Merge branch 'master' into patch-1

.github/ISSUE_TEMPLATE/bug.md

@@ -1,6 +1,7 @@
 ---
 name: Bug Report
 about: Any general feedback or bug reports about the Vyper Compiler. No new features proposals.
+labels: ["needs triage"]
 ---
 
 ### Version Information

.github/ISSUE_TEMPLATE/vip.md

@@ -1,6 +1,7 @@
 ---
 name: Vyper Improvement Proposal (VIP)
 about: This is the suggested template for new VIPs.
+labels: ["needs triage"]
 ---
 ## Simple Summary
 "If you can't explain it simply, you don't understand it well enough." Provide a simplified and layman-accessible explanation of the VIP.

.github/workflows/build.yml

@@ -31,6 +31,10 @@ jobs:
             # need to fetch unshallow so that setuptools_scm can infer the version
             fetch-depth: 0
 
+      # debug
+      - name: Git shorthash
+        run: git rev-parse --short HEAD
+
       - name: Python
         uses: actions/setup-python@v5
         with:
@@ -60,6 +64,10 @@ jobs:
             # need to fetch unshallow so that setuptools_scm can infer the version
             fetch-depth: 0
 
+      # debug
+      - name: Git shorthash
+        run: git rev-parse --short HEAD
+
       - name: Python
         uses: actions/setup-python@v5
         with:

.github/workflows/pull-request.yaml

@@ -24,13 +24,15 @@ jobs:
         with:
           types: |
             feat
+            perf
             fix
             chore
             refactor
           # ci: continuous integration
           # docs: documentation
           # test: test suite
           # lang: language changes
+          # stdlib: changes to the stdlib
           # ux: language changes (UX)
           # tool: integration
           # ir: (old) IR/codegen changes
@@ -42,6 +44,7 @@ jobs:
             docs
             test
             lang
+            stdlib
             ux
             tool
             ir

.github/workflows/release-pypi.yml

@@ -20,6 +20,14 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
+      with:
+        # fetch unshallow so commit hash matches github release.
+        # see https://github.com/vyperlang/vyper/blob/8f9a8cac49aafb3fbc9dde78f0f6125c390c32f0/.github/workflows/build.yml#L27-L32
+        fetch-depth: 0
+
+    # debug
+    - name: Git shorthash
+      run: git rev-parse --short HEAD
 
     - name: Python
       uses: actions/setup-python@v5

.github/workflows/test.yml

@@ -116,6 +116,7 @@ jobs:
           # modes across all python versions - one is enough
           - python-version: ["3.10", "310"]
           - python-version: ["3.12", "312"]
+          - python-version: ["3.13", "313"]
 
           # os-specific rules
           - os: windows

FUNDING.json

@@ -3,5 +3,8 @@
     "ethereum": {
       "ownedBy": "0x70CCBE10F980d80b7eBaab7D2E3A73e87D67B775"
     }
+  },
+  "opRetro": {
+    "projectId": "0x9ca1f7b0e0d10d3bd2619e51a54f2e4175e029c87a2944cf1ebc89164ba77ea0"
   }
 }

README.md

@@ -3,6 +3,7 @@
 [![Build Status](https://github.com/vyperlang/vyper/workflows/Test/badge.svg)](https://github.com/vyperlang/vyper/actions/workflows/test.yml)
 [![Documentation Status](https://readthedocs.org/projects/vyper/badge/?version=latest)](http://docs.vyperlang.org/en/latest/?badge=latest "ReadTheDocs")
 [![Discord](https://img.shields.io/discord/969926564286459934.svg?label=%23vyper)](https://discord.gg/6tw7PTM7C2)
+[![Telegram](https://img.shields.io/badge/Vyperholics🐍-Telegram-blue)](https://t.me/vyperlang)
 
