Introduce CI Pipeline for Gas Optimization, Storage Safety, and Contract Integrity Validation

[aniket866]

Addressed Issues:

Closes #65

CI Workflow Suggestions (Gas & Beyond)

Workflow	Command / Action	What It Catches
Gas snapshot diff	forge snapshot + forge snapshot --diff .gas-snapshot	Fails PR if gas increases beyond threshold
Gas report on test run	forge test --gas-report	Prints per-function gas costs in CI output
Contract size check	forge build --sizes + fail if near 24KB limit	Prevents deployment failures from size limit
Coverage report	forge coverage --report lcov + upload to Coveralls/Codecov	Tracks test coverage over time
Mythril security scan	docker run mythril/myth analyze	Detects reentrancy, integer overflow, etc.
4naly3er report	4naly3er src/	Gas optimization suggestions specific to Solidity
Storage layout diff	forge inspect ContractName storage-layout + diff against saved baseline	Catches accidental storage slot changes across PRs
ABI diff check	forge inspect ContractName abi + diff against saved baseline	Catches accidental breaking interface changes

AI Usage Disclosure:

We encourage contributors to use AI tools responsibly when creating Pull Requests. While AI can be a valuable aid, it is essential to ensure that your contributions meet the task requirements, build successfully, include relevant tests, and pass all linters. Submissions that do not meet these standards may be closed without warning to maintain the quality and integrity of the project. Please take the time to understand the changes you are proposing and their impact. AI slop is strongly discouraged and may lead to banning and blocking. Do not spam our repos with AI slop.

Check one of the checkboxes below:

• This PR does not contain AI-generated code at all.
• This PR contains AI-generated code. I have read the AI Usage Policy and this PR complies with this policy. I have tested the code locally and I am responsible for it.

I have used the following AI models and tools: TODO

Checklist

• My PR addresses a single issue, fixes a single bug or makes a single improvement.
• My code follows the project's code style and conventions
• If applicable, I have made corresponding changes or additions to the documentation
• If applicable, I have made corresponding changes or additions to tests
• My changes generate no new warnings or errors
• I have joined the Discord server and I will share a link to this PR with the project maintainers there
• I have read the Contribution Guidelines
• Once I submit my PR, CodeRabbit AI will automatically review it and I will address CodeRabbit's comments.
• I have filled this PR template completely and carefully, and I understand that my PR may be closed without review otherwise.

Summary by CodeRabbit

• Chores
  • Added multiple CI workflows for static analysis, security scanning, ABI and storage-layout comparisons, contract size checks, coverage reporting, gas reporting, and gas-snapshot diffing.
  • CI now generates and uploads human-readable analysis and gas reports as build artifacts.
  • Added a gas usage baseline snapshot to support gas regression detection.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds eight GitHub Actions workflows and a .gas-snapshot baseline to run CI checks (4naly3er analysis, gas reports/snapshots, ABI diffs, contract size checks, coverage upload, Mythril scans, storage-layout diffs) on push and PR events targeting main/master.

Changes

Cohort / File(s)	Summary
Gas & Analysis Workflows \.github/workflows/4naly3er.yml, \.github/workflows/gas-report.yml, \.github/workflows/gas-snapshot.yml, \.gas-snapshot	Adds 4naly3er analysis job, per-test gas reporting, gas snapshot diff workflow, plus the .gas-snapshot baseline used for gas regression checks.
ABI & Storage Validation \.github/workflows/abi-diff.yml, \.github/workflows/storage-layout-diff.yml	Adds workflows that generate current ABIs and storage layouts via forge inspect and diff them against committed baselines; fail on missing baselines or diffs.
Contract Size Check \.github/workflows/contract-size.yml	Adds contract size check that runs forge build --sizes, parses sizes, and fails if any contract meets/exceeds the configured threshold.
Coverage & Security \.github/workflows/coverage.yml, \.github/workflows/mythril.yml	Adds coverage generation/upload (forge coverage → lcov.info → Codecov) and a Mythril security scan workflow that runs mythril analysis against built artifacts.

