Update scarb to 2.17.0-rc.2

[ericnordelo]

Summary by CodeRabbit

• Chores
  • Updated project toolchain and workspace dependency versions to latest releases, including enhancements to the compiler and testing framework.

[coderabbitai]

Walkthrough

This pull request updates toolchain and dependency versions across the project. A .tool-versions configuration file is added to pin toolchain versions, while Scarb.toml is updated to bump Cairo, Scarb, and workspace dependencies to newer versions.

Changes

Cohort / File(s)	Summary
Toolchain Configuration .tool-versions	New file introduced with version pins for scarb, starknet-foundry, and universal-sierra-compiler.
Workspace Manifest Scarb.toml	Updated Cairo toolchain from 2.15.0 to 2.17.0-rc.2, Scarb from 2.15.1 to 2.17.0-rc.2, and workspace dependencies (assert_macros, starknet to 2.17.0-rc.2, snforge_std to 0.58.1).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• Bump scarb to 2.15.1 and snforge to 0.55.0 #1631: Updates the same Scarb.toml manifest version pins and Cairo/Scarb toolchain versions.

Suggested reviewers

• immrsd

Poem

🐰 Hop hop, versions rise up high,
Cairo floats to the sky,
Tools aligned in harmony,
A toolchain dance, wild and free! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main objective of the pull request: updating Scarb to version 2.17.0-rc.2, which is reflected in both the Scarb.toml changes and the .tool-versions file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/bump-scarb-to-v2.17.0-rc.2

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🧪 Cairo Contract Size Benchmark Diff

BYTECODE SIZE (felts) (limit: 81,920 felts)

Contract	Old	New	Δ	Note
DualCaseAccountMock	2752	2678	🔴 −74
LegacyAccountMock	2945	2871	🔴 −74
SRC9AccountMock	5460	5371	🔴 −89
SnakeAccountMock	3136	3047	🔴 −89

SIERRA CONTRACT CLASS SIZE (bytes) (limit: 4,089,446 bytes)

Contract	Old	New	Δ	Note
Attacker	6085	6086	🟢 +1
CounterMock	36813	36798	🔴 −15
DualCaseAccessControlDefaultAdminRulesMock	169875	169876	🟢 +1
DualCaseAccessControlMock	93251	93252	🟢 +1
DualCaseAccountMock	64311	62722	🔴 −1589
DualCaseERC1155Mock	232487	232488	🟢 +1
DualCaseERC1155ReceiverMock	39334	39335	🟢 +1
DualCaseERC20Mock	139154	139105	🔴 −49
DualCaseERC20PermitMock	187141	187142	🟢 +1
DualCaseERC721Mock	252713	252714	🟢 +1
DualCaseERC721ReceiverMock	24189	24190	🟢 +1
DualCaseEthAccountMock	89070	89071	🟢 +1
DualCaseOwnableMock	30628	30615	🔴 −13
DualCaseTwoStepOwnableMock	47776	47739	🔴 −37
ERC1155SupplyMock	235154	235155	🟢 +1
ERC1155URIStorageMock	256026	256027	🟢 +1
ERC20BlockNumberVotesMock	299369	299370	🟢 +1
ERC20CustomDecimalsMock	126957	126922	🔴 −35
ERC20FlashMintConfiguredMock	173123	173124	🟢 +1
ERC20FlashMintMock	158846	158847	🟢 +1
ERC20OptionalTransferPanicMock	135304	135307	🟢 +3
ERC20ReentrantMock	197945	197902	🔴 −43
ERC20TimestampVotesMock	299362	299363	🟢 +1
ERC20WrapperMock	167377	167378	🟢 +1
ERC2981AccessControlDefaultAdminRulesMock	142759	142760	🟢 +1
ERC2981AccessControlMock	120731	120732	🟢 +1
ERC2981Mock	41040	41041	🟢 +1
ERC2981OwnableMock	93472	93473	🟢 +1
ERC3156FlashBorrowerMock	25789	25790	🟢 +1
ERC4626AssetsFeesMock	433246	433247	🟢 +1
ERC4626ExternalVaultMock	297482	297483	🟢 +1
ERC4626LimitsMock	299149	299150	🟢 +1
ERC4626Mock	284443	284444	🟢 +1
ERC4626MockWithHooks	284737	284738	🟢 +1
ERC4626OffsetMock	297172	297173	🟢 +1
ERC4626SharesFeesMock	398351	398352	🟢 +1
ERC6909ContentURIMock	173503	173504	🟢 +1
ERC6909MetadataMock	199396	199397	🟢 +1
ERC6909Mock	108287	108288	🟢 +1
ERC6909MockWithHooks	115288	115289	🟢 +1
ERC6909TokenSupplyMock	113703	113704	🟢 +1
ERC721BlockNumberVotesMock	380897	380898	🟢 +1
ERC721ConsecutiveMultiBatchMock	265703	265714	🟢 +11
ERC721EnumerableMock	236494	236495	🟢 +1
ERC721MintableMock	163247	163248	🟢 +1
ERC721TimestampVotesMock	380855	380856	🟢 +1
ERC721URIStorageMock	283591	283552	🔴 −39
ERC721WrapperMock	222596	222597	🟢 +1
GovernorMock	488258	488259	🟢 +1
GovernorQuorumFractionMock	588510	588309	🔴 −201
GovernorTimelockedMock	588722	588646	🔴 −76
InitializableMock	9167	9168	🟢 +1
LegacyAccountMock	69683	67860	🔴 −1823
LegacyERC20VotesMock	215898	215899	🟢 +1
LinearVestingMock	102194	102167	🔴 −27
MockBitMap	37046	37047	🟢 +1
MockContract	8400	8401	🟢 +1
MockTrace	100600	100601	🟢 +1
MultisigTargetMock	9157	9158	🟢 +1
MultisigWalletMock	231235	231227	🔴 −8
NonImplementingMock	4165	4166	🟢 +1
NoncesMock	7019	7020	🟢 +1
PausableMock	17760	17735	🔴 −25
ReentrancyMock	33161	33162	🟢 +1
SRC5Mock	8385	8386	🟢 +1
SRC9AccountMock	126753	124855	🔴 −1898
SimpleMock	11950	11951	🟢 +1
SnakeAccountMock	72472	70559	🔴 −1913
SnakeERC1155Mock	193859	193860	🟢 +1
SnakeERC1155MockWithHooks	202533	202534	🟢 +1
SnakeERC20Mock	126949	126914	🔴 −35
SnakeERC20MockWithHooks	149483	149484	🟢 +1
SnakeERC721Mock	209754	209755	🟢 +1
SnakeERC721MockWithHooks	218393	218394	🟢 +1
SnakeEthAccountMock	97446	97447	🟢 +1
StepsVestingMock	106246	106164	🔴 −82
TimelockAttackerMock	23016	23017	🟢 +1
TimelockControllerMock	235936	235937	🟢 +1
UpgradesV1	24673	24614	🔴 −59
UpgradesV2	27157	27097	🔴 −60