 [![PyPI](https://badge.fury.io/py/vyper.svg)](https://pypi.org/project/vyper "PyPI")
 [![Docker](https://img.shields.io/docker/cloud/build/vyperlang/vyper)](https://hub.docker.com/r/vyperlang/vyper "DockerHub")

SECURITY.md

@@ -3,7 +3,7 @@
 ## Supported Versions
 
 - it is recommended to follow the list of known [vulnerabilities](https://github.com/vyperlang/vyper/security/advisories) and stay up-to-date with the latest releases
-  - as of May 2024, the `0.4.0` release is the most secure and the most comprehensively reviewed one and is recommended for use in production environments
+  - as of May 2024, the [`0.4.0`](https://github.com/vyperlang/vyper/releases/tag/v0.4.0) release is the most comprehensively reviewed one and is recommended for use in production environments
 - if a compiler vulnerability is found, a new compiler version with a patch will be released. The vulnerable version itself is not updated (see the examples below).
   - `example1`: suppose `0.4.0` is the latest version and a hypothetical vulnerability is found in `0.4.0`, then a patch will be released in `0.4.1`
   - `example2`: suppose `0.4.0` is the latest version and a hypothetical vulnerability is found both in `0.3.10` and `0.4.0`, then a patch will be released only in `0.4.1`
@@ -26,7 +26,22 @@ we will add an entry to the list of security advisories for posterity and refere
 
 
 ## Bug Bounty Program
-- as of May 2024, Vyper does not have a bug bounty program. It is planned to instantiate one soon.
+- Vyper runs a bug bounty program via the Ethereum Foundation.
+  - Bugs should be reported through the [Ethereum Foundation's bounty program](https://ethereum.org/bug-bounty).
+
+### Scope
+- Rules from the Ethereum Foundation's bug bounty program apply; for any questions please reach out [here](mailto:[email protected]). Here we further clarify the scope of the Vyper bounty program.
+- If a compiler bug affects production code, it is in scope (excluding known issues).
+  - This includes bugs in older compiler versions still used in production.
+- If a compiler bug does not currently affect production but is likely to in the future, it is in scope.
+  - This mainly applies to the latest compiler release (e.g., a new release is available but contracts are not yet deployed with it).
+  - Experimental features (e.g. `--experimental-codegen`) are out of scope, as they are not intended for production and are unlikely to affect production code.
+  - Bugs in older compiler versions are generally out of scope, as they are no longer used for new contracts.
+    - There might be exceptions, e.g., when an L2 doesn't support recent compiler releases. In such cases, it might be reasonable for an older version to be used. It is up to the discretion of the EF & Vyper team to decide if the bug is in scope.
+- If a vulnerability affects multiple contracts, the whitehat is eligible for only one payout (though the severity of the bug may increase).
+- Eligibility for project-specific bounties is independent of this bounty.
+- [Security advisories](https://github.com/vyperlang/vyper/security/advisories) and [known issues](https://github.com/vyperlang/vyper/issues) are not eligible for the bounty program, as they are publicly disclosed and protocols should structure their contracts accordingly.
+- Individuals or organizations contracted or engaged specifically for security development, auditing, or testing of this project are ineligible for the bounty program.
 
 ## Reporting a Vulnerability
 

docs/built-in-functions.rst

@@ -1023,7 +1023,7 @@ Utilities
         >>> ExampleContract.foo()
 	0xa9059cbb
 
-.. py:function:: abi_encode(*args, ensure_tuple: bool = True) -> Bytes[<depends on input>]
+.. py:function:: abi_encode(*args, ensure_tuple: bool = True, method_id: Bytes[4] = None) -> Bytes[<depends on input>]
 
     Takes a variable number of args as input, and returns the ABIv2-encoded bytestring. Used for packing arguments to raw_call, EIP712 and other cases where a consistent and efficient serialization method is needed.
     Once this function has seen more use we provisionally plan to put it into the ``ethereum.abi`` namespace.

docs/compiling-a-contract.rst

@@ -31,7 +31,7 @@ Include the ``-f`` flag to specify which output formats to return. Use ``vyper -
 