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer
  participant GH as GitHub Actions Runner
  participant Repo as Repository
  participant Foundry as Foundry (forge)
  participant Docker as Docker (mythril)
  participant External as External Tools (4naly3er / Codecov / Artifacts)

  Dev->>GH: push / open PR on main/master
  GH->>Repo: checkout (recursive submodules)
  GH->>Foundry: install & run build/test/inspect/coverage/snapshot commands
  Foundry-->>GH: outputs (ABIs, storage layouts, sizes, lcov, gas data)
  GH->>Docker: run mythril analyze on extracted bytecode
  GH->>External: run 4naly3er, upload Codecov and artifact (4naly3er-report)
  GH-->>Dev: annotate failures (diffs, regressions, missing baselines)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• [FEATURE]:Establish contract integrity CI: gas baselines, ABI stability, and security scans Chainvoice#145 — Adds CI workflows (gas snapshot/report, ABI/storage diffs, contract size, coverage, Mythril, 4naly3er) that align with the issue's CI automation objectives.
• CI/CD: Introduce Advanced CI Automation for Gas Benchmarking, Contract Size Limits, and Critical Storage/ABI Change Detection Maelstrom-Solidity#51 — Implements multiple CI checks (gas snapshot/diff, contract size, storage/ABI diffs, coverage, Mythril, 4naly3er) proposed in the issue.

Suggested labels

Bash Lang

Poem

🐰 I hopped into CI with glee,
Baselines checked for you and me,
Gas, size, and storage in sight,
Mythril scans through day and night,
Reports and artifacts take flight ✨

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: introducing CI workflows for gas optimization, storage safety, and contract integrity validation, which directly aligns with the changeset's addition of 8 GitHub Actions workflows and a gas snapshot baseline file.
Linked Issues check	✅ Passed	All primary coding objectives from issue #65 are implemented: gas snapshot diff [gas-snapshot.yml], gas report [gas-report.yml], contract size check [contract-size.yml], coverage report [coverage.yml], Mythril security scan [mythril.yml], 4naly3er report [4naly3er.yml], storage layout diff [storage-layout-diff.yml], and ABI diff check [abi-diff.yml].
Out of Scope Changes check	✅ Passed	All changes are tightly scoped to CI workflow automation and baseline setup as defined in issue #65; no unrelated code modifications, feature implementations, or out-of-scope refactoring are present in the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

ℹ️ You can also turn on project coverage checks and project coverage reporting on Pull Request comment

Thanks for integrating Codecov - We've got you covered ☂️

[coderabbitai]

Actionable comments posted: 9

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/4naly3er.yml:
- Line 10: The workflow job ID "4naly3er" is invalid because it starts with a
digit; update the job identifier to start with a letter or underscore (for
example change "4naly3er:" to "analyzer_4naly3er:" or "_4naly3er:") wherever
"4naly3er" appears in the workflow file so the GitHub Actions job key is a valid
YAML identifier.

In @.github/workflows/abi-diff.yml:
- Line 34: The CI step is swallowing failures by appending "|| true" to the
forge inspect command; remove the "|| true" from the line containing forge
inspect "$contract" abi > ".abi-current/${contract}.json" 2>/dev/null so that
errors from forge inspect propagate and the job fails when ABI extraction fails
(optionally ensure the workflow/step runs with shell options that don't mask
exit codes).
- Around line 41-43: The CI currently only echoes a warning in the else branch
when an ABI baseline is missing (the code that prints "⚠️  No ABI baseline for
$contract — add it to .abi-baselines/"); change that behavior to fail the job by
replacing the echo-only path with an explicit non-zero exit (e.g., call to exit
1) so the ABI check cannot be bypassed for contracts missing baseline files and
clearly reference $contract and the .abi-baselines directory in the failure
message.
- Around line 32-33: The workflow currently hardcodes placeholder names in the
CONTRACTS array (CONTRACTS=("YourContract" "AnotherContract")) so ABI checks are
skipped when left untouched; update the logic that sets CONTRACTS (and the
subsequent for contract in "${CONTRACTS[@]}" loop) to discover real contracts or
accept an explicit configuration: either populate CONTRACTS from a required
workflow input/env var (e.g. read from $CONTRACT_NAMES or fail if unset) or
dynamically discover contract names from build artifacts (e.g. parse JSON files
under artifacts/contracts or the compiled outputs) and assign that list to
CONTRACTS before the loop, ensuring the workflow fails if no contracts are
found.

