chore(contracts): fix solidity linting issues across all packages #1238
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add NatSpec documentation (@title, @author, @notice, @param) - Add solhint-disable directives with TODO comments for future fixes - Minor code formatting changes to address lint rules All packages now pass pnpm lint with no reported issues. Verified with scripts/compare-repo-contract-bytecode-excluding-metadata.mjs: only mock contracts have functional bytecode changes.
Security fixes: - Replace shell command string interpolation with safer argument construction in verify-solhint-disables.mjs - Replace `find` shell command with Node.js fs API (walkDir) to eliminate command injection risk Code quality improvements: - Make metadata stripping regex more precise in bytecode comparison - Replace double negation with clearer null check in build script
The previous attempt to make the metadata regex more precise used an
incorrect pattern that expected 64 hex characters for the IPFS hash,
but the actual CBOR format contains 68 hex characters (34 bytes).
Solidity metadata structure (CBOR-encoded):
- a264697066735822 = {"ipfs": bytes(
- [68 hex chars] = 34-byte IPFS multihash (0x1220 prefix + 32-byte hash)
- 64736f6c63 = "solc"
- [variable] = version bytes
The incorrect regex failed to match, causing metadata to remain in the
bytecode and producing false positive differences (106 contracts
reported as changed when only 2 mock contracts actually changed).
Verified with full comparison: 150 contracts functionally identical,
only 2 test mocks have legitimate changes (added 'indexed' to events).
There was a problem hiding this comment.
Pull Request Overview
This PR addresses all Solidity linting issues across the monorepo to enable clean pnpm lint execution. The changes include adding over 3,000 NatSpec comments and approximately 220 solhint suppressions for unavoidable violations.
Key Changes:
- Added comprehensive NatSpec documentation (
@title,@author,@notice,@param,@return,@dev) to contracts across all packages - Added strategic solhint suppressions with TODO comments for rules that cannot be immediately fixed
- Updated bytecode comparison script to improve metadata hash stripping accuracy
Reviewed Changes
Copilot reviewed 264 out of 264 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| scripts/verify-solhint-disables.mjs | Improved argument handling and cross-platform compatibility |
| scripts/compare-repo-contract-bytecode-excluding-metadata.mjs | Enhanced metadata hash pattern matching |
| Multiple contract files | Added comprehensive NatSpec documentation and solhint suppressions |
Comments suppressed due to low confidence (1)
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
chore(contracts): fix solidity linting issues across all packages
🚨 Report Summary
For more details view the full report in OpenZeppelin Code Inspector |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## build-lint-upgrade-2 #1238 +/- ##
=====================================================
Coverage 84.05% 84.06%
=====================================================
Files 42 42
Lines 2070 2071 +1
Branches 615 615
=====================================================
+ Hits 1740 1741 +1
Misses 330 330
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Replaced by: #1239 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR resolves all Solidity linting issues across the monorepo, enabling clean
pnpm lintexecution.Summary
@title,@author,@notice,@param,@return,@dev)Solhint Suppressions Added
Most common suppressed rules (all include TODO comments for future fixes):
gas-indexed-events(36) - Event parameters withoutindexeduse-natspec(36) - Legacy code without documentationnamed-parameters-mapping(25) - Requires Solidity ≥0.8.18immutable-vars-naming(19) - Non-UPPER_CASE immutablesgas-strict-inequalities(15) - Using<=vs<gas-custom-errors(7) - Usingrequire(0.7.6 limitation)no-inline-assembly(5) - Critical assembly blocksconst-name-snakecase(3) - Non-UPPER_CASE constantsVerification
✅ Bytecode comparison (compare script): Only mock/test contracts have functional changes (added
indexedto events). All production contracts are functionally identical.✅ All packages pass
pnpm lintwith zero errors/warnings