 .. code:: shell
 
-    $ vyper -f abi,abi_python,bytecode,bytecode_runtime,blueprint_bytecode,interface,external_interface,ast,annotated_ast,integrity,ir,ir_json,ir_runtime,asm,opcodes,opcodes_runtime,source_map,source_map_runtime,archive,solc_json,method_identifiers,userdoc,devdoc,metadata,combined_json,layout yourFileName.vy
+    $ vyper -f abi,abi_python,bb,bb_runtime,bytecode,bytecode_runtime,blueprint_bytecode,cfg,cfg_runtime,interface,external_interface,ast,annotated_ast,integrity,ir,ir_json,ir_runtime,asm,opcodes,opcodes_runtime,source_map,source_map_runtime,archive,solc_json,method_identifiers,userdoc,devdoc,metadata,combined_json,layout yourFileName.vy
 
 .. note::
     The ``opcodes`` and ``opcodes_runtime`` output of the compiler has been returning incorrect opcodes since ``0.2.0`` due to a lack of 0 padding (patched via `PR 3735 <https://github.com/vyperlang/vyper/pull/3735>`_). If you rely on these functions for debugging, please use the latest patched versions.
@@ -134,6 +134,11 @@ In codesize optimized mode, the compiler will try hard to minimize codesize by
 * out-lining code, and
 * using more loops for data copies.
 
+Enabling Experimental Code Generation
+===========================
+
+When compiling, you can use the CLI flag ``--experimental-codegen`` or its alias ``--venom`` to activate the new `Venom IR <https://github.com/vyperlang/vyper/blob/master/vyper/venom/README.md>`_.
+Venom IR is inspired by LLVM IR and enables new advanced analysis and optimizations.
 
 .. _evm-version:
 

docs/constants-and-vars.rst

@@ -26,6 +26,7 @@ Name                  Type             Value
 ``chain.id``          ``uint256``      Chain ID
 ``msg.data``          ``Bytes``        Message data
 ``msg.gas``           ``uint256``      Remaining gas
+``msg.mana``          ``uint256``      Remaining gas (alias for ``msg.gas``)
 ``msg.sender``        ``address``      Sender of the message (current call)
 ``msg.value``         ``uint256``      Number of wei sent with the message
 ``tx.origin``         ``address``      Sender of the transaction (full call chain)

docs/installing-vyper.rst

@@ -7,50 +7,55 @@ any errors.
 
 .. note::
 
-    The easiest way to experiment with the language is to use the `Remix online compiler <https://remix.ethereum.org>`_.
-    (Activate the vyper-remix plugin in the Plugin manager.)
+    The easiest way to experiment with the language is to use either `Try Vyper! <https://try.vyperlang.org>`_ (maintained by the Vyper team) or the `Remix online compiler <https://remix.ethereum.org>`_ (maintained by the Ethereum Foundation).
+    - To use Try Vyper, go to https://try.vyperlang.org and log in (requires Github login).
+    - To use remix, go to https://remix.ethereum.org and activate the vyper-remix plugin in the Plugin manager.
 
-Docker
-******
 
-Vyper can be downloaded as docker image from `dockerhub <https://hub.docker.com/r/vyperlang/vyper/tags?page=1&ordering=last_updated>`_:
-::
+Standalone
+**********
 
-    docker pull vyperlang/vyper
+The Vyper CLI can be installed with any ``pip`` compatible tool, for example, ``pipx`` or ``uv tool``. If you do not have ``pipx`` or ``uv`` installed, first, go to the respective tool's installation page:
 
-To run the compiler use the ``docker run`` command:
-::
+- https://github.com/pypa/pipx?tab=readme-ov-file
+- https://github.com/astral-sh/uv?tab=readme-ov-file#uv
 
-    docker run -v $(pwd):/code vyperlang/vyper /code/<contract_file.vy>
+Then, the command to install Vyper would be
 
