora]

Suggested change

	The version of Vyper to install. Can be latest, or a specific version like 0.3.3.
	The version of Vyper to install. Can be `latest`, or a specific version like 0.3.3.

[yoav-el-certora]

It got some point here

[github-actions]

Certora Run Started (Fail to Start)

• Group ID: 9e81c0c0-2a34-4d23-8c31-73d82166bfe1

Config	Status	Link	Log File
conf-start-error.conf	Failed (1)	-	tests/evm/conf-start-error.conf-9f436cb7492e.log
conf-start-error.conf --method "counter()"	Failed (1)	-	tests/evm/conf-start-error.conf-4678c2064187.log
conf-verified.conf	Compiled	-	tests/evm/conf-verified.conf-32372eea497b.log
conf-verified.conf --rule monotone --method "counter()"	Compiled	-	tests/evm/conf-verified.conf-20a0380e8d98.log
conf-violations.conf --method "counter()"	Compiled	-	tests/evm/conf-violations.conf-0ae0777f0d20.log
conf-violations.conf --rule invertible	Compiled	-	tests/evm/conf-violations.conf-2ae325cee721.log

Certora Run Summary

• Started 0 jobs
• 2 jobs failed

Download Logs