In @.github/workflows/contract-size.yml:
- Around line 27-30: The current grep check against sizes.txt is broken; update
the check to parse numeric sizes (from Forge's bytes output or human-readable
KB/KiB/KB with or without decimals) and compare as bytes against the threshold
instead of relying on the regex in the grep line. Replace the fragile grep
command that references sizes.txt with a small parser (e.g., awk or a shell
loop) that reads each size entry from sizes.txt, normalizes units (treat
"KB"/"KiB" as 1024 bytes or handle decimals), converts values to bytes, and
fails (exit 1) if any contract size meets or exceeds the configured warn/limit
(use ~23000 bytes for a WARNING and 24576 bytes for the 24KB EIP-170 limit);
locate and change the existing grep invocation that contains the pattern
"[2-9][3-9]\.[0-9]+ KB|2[4-9]\.[0-9]+ KB" in the workflow to this byte-aware
check so it works for both byte-only and KiB/KB outputs.

In @.github/workflows/coverage.yml:
- Around line 24-25: The workflow step named "Install lcov" currently runs "sudo
apt-get install -y lcov" without updating package indexes; modify that step to
run "sudo apt-get update" before installing lcov (i.e., ensure the "Install
lcov" job/step performs an apt-get update then apt-get install -y lcov) so the
CI runner refreshes package lists prior to installation.

In @.github/workflows/gas-snapshot.yml:
- Around line 24-33: The "Run gas snapshot" step is overwriting the baseline
`.gas-snapshot` before the comparison, so remove that redundant step and only
keep the "Compare gas snapshot diff" step which runs `forge snapshot --diff
.gas-snapshot` and fails on non-zero exit; specifically delete the step named
"Run gas snapshot" and ensure the workflow only executes the "Compare gas
snapshot diff" step (which references `.gas-snapshot`) so the diff compares
against the committed baseline.

In @.github/workflows/mythril.yml:
- Around line 34-35: Replace the incorrect and suppressed Mythril invocation
options: remove the use of the `--solc-json /project/foundry.toml` flag
(foundry.toml is TOML, not solc standard JSON) and remove the trailing `|| true`
that silences failures; instead pass the Solidity compiler version with `--solv
0.8.24` (to match the `solc_version` in foundry.toml) so Mythril runs with the
correct compiler and returns a non-zero exit code on analysis failures.

In @.github/workflows/storage-layout-diff.yml:
- Around line 31-33: The workflow currently uses a hardcoded CONTRACTS array and
silences errors with "2>/dev/null || true", letting the job pass without real
checks; update the job so CONTRACTS is populated from actual build/artifact
outputs (or fail fast if no contracts found) instead of the placeholder
("YourContract"/"AnotherContract"), remove the "|| true" and error redirection
on the "forge inspect \"$contract\" storage-layout" invocation so failures
surface, and add an explicit check that the ".storage-layouts/${contract}.json"
baseline exists (or cause the step to fail) before continuing — apply the same
fixes to the repeated block around lines 39-49.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 41fcff99-4f2b-43ba-aed4-627822d28fd9

📥 Commits

Reviewing files that changed from the base of the PR and between 22e681b and 9900b2a.