-Alternatively you can log into the docker image and execute vyper on the prompt.
 ::
 
-    docker run -v $(pwd):/code/ -it --entrypoint /bin/bash vyperlang/vyper
-    root@d35252d1fb1b:/code# vyper <contract_file.vy>
+    pipx install vyper
+
+Or,
 
-The normal parameters are also supported, for example:
 ::
 
-    docker run -v $(pwd):/code vyperlang/vyper -f abi /code/<contract_file.vy>
-    [{'name': 'test1', 'outputs': [], 'inputs': [{'type': 'uint256', 'name': 'a'}, {'type': 'bytes', 'name': 'b'}], 'constant': False, 'payable': False, 'type': 'function', 'gas': 441}, {'name': 'test2', 'outputs': [], 'inputs': [{'type': 'uint256', 'name': 'a'}], 'constant': False, 'payable': False, 'type': 'function', 'gas': 316}]
+    uv tool install vyper
 
-.. note::
 
-    If you would like to know how to install Docker, please follow their `documentation <https://docs.docker.com/get-docker/>`_.
+Binaries
+********
+
+Alternatively, prebuilt Vyper binaries for Windows, Mac and Linux are available for download from the GitHub releases page: https://github.com/vyperlang/vyper/releases.
+
 
 PIP
 ***
 
 Installing Python
 =================
 
-Vyper can only be built using Python 3.6 and higher. If you need to know how to install the correct version of python,
+Vyper can only be built using Python 3.10 and higher. If you need to know how to install the correct version of python,
 follow the instructions from the official `Python website <https://wiki.python.org/moin/BeginnersGuide/Download>`_.
 
 Creating a virtual environment
 ==============================
 
+Because pip installations are not isolated by default, this method of
+installation is meant for more experienced Python developers who are using
+Vyper as a library, or want to use it within a Python project with other
+pip dependencies.
+
 It is **strongly recommended** to install Vyper in **a virtual Python
 environment**, so that new packages installed and dependencies built are
 strictly contained in your Vyper project and will not alter or affect your
@@ -76,13 +81,43 @@ Each tagged version of vyper is uploaded to `pypi <https://pypi.org/project/vype
 To install a specific version use:
 ::
 
-    pip install vyper==0.3.7
+    pip install vyper==0.4.0
 
 You can check if Vyper is installed completely or not by typing the following in your terminal/cmd:
 ::
 
     vyper --version
 
+
+Docker
+******
+
+Vyper can be downloaded as docker image from `dockerhub <https://hub.docker.com/r/vyperlang/vyper/tags?page=1&ordering=last_updated>`_:
+::
+
+    docker pull vyperlang/vyper
+
+To run the compiler use the ``docker run`` command:
+::
+
+    docker run -v $(pwd):/code vyperlang/vyper /code/<contract_file.vy>
+
+Alternatively you can log into the docker image and execute vyper on the prompt.
+::
+
+    docker run -v $(pwd):/code/ -it --entrypoint /bin/bash vyperlang/vyper
+    root@d35252d1fb1b:/code# vyper <contract_file.vy>
+
+The normal parameters are also supported, for example:
+::
+
+    docker run -v $(pwd):/code vyperlang/vyper -f abi /code/<contract_file.vy>
+    [{'name': 'test1', 'outputs': [], 'inputs': [{'type': 'uint256', 'name': 'a'}, {'type': 'bytes', 'name': 'b'}], 'constant': False, 'payable': False, 'type': 'function', 'gas': 441}, {'name': 'test2', 'outputs': [], 'inputs': [{'type': 'uint256', 'name': 'a'}], 'constant': False, 'payable': False, 'type': 'function', 'gas': 316}]
+
+.. note::
+
+    If you would like to know how to install Docker, please follow their `documentation <https://docs.docker.com/get-docker/>`_.
+
 nix
 ***
 

docs/interfaces.rst

@@ -85,10 +85,6 @@ The ``default_return_value`` parameter can be used to handle ERC20 tokens affect
     extcall IERC20(USDT).transfer(msg.sender, 1, default_return_value=True) # returns True
     extcall IERC20(USDT).transfer(msg.sender, 1) # reverts because nothing returned
 
