I have been trying to read into how via-ir works by reading the solidity docs, but I am confused how it works exactly. I see that you can avoid stack too deep errors by enabling it. From what I understand, it is because the optimizer uses yul to manage the variables state in memory instead of the stack. If that is correct, does using it create any security vulnerabilities for memory mismanagement? Has this been tested out or are there ways to test it? Is it secure for deploying a smart contract to mainnet?
- It is enabled in several contracts deployed by various renowned vendors (uniswap, etc).
- It is not enabled by default in the current most recent compiler version (0.8.21).
Neither one of these two points answers your question directly, and in fact, each one of them implies towards a different conclusion. But you may still want to take them into consideration.
Note that there are some known technical issues (not specific to security though), related to enabling it along with the optimizer; see for example this issue on HardHat’s GitHub repository.
2 Likes
The two major issues holding us back from making it the default are really the performance (still not good enough) and some adjustments needed in the Yul->EVM transform (i.e. you can still run into “Stack Too Deep” in some corner cases).
Has this been tested out or are there ways to test it? Is it secure for deploying a smart contract to mainnet?
There are no unresolved security issues. It has been thoroughly tested and we consider it on par with the legacy pipeline in this regard.
3 Likes