Organization
- @Vectorized
Engagement Type
Cantina Reviews
Period
-
Repositories
Researchers
Low-Level Solidity Utility Library Audit of Solady
Solady is a collection of gas-optimized Solidity libraries widely used across the Web3 ecosystem for efficient and minimal smart contract development. It includes utilities for clone factories, ECDSA recovery, Merkle proofs, and ERC token standards, with a focus on low-level memory and calldata manipulation.
To support its long-term security, Solady underwent a security audits review coordinated by Cantina as a public goods engagement. The review covered components like LibClone
, SignatureCheckerLib
, ERC20
, and ERC1967Factory
, highlighting risks in length handling, memory pointer safety, and cryptographic assumptions.
Cantina supports open-source and infrastructure projects like Solady with additional layers of assurance through bug bounty programs, crowdsourced security competitions, and multisig security, helping secure shared tooling across the smart contract ecosystem.
Findings
High Risk
1 findings
1 fixed
0 acknowledged
Medium Risk
3 findings
3 fixed
0 acknowledged
Low Risk
4 findings
2 fixed
2 acknowledged
Informational
16 findings
12 fixed
4 acknowledged
Gas Optimizations
16 findings
10 fixed
6 acknowledged