-.. warning::
-
-   When ``skip_contract_check=True`` is used and the called function returns data (ex.: ``x: uint256 = SomeContract.foo(skip_contract_check=True)``, no guarantees are provided by the compiler as to the validity of the returned value. In other words, it is undefined behavior what happens if the called contract did not exist. In particular, the returned value might point to garbage memory. It is therefore recommended to only use ``skip_contract_check=True`` to call contracts which have been manually ensured to exist at the time of the call.
-
 Built-in Interfaces
 ===================
 

docs/structure-of-a-contract.rst

@@ -54,6 +54,16 @@ EVM Version
 
 The EVM version can be set with the ``evm-version`` pragma, which is documented in :ref:`evm-version`.
 
+Experimental Code Generation
+-----------------
+The new experimental code generation feature can be activated using the following directive:
+
+.. code-block:: vyper
+
+   #pragma experimental-codegen
+
+Alternatively, you can use the alias ``"venom"`` instead of ``"experimental-codegen"``  to enable this feature.
+
 Imports
 =======
 

docs/types.rst

@@ -359,11 +359,12 @@ A byte array with a max size.
 The syntax being ``Bytes[maxLen]``, where ``maxLen`` is an integer which denotes the maximum number of bytes.
 On the ABI level the Fixed-size bytes array is annotated as ``bytes``.
 
-Bytes literals may be given as bytes strings.
+Bytes literals may be given as bytes strings or as hex strings.
 
 .. code-block:: vyper
 
     bytes_string: Bytes[100] = b"\x01"
+    bytes_string: Bytes[100] = x"01"
 
 .. index:: !string
 

docs/using-modules.rst

@@ -62,6 +62,21 @@ The ``_times_two()`` helper function in the above module can be immediately used
 
 The other functions cannot be used yet, because they touch the ``ownable`` module's state. There are two ways to declare a module so that its state can be used.
 
+Using a module as an interface
+==============================
+
+A module can be used as an interface with the ``__at__`` syntax.
+
+.. code-block:: vyper
+
+    import ownable
+
+    an_ownable: ownable.__interface__
+
+    def call_ownable(addr: address):
+        self.an_ownable = ownable.__at__(addr)
+        self.an_ownable.transfer_ownership(...)
+
 Initializing a module
 =====================
 

setup.py

@@ -36,7 +36,7 @@
 
 extras_require["dev"] = extras_require["dev"] + extras_require["test"] + extras_require["lint"]
 
-with open("README.md", "r") as f:
+with open("README.md", "r", encoding="utf-8") as f:
     long_description = f.read()
 
 
@@ -94,6 +94,7 @@ def _global_version(version):
         "asttokens>=2.0.5,<3",
         "pycryptodome>=3.5.1,<4",
         "packaging>=23.1,<24",
+        "lark>=1.0.0,<2",
         "importlib-metadata",
         "wheel",
     ],
@@ -105,6 +106,7 @@ def _global_version(version):
             "vyper=vyper.cli.vyper_compile:_parse_cli_args",
             "fang=vyper.cli.vyper_ir:_parse_cli_args",
             "vyper-json=vyper.cli.vyper_json:_parse_cli_args",
+            "venom=vyper.cli.venom_main:_parse_cli_args",
         ]
     },
     classifiers=[
@@ -113,6 +115,7 @@ def _global_version(version):
         "Programming Language :: Python :: 3.10",
         "Programming Language :: Python :: 3.11",
         "Programming Language :: Python :: 3.12",
+        "Programming Language :: Python :: 3.13",
     ],
     package_data={"vyper.ast": ["grammar.lark"]},
     data_files=[("", [hash_file_rel_path])],