Skip to content

2026 02 17 audit#429

Open
thedavidmeister wants to merge 60 commits intomainfrom
2026-02-17-audit
Open

2026 02 17 audit#429
thedavidmeister wants to merge 60 commits intomainfrom
2026-02-17-audit

Conversation

@thedavidmeister
Copy link
Contributor

Motivation

Solution

Checks

By submitting this for review, I'm confirming I've done the following:

  • made this PR as small as possible
  • unit-tested any new functionality
  • linked any relevant issues or PRs
  • included screenshots (if this involves a front-end change)

thedavidmeister and others added 30 commits February 17, 2026 12:55
Uncomments 4 disabled test groups (testCallTraceOuterAndInner,
testCallTraceOuterAndTwoInner, testOpCallRunNoIO, testOpCallRunRecursive)
and updates them from old uint256/1e18 encoding to StackItem/Float.
Uses LibDecimalFloat.eq for stack comparisons and LibDecimalFloat.add
with FLOAT_ONE/FLOAT_TWO constants for trace expected values.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Findings only in agent task output are lost on context compaction.
Each run gets an ISO 8601 date namespace to preserve history.
The file is the record of truth.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…quirements

- Add precedence statement: CLAUDE.md takes priority over session summaries
- Define "test" step explicitly: write tests for new paths + run full suite
- Require new code from fixes to meet AUDIT.md requirements

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Prevents silent mstore8 truncation when column or row exceeds uint8.
All current callers pass hardcoded constants (0 or 1) but the guard
makes the contract defensive against future misuse.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tests valid context bytecode generation for all uint8 column/row values,
and verifies revert on column or row overflow.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…coded pass count

- Add Pass 0 for reviewing process documents before code audit
- Change directory naming to <YYYY-MM-DD>-<NN> for multi-run disambiguation
- Use <M> for pass number distinct from <NN> run number
- Replace hardcoded "four passes" with "passes defined below"

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ation rule

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Build (pointer regeneration) must complete before tests can compile,
so the cycle is understand -> fix -> build -> test -> verify.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
CRITICAL/HIGH/MEDIUM/LOW/INFO with definitions so agents
use a consistent scheme across passes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The 16-bit pointer invariant is owned by the parse library, so the
overflow check belongs there. RainterpreterParser modifier now
delegates to LibParseState.checkParseMemoryOverflow().

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Introduces PARSE_STATE_TOP_LEVEL0_OFFSET, PARSE_STATE_TOP_LEVEL0_DATA_OFFSET,
PARSE_STATE_PAREN_TRACKER0_OFFSET, and PARSE_STATE_LINE_TRACKER_OFFSET in
LibParseState.sol. Replaces all magic numbers (0x20, 0x21, 0x60, 0xa0) in
assembly blocks across LibParseState.sol and LibParse.sol with block-scoped
local variables loading from these constants. Adds offset validation tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ToSource

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add early `cursor >= end` check before reading the final character via
`mload(cursor)`, preventing a read past the logical end of parse data
when no closing `]` is found. Test proves a `]` in memory just past
`end` is correctly rejected.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Document why LibParseStackTracker.pop subtracts directly from the packed
word while push must extract-modify-repack (push needs to update max).
Change highwater ParseStackOverflow check from == to >= for defensive
robustness.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add stable agent ID ordering (A01, A02, ...) and triage section to
AUDIT.md so finding progress survives context compaction. Create
triage.md with disposition of all 51 pass 1 LOW+ findings.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add testRainterpreterReferenceExternExternDirect to cover the
BaseRainterpreterExtern.extern() happy path via direct call.
Regenerate deploy constants cascading from prior parser changes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fuzz test verifies that out-of-range opcodes wrap via mod to
a valid function pointer rather than reverting at runtime.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fuzz test calls externIntegrity() on RainterpreterReferenceExtern
and verifies the dispatch result matches the library-level function.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fuzz test verifies opcode == fsCount - 1 does not revert with
ExternOpcodeOutOfRange, confirming the bounds check boundary.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
thedavidmeister and others added 29 commits February 17, 2026 20:53
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… tests

Renames single-purpose index-out-of-bounds test files into per-function
test files. Adds happy-path and no-match tests for subParseLiteral2.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Removes audit directory from .gitignore and commits all audit
findings from passes 1 (security), 2 (test coverage), and
3 (documentation), along with triage tracking files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ults

fork_block_number and fork_url both used short = 'i', which would cause
a clap panic at runtime. Changed fork_block_number to short = 'b'.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… LibParse

These two file-level constants were defined but never referenced anywhere
in the codebase. FSM_ACTIVE_SOURCE_MASK (imported from LibParseState) is
the constant actually used. Test file changes are formatting only.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The NatSpec documented 5 bits with wrong positions and two phantom bits
(LHS/RHS, interstitial) that have no corresponding constants. Corrected
to match the 4 actual FSM constants: YANG(0), WORD_END(1),
ACCEPTING_INPUTS(2), ACTIVE_SOURCE(3).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
selectLiteralParserByIndex loaded function pointers via assembly and
typed them as pure, but parseSubParseable is view. Corrected the return
type to view and cascaded through all callers: parseLiteral,
tryParseLiteral, parseOperand, pushLiteral, parsePragma, parseRHS,
and parsePragma1.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
A26-1: Change From<ForkTypedReturn<eval4Call>> to TryFrom with
MissingTraces error instead of panicking unwrap().

A26-4: Fix search_trace_by_path loop to search by current_source_index
and advance parent correctly for 3+ level paths. Add 3-level test.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
A27-3: Update parser and dispair crates from edition 2021 to 2024 to
match workspace.

A27-13: Move parse_pragma_text from inherent method on ParserV2 to
default method on Parser2 trait.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 17, 2026

Important

Review skipped

Too many files!

This PR contains 206 files, which is 56 over the limit of 150.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch 2026-02-17-audit

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant