Solady

Solady Solidity Library Audit by Cantina

Cantina Security Report

Organization

@Vectorized

Engagement Type

Cantina Reviews

Period

-


Low-Level Solidity Utility Library Audit of Solady

Solady is a collection of gas-optimized Solidity libraries widely used across the Web3 ecosystem for efficient and minimal smart contract development. It includes utilities for clone factories, ECDSA recovery, Merkle proofs, and ERC token standards, with a focus on low-level memory and calldata manipulation.

To support its long-term security, Solady underwent a security audits review coordinated by Cantina as a public goods engagement. The review covered components like LibClone, SignatureCheckerLib, ERC20, and ERC1967Factory, highlighting risks in length handling, memory pointer safety, and cryptographic assumptions.

Cantina supports open-source and infrastructure projects like Solady with additional layers of assurance through bug bounty programs, crowdsourced security competitions, and multisig security, helping secure shared tooling across the smart contract ecosystem.


Findings

High Risk

1 findings

1 fixed

0 acknowledged

Medium Risk

3 findings

3 fixed

0 acknowledged

Low Risk

4 findings

2 fixed

2 acknowledged

Informational

16 findings

12 fixed

4 acknowledged

Gas Optimizations

16 findings

10 fixed

6 acknowledged