📒 Files selected for processing (9)

• .github/workflows/4naly3er.yml
• .github/workflows/abi-diff.yml
• .github/workflows/contract-size.yml
• .github/workflows/coverage.yml
• .github/workflows/deployment-dry-run.yml
• .github/workflows/gas-report.yml
• .github/workflows/gas-snapshot.yml
• .github/workflows/mythril.yml
• .github/workflows/storage-layout-diff.yml

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (3)

.github/workflows/abi-diff.yml (1)

32-41: ⚠️ Potential issue | 🟠 Major

ABI gate should fail when baseline inputs are missing.

Exiting success when .abi-baselines is missing/empty makes ABI validation optional and bypassable in CI.

Proposed fix

-                  if [ ! -d .abi-baselines ]; then
-                    echo "No .abi-baselines directory. Skipping check."
-                    exit 0
-                  fi
+                  if [ ! -d .abi-baselines ]; then
+                    echo "::error::.abi-baselines directory is required for ABI diff checks."
+                    exit 1
+                  fi
...
-                  if [ "${`#CONTRACTS`[@]}" -eq 0 ]; then
-                    echo "No ABI baselines found in .abi-baselines/. Skipping ABI diff."
-                    exit 0
-                  fi
+                  if [ "${`#CONTRACTS`[@]}" -eq 0 ]; then
+                    echo "::error::No ABI baseline files found in .abi-baselines/."
+                    exit 1
+                  fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/abi-diff.yml around lines 32 - 41, The workflow currently
exits successfully when ABI baselines are missing or empty, letting CI skip ABI
validation; update the checks in .github/workflows/abi-diff.yml so the two
branches that test for missing baseline inputs (the if [ ! -d .abi-baselines ]
block and the if [ "${`#CONTRACTS`[@]}" -eq 0 ] block that checks CONTRACTS)
return a non-zero exit (fail the job) instead of exit 0, and keep clear echo
messages so failures indicate missing .abi-baselines or missing baseline JSONs
for ABI diff.

.github/workflows/storage-layout-diff.yml (1)

30-40: ⚠️ Potential issue | 🟠 Major

Storage-layout gate is still fail-open when baselines are absent.

If .storage-baselines is missing/empty, or no layouts are generated, the job exits successfully. That allows CI to pass without running the integrity check.

Proposed fix

-                  if [ ! -d .storage-baselines ]; then
-                    echo "No .storage-baselines directory. Skipping generation."
-                    exit 0
-                  fi
+                  if [ ! -d .storage-baselines ]; then
+                    echo "::error::.storage-baselines directory is required for storage safety checks."
+                    exit 1
+                  fi
...
-                  if [ "${`#CONTRACTS`[@]}" -eq 0 ]; then
-                    echo "No baselines found in .storage-baselines. Skipping generation."
-                    exit 0
-                  fi
+                  if [ "${`#CONTRACTS`[@]}" -eq 0 ]; then
+                    echo "::error::No baseline files found in .storage-baselines."
+                    exit 1
+                  fi
...
-                  if [ ! -d .storage-layouts ]; then
-                    echo "No .storage-layouts generated. Skipping diff."
-                    exit 0
-                  fi
+                  if [ ! -d .storage-layouts ]; then
+                    echo "::error::No storage layouts generated."
+                    exit 1
+                  fi
...
-                  if [ ${`#files`[@]} -eq 0 ]; then
-                    echo "No storage layouts were generated. Skipping diff."
-                    exit 0
-                  fi
+                  if [ ${`#files`[@]} -eq 0 ]; then
+                    echo "::error::No storage layout files generated."
+                    exit 1
+                  fi

Also applies to: 51-58

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/storage-layout-diff.yml around lines 30 - 40, The workflow
currently exits successfully when .storage-baselines is missing or when the
CONTRACTS array is empty, which lets CI pass; change those exit 0 paths to fail
the job by returning a non-zero status and a clear error message so the
storage-layout gate is fail-closed: replace the two checks that test for the
presence of the .storage-baselines directory and the CONTRACTS array (the
find/mapfile -> CONTRACTS section) to echo a descriptive error and exit 1, and
apply the same change to the equivalent check later (the block around the second
check of baselines/empty outputs referenced in the file) so missing or empty
baselines always fail the job.