This comment was generated automatically from benchmark diffs.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.tool-versions:
- Around line 1-3: The .tool-versions file currently pins scarb to 2.17.0-rc.2
which mismatches what starknet-foundry v0.58.1 expects (scarb 2.16.1) and also
overrides universal-sierra-compiler; update .tool-versions to align with Foundry
by setting scarb to 2.16.1 and remove (or comment/document) the
universal-sierra-compiler entry so Foundry’s bundled USC is used, or
alternatively add a short note in the repo documentation stating that scarb
2.17.0-rc.2 + universal-sierra-compiler override have been validated for this
project if you intend to keep the RC versions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 60d964d9-35eb-459d-a024-a41b1f5e987f

📥 Commits

Reviewing files that changed from the base of the PR and between 10c9d10 and 7b77bc1.

⛔ Files ignored due to path filters (1)

• Scarb.lock is excluded by !**/*.lock

📒 Files selected for processing (2)

• .tool-versions
• Scarb.toml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

`What is the official compatibility guidance (or release notes) for:

• scarb 2.17.0-rc.2
• cairo 2.17.0-rc.2
• starknet-foundry 0.58.1
• universal-sierra-compiler 2.8.0-rc.0
  Please provide sources from official repositories/docs and indicate whether this exact combination is supported.`

💡 Result:

Official compatibility / release guidance (from official repos/docs)

Scarb v2.17.0-rc.2

• Release notes state Scarb v2.17.0-rc.2 upgrades/bundles Cairo to v2.17.0-rc.2. [1]

Cairo v2.17.0-rc.2

• GitHub release exists for Cairo v2.17.0-rc.2 (released Mar 15, 2026), but the release entry itself provides no compatibility matrix beyond “Cairo compiler.” [2]

starknet-foundry v0.58.1

• Release notes for 0.58.1 (Apr 1, 2026) list fixes/additions, but do not declare a specific compatible Scarb/Cairo/USC version set. [3]
• The Starknet Foundry docs explicitly note (starting from 0.56.0) that snforge requires Scarb >= 2.12.0. This is the closest thing to “official compatibility guidance” for Scarb. [4]
• In the v0.58.1 repo, .tool-versions pins scarb 2.16.1 (suggesting what the project itself was developed/tested with at that tag). [5]

universal-sierra-compiler (USC) v2.8.0-rc.0

• Release exists for USC 2.8.0-rc.0 (Feb 19, 2026), but the GitHub release entry provides no detailed notes. [6]
• The USC README (at tag v2.8.0-rc.0) documents supported Sierra versions, listing 1.8.0, 1.7.0, 1.6.0, … etc. [7]
• Starknet docs state USC is bundled with Starknet Foundry (i.e., typically you don’t install it separately when using Foundry). [8]

---

Is this exact combination officially supported?

Not explicitly. There is no official statement (in the Scarb/Cairo/Foundry/USC release notes or docs above) that the specific quartet:

• scarb 2.17.0-rc.2 + cairo 2.17.0-rc.2 + starknet-foundry 0.58.1 + universal-sierra-compiler 2.8.0-rc.0

is a tested/supported combination.

What is explicitly supported/claimed:

• Scarb 2.17.0-rc.2 bundles Cairo 2.17.0-rc.2. [1]
• Foundry requires Scarb >= 2.12.0 (so 2.17.0-rc.2 satisfies the minimum), but Foundry 0.58.1 itself pins scarb 2.16.1 in .tool-versions and does not promise compatibility with the 2.17.0 release candidate line. [4][5]
• USC 2.8.0-rc.0 documents Sierra-version support (up to Sierra 1.8.0 per the README), but Foundry generally bundles USC and does not, here, claim support for overriding it with that specific RC build. [7][8]

Conclusion: this exact combo is not officially declared “supported”; it’s at best “likely to work” based on minimum constraints, but not something the official sources confirm as a validated set. [1][4][5][7][8]

---

Sources

[1] Scarb release notes v2.17.0-rc.2 (bundles Cairo v2.17