Summary
Limited code reviews are best-effort checks and don't provide assurance comparable to non-limited code assessments or audits. Due to time and scope constraints, they are not exhaustive.
The most critical subjects covered in our review are the non-reentrancy by default option and the raw_create builtin. Security regarding all the aforementioned subjects is high. Moreover, we found that allowing users to turn on the non-reentrancy by default option is a good security measure that benefits language users greatly.
Other general subjects covered include enabling bitwise operators for bytesM, extending as_wei_value to all numeric types, refactoring decorator and pragma parsing as well as other smaller pull requests. Security regarding all the aforementioned subjects is also high.
It is important to note that security reviews are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Vyper Compiler 0.4.2 Pull Requests
This limited review was conducted by one engineer over one week and focused on multiple pull requests of the to-be-released version 0.4.2 of the Vyper compiler.
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”