.github/workflows/contract-size.yml (1)

27-29: ⚠️ Potential issue | 🔴 Critical

Contract-size threshold parsing is unreliable and can mis-gate CI.

The regex does not implement the stated >= 23616 bytes threshold correctly, and \s with grep -E is not dependable for whitespace matching. This can cause false positives/negatives.

Proposed fix

                   forge build --sizes 2>&1 | tee sizes.txt
-                  # Fail if any contract is >= 23616 bytes (warn zone before 24KB EIP-170 limit)
-                  if grep -E '^\s*\|.*\s([2-9][0-9]{3}|[1-9][0-9]{4})\s' sizes.txt; then
-                    echo "❌ One or more contracts are dangerously close to or over the 24KB limit."
-                    exit 1
-                  fi
+                  # Fail if deployed bytecode is >= 23616 bytes (warn zone before 24KB EIP-170 limit)
+                  awk -F'|' '
+                    BEGIN { warn=23616; bad=0; rows=0 }
+                    /^\|/ && $0 !~ /Contract/ {
+                      size=$3
+                      gsub(/[^0-9]/, "", size)
+                      if (size != "") {
+                        rows++
+                        if ((size+0) >= warn) {
+                          contract=$2
+                          gsub(/^[[:space:]]+|[[:space:]]+$/, "", contract)
+                          printf("❌ %s deployed size %dB >= %dB\n", contract, size, warn)
+                          bad=1
+                        }
+                      }
+                    }
+                    END {
+                      if (rows == 0) {
+                        print "::error::Unable to parse contract sizes from forge output."
+                        exit 1
+                      }
+                      exit bad
+                    }
+                  ' sizes.txt

Run this verification script to confirm the current regex behavior:

#!/bin/bash
set -euo pipefail

pattern='^\s*\|.*\s([2-9][0-9]{3}|[1-9][0-9]{4})\s'
cat > /tmp/sizes-sample.txt <<'EOF'
| Contract | Deployed Size (B) | Deployed Margin (B) |
| Small    | 12000             | 12576               |
| Near     | 23620             |   956               |
| Over     | 25000             |  -424               |
EOF

echo "Pattern: $pattern"
echo "Matches (expected: rows Near/Over if threshold check is correct):"
grep -En "$pattern" /tmp/sizes-sample.txt || true

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/contract-size.yml around lines 27 - 29, The current grep
check using the pattern '^\s*\|.*\s([2-9][0-9]{3}|[1-9][0-9]{4})\s' is
unreliable; replace the grep-based threshold check with a numeric comparison
(e.g., use awk) so you accurately detect any "Deployed Size (B)" >= 23616.
Update the conditional that currently runs grep -E to instead run an awk command
that parses the sizes.txt table, extracts the Deployed Size column (by header
name or column index), converts values to integers, and exits non-zero if any
value >= 23616; ensure the shell conditional and echo message remain the same
but triggered by the awk exit code rather than the fragile regex.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/4naly3er.yml:
- Around line 30-33: The workflow step named "Run 4naly3er on src/" produces
../4naly3er-report.md but never uploads it; add a new job step after that step
which uses actions/upload-artifact@v3 to upload the ../4naly3er-report.md (or
the report path produced by the "Run 4naly3er on src/" step) as a workflow
artifact (give it a clear name like 4naly3er-report and set the path to
../4naly3er-report.md) so reviewers can download the generated markdown from CI.
- Line 21: The workflow uses an unsupported Node.js runtime ("node-version:
\"18\""); update the GitHub Actions workflow to a supported LTS (e.g.,
"node-version: \"24\"" or "20"/"22") by changing the value for the node-version
key in the workflow step (look for the node-version: "18" entry) so CI runs on a
currently supported Node runtime.
- Around line 25-29: Replace the current floating clone and nondeterministic
install with a pinned commit checkout and a deterministic install: change the
git clone/cd steps to clone the repo then checkout a specific commit SHA (e.g.,
run git clone https://github.com/Picodes/4naly3er && cd 4naly3er && git checkout
<COMMIT_SHA>) so the workflow uses an immutable ref, and replace the bare yarn
invocation with a deterministic install flag (e.g., yarn install
--frozen-lockfile or the appropriate lockfile-first command for your yarn
version) so dependency resolution is reproducible; keep the rm -f
src/issues/NC/uselessOverride.ts step as-is.

