Summary
I did a thorough audit of the CoFHE documentation and found a compilation-breaking bug in a tutorial, a syntax error in a code example, and several documentation gaps that could confuse developers. Sharing these to help improve the onboarding experience.
Critical
1. Type Mismatch Bug in "Adding FHE to Existing Contract" Tutorial
Page: tutorials/adding-fhe-to-existing-contract.md
The getProposal() function declares the return type as uint256[] memory votes but initializes it as uint64[]:
// Return signature says:
uint256[] memory votes,
// But the code does:
votes = new uint64[](proposal.options.length);
This will cause a Solidity compilation error for any developer following the tutorial step-by-step.
2. Syntax Error in Encryption Guide
Page: cofhejs/guides/encryption.md
Missing comma in the multiple values encryption array example:
Encryptable.uint128(10) // <-- missing comma here
Encryptable.address('0x1234567890123456789012345678901234567890'),
Medium
3. Error Count Discrepancy
Page: fhe-library/core-concepts/common-errors.md
The page claims "complete list of all 53 errors" but only 18 errors are documented on the page. The wording should clarify that the remaining errors are on the separate Error Reference page, or link more prominently.
4. Inconsistent Access Control Explanation
Across quick-start and tutorials, FHE.allowThis() and FHE.allowSender() are used but never clearly distinguished:
- When is each required vs. optional?
- Are they additive?
- What's the difference between
allowTransient() and allow() in terms of duration/scope?
A short "Access Control Cheat Sheet" in the quick-start would go a long way.
5. Return Type Widening Not Explained
In the first FHE contract tutorial, get_counter_value() returns uint128 from a euint64 decryption. No explanation is given for why the type widens. Developers unfamiliar with FHE internals will be confused.
Low / Suggestions
6. Missing Chain IDs in Compatibility Page
The compatibility page lists Sepolia, Arbitrum Sepolia, and Base Sepolia but doesn't include chain IDs (11155111, 421614, 84532). These are the first thing developers look for when configuring wallets/tooling.
7. Permit Expiration Units Undocumented
Page: cofhejs/guides/permits-management.md
The expiration parameter is typed as number with no indication of whether it's seconds, milliseconds, or a Unix timestamp.
8. Missing using FHE for in Binding Examples
Page: fhe-library/reference/fhe-sol.md
Library binding syntax like lhs.add(rhs) is shown without the required using FHE for euint8; statement that makes it work.
9. Security Zone Default Value Undocumented
Functions accepting an optional securityZone parameter never specify the default value when omitted.
10. FHE.sol API Reference Missing Return Types
Access control methods (allowThis, allowSender, allow, allowTransient, allowGlobal) don't document their return types.
Happy to submit PRs for any of these if that would be helpful.
Summary
I did a thorough audit of the CoFHE documentation and found a compilation-breaking bug in a tutorial, a syntax error in a code example, and several documentation gaps that could confuse developers. Sharing these to help improve the onboarding experience.
Critical
1. Type Mismatch Bug in "Adding FHE to Existing Contract" Tutorial
Page:
tutorials/adding-fhe-to-existing-contract.mdThe
getProposal()function declares the return type asuint256[] memory votesbut initializes it asuint64[]:This will cause a Solidity compilation error for any developer following the tutorial step-by-step.
2. Syntax Error in Encryption Guide
Page:
cofhejs/guides/encryption.mdMissing comma in the multiple values encryption array example:
Medium
3. Error Count Discrepancy
Page:
fhe-library/core-concepts/common-errors.mdThe page claims "complete list of all 53 errors" but only 18 errors are documented on the page. The wording should clarify that the remaining errors are on the separate Error Reference page, or link more prominently.
4. Inconsistent Access Control Explanation
Across quick-start and tutorials,
FHE.allowThis()andFHE.allowSender()are used but never clearly distinguished:allowTransient()andallow()in terms of duration/scope?A short "Access Control Cheat Sheet" in the quick-start would go a long way.
5. Return Type Widening Not Explained
In the first FHE contract tutorial,
get_counter_value()returnsuint128from aeuint64decryption. No explanation is given for why the type widens. Developers unfamiliar with FHE internals will be confused.Low / Suggestions
6. Missing Chain IDs in Compatibility Page
The compatibility page lists Sepolia, Arbitrum Sepolia, and Base Sepolia but doesn't include chain IDs (11155111, 421614, 84532). These are the first thing developers look for when configuring wallets/tooling.
7. Permit Expiration Units Undocumented
Page:
cofhejs/guides/permits-management.mdThe
expirationparameter is typed asnumberwith no indication of whether it's seconds, milliseconds, or a Unix timestamp.8. Missing
using FHE forin Binding ExamplesPage:
fhe-library/reference/fhe-sol.mdLibrary binding syntax like
lhs.add(rhs)is shown without the requiredusing FHE for euint8;statement that makes it work.9. Security Zone Default Value Undocumented
Functions accepting an optional
securityZoneparameter never specify the default value when omitted.10. FHE.sol API Reference Missing Return Types
Access control methods (
allowThis,allowSender,allow,allowTransient,allowGlobal) don't document their return types.Happy to submit PRs for any of these if that would be helpful.