Skip to content

Update OZ solhint custom rules #5794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Update OZ solhint custom rules #5794

wants to merge 12 commits into from

Conversation

gonzaotc
Copy link
Contributor

@gonzaotc gonzaotc commented Jul 10, 2025
edited
Loading

  1. Removes interface-names custom rule which is now covered by solhint's already included interface-starts-with-i
  2. Adds interface-only-external-functions rule.
  3. Prevents leading underscore in constants and immutables, which was previously only prevented in private constants
  4. Prevents leading underscore in public and external functions.
  5. Prevents external virtual functions.

Note that 2, 3, and 4 require breaking changes that can be potential candidates for 6.0

Ideally I would like to add another rule to verify that Interfaces can only import other interfaces

@gonzaotc gonzaotc requested a review from a team as a code owner July 10, 2025 20:03
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jul 10, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: ac17893

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@gonzaotc gonzaotc marked this pull request as draft July 10, 2025 20:03
@Amxx
Copy link
Collaborator

Amxx commented Jul 10, 2025

For reference, there is already this PR that deals with linter rules: #5497

Amxx
Amxx reviewed Jul 10, 2025
View reviewed changes
Copy link
Collaborator

@Amxx Amxx left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally I would like to add another rule to verify that Interfaces can only import other interfaces

AFAIK, this is already something solidity enforces. We don't need the linter to check taht if the compiler rejects it anyway.

Edit: that is true of "inheritance", importing is a different thing.

Amxx
Amxx reviewed Jul 10, 2025
View reviewed changes
Copy link
Collaborator

@Amxx Amxx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How efficient/explicit is /^_/.test(node.name) compared to node.name.startsWith('_')

@gonzaotc gonzaotc mentioned this pull request Jul 16, 2025
Merged
@Amxx Amxx mentioned this pull request Jul 24, 2025
Closed
@Amxx Amxx force-pushed the update-solhint-custom-rules branch from d1b7fad to ca766d7 Compare July 24, 2025 14:51
@Amxx Amxx added automation Tests and coverage running. Docsite publishing. ignore-changeset CI labels Jul 31, 2025
@Amxx Amxx added this to the 5.5 milestone Jul 31, 2025
@Amxx Amxx marked this pull request as ready for review August 27, 2025 13:22
@Amxx Amxx changed the title Update OZ solhint custom rules [WIP] Update OZ solhint custom rules Aug 27, 2025
ernestognw
ernestognw reviewed Aug 27, 2025
View reviewed changes
Copy link
Member

@ernestognw ernestognw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm curious about the external -> public changes. So far I thought we already made all functions public when needed, so I would assume they were intentional, can we confirm reviewing the history to make sure we're not missing a deliberate decision?

contracts/utils/Multicall.sol
@@ -23,7 +23,7 @@ abstract contract Multicall is Context {
* @dev Receives and executes a batch of function calls on this contract.
* @custom:oz-upgrades-unsafe-allow-reachable delegatecall
*/
function multicall(bytes[] calldata data) external virtual returns (bytes[] memory results) {
function multicall(bytes[] calldata data) public virtual returns (bytes[] memory results) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I remember correctly, this is purposely external since it doesn't have an internal use. Users could just call the functions they want directly

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By default, all public facing functions should be public so that overrides can call super.

If we have exceptions, the questions we need to answer are:

  1. is there any reason we think overrides won't need to call super?
  2. is there any risks in making that internally callable?

I'm not sure what override we would want to do, but I'd say calling super would be reasonnable here ... so really the question that remains is 2.

If function A internally calls multicall(...) (instead of doing this.multicall(...)) that would allow arbitrary function execution with the same caller as A's initial context. That is also what we would achieve by directly calling the corresponding function (assuming they are public and not external).

But yes, let review all the external->public changes, and we can disable the rule selectivelly if we have a good reason to keep the functions externals

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Amxx Amxx Amxx left review comments

@ernestognw ernestognw ernestognw left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
automation Tests and coverage running. Docsite publishing. CI ignore-changeset
Projects
None yet
Milestone
5.5
Development

Successfully merging this pull request may close these issues.
3 participants
@gonzaotc @Amxx @ernestognw