In @.github/workflows/gas-snapshot.yml:
- Around line 26-33: The workflow currently auto-generates a .gas-snapshot when
it's missing and exits success; change that to fail the job instead. In the
shell step now containing the check for .gas-snapshot and the subsequent forge
snapshot --diff call, replace the branch that handles [ ! -f .gas-snapshot ] so
it prints a clear failure message that the baseline is missing (mentioning
.gas-snapshot) and exits with non-zero status (exit 1) rather than running forge
snapshot and exiting 0; keep the existing forge snapshot --diff path unchanged
to still detect gas regressions when the file exists.

---

Duplicate comments:
In @.github/workflows/abi-diff.yml:
- Around line 32-41: The workflow currently exits successfully when ABI
baselines are missing or empty, letting CI skip ABI validation; update the
checks in .github/workflows/abi-diff.yml so the two branches that test for
missing baseline inputs (the if [ ! -d .abi-baselines ] block and the if [
"${`#CONTRACTS`[@]}" -eq 0 ] block that checks CONTRACTS) return a non-zero exit
(fail the job) instead of exit 0, and keep clear echo messages so failures
indicate missing .abi-baselines or missing baseline JSONs for ABI diff.

In @.github/workflows/contract-size.yml:
- Around line 27-29: The current grep check using the pattern
'^\s*\|.*\s([2-9][0-9]{3}|[1-9][0-9]{4})\s' is unreliable; replace the
grep-based threshold check with a numeric comparison (e.g., use awk) so you
accurately detect any "Deployed Size (B)" >= 23616. Update the conditional that
currently runs grep -E to instead run an awk command that parses the sizes.txt
table, extracts the Deployed Size column (by header name or column index),
converts values to integers, and exits non-zero if any value >= 23616; ensure
the shell conditional and echo message remain the same but triggered by the awk
exit code rather than the fragile regex.

In @.github/workflows/storage-layout-diff.yml:
- Around line 30-40: The workflow currently exits successfully when
.storage-baselines is missing or when the CONTRACTS array is empty, which lets
CI pass; change those exit 0 paths to fail the job by returning a non-zero
status and a clear error message so the storage-layout gate is fail-closed:
replace the two checks that test for the presence of the .storage-baselines
directory and the CONTRACTS array (the find/mapfile -> CONTRACTS section) to
echo a descriptive error and exit 1, and apply the same change to the equivalent
check later (the block around the second check of baselines/empty outputs
referenced in the file) so missing or empty baselines always fail the job.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 787aa80d-0673-4428-970c-c6d165b49f1e

📥 Commits

Reviewing files that changed from the base of the PR and between 9900b2a and d3b3d1e.

📒 Files selected for processing (7)

• .github/workflows/4naly3er.yml
• .github/workflows/abi-diff.yml
• .github/workflows/contract-size.yml
• .github/workflows/coverage.yml
• .github/workflows/gas-snapshot.yml
• .github/workflows/mythril.yml
• .github/workflows/storage-layout-diff.yml

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/gas-snapshot.yml:
- Around line 21-22: The workflow is using the floating tag
foundry-rs/foundry-toolchain@v1 which can change over time; update the GitHub
Actions step that currently uses foundry-rs/foundry-toolchain@v1 to pin to a
specific commit SHA (e.g., replace `@v1` with @<commit-sha>) so the action version
is immutable and reproducible, ensuring the Install Foundry step always uses the
exact referenced commit.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9bbcc254-0b1d-4a44-bca9-6a30dd51c6cd

📥 Commits

Reviewing files that changed from the base of the PR and between d3b3d1e and c23b99e.

📒 Files selected for processing (3)

• .gas-snapshot
• .github/workflows/4naly3er.yml
• .github/workflows/gas-snapshot.yml

[aniket866]

@coderabbitai review and approve

[coderabbitai]

@aniket866 Sure! I'll perform a full review of the PR and approve it as requested.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[Copilot]

Pull request overview

Adds multiple GitHub Actions workflows to the contracts repo to automatically detect regressions in gas usage, ABI/storage layout compatibility, contract size limits, coverage, and to run additional analysis/security tooling.

Changes:

• Introduces gas snapshot diff and gas report CI workflows (plus commits a .gas-snapshot baseline).
• Adds ABI diff and storage-layout diff checks against committed baselines.
• Adds contract size checking, coverage generation/upload, Mythril scanning, and 4naly3er reporting workflows.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
.github/workflows/storage-layout-diff.yml	Generates storage layouts for baseline-listed contracts and diffs against stored baselines.
.github/workflows/mythril.yml	Runs Mythril scans over Solidity sources using Docker.
.github/workflows/gas-snapshot.yml	Fails CI if forge snapshot --diff shows gas regressions vs .gas-snapshot.
.github/workflows/gas-report.yml	Runs tests with --gas-report to emit per-function gas costs.
.github/workflows/coverage.yml	Generates Foundry lcov coverage and uploads to Codecov.
.github/workflows/contract-size.yml	Builds with --sizes and attempts to fail when nearing EIP-170 limit.
.github/workflows/abi-diff.yml	Generates ABIs for baseline-listed contracts and diffs against stored baselines.
.github/workflows/4naly3er.yml	Runs 4naly3er on src/ and uploads the markdown report artifact.
.gas-snapshot	Baseline gas snapshot used by the gas regression workflow.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[KanishkSogani]

@aniket866 please fix some changes suggested by copilot above.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/contract-size.yml:
- Around line 28-42: The AWK block that checks deployed sizes fails because it
uses the default FS and /^[0-9]+$/ which won't match comma-formatted numbers;
update the awk invocation to set FS="|" and parse the deployed-size explicitly
from field 3 (e.g., trim surrounding whitespace, remove commas, convert to a
number) before comparing against 23616, then keep the existing print/found/END
exit logic so the step fails when any parsed deployed-size >= 23616.

In @.github/workflows/mythril.yml:
- Around line 32-37: The Mythril scan is passing BYTECODE as a positional
argument (so Mythril treats it as a filename); update the docker run invocation
that calls mythril/myth analyze to pass the runtime bytecode using Mythril's
bytecode flags: replace the positional "$BYTECODE" argument with the flag form
(e.g., --code or -c) and add the --bin-runtime flag so the extracted
deployedBytecode.object (BYTECODE) is analyzed as runtime bytecode; locate the
invocation in the docker run block that currently references BYTECODE and change
it to use --code "$BYTECODE" and --bin-runtime.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7ad481dd-0c84-4583-aae5-f044d609316c

📥 Commits

Reviewing files that changed from the base of the PR and between c23b99e and 198453c.

📒 Files selected for processing (2)

• .github/workflows/contract-size.yml
• .github/workflows/mythril.yml

[aniket866]

hi @KanishkSogani I have applied all the suggestions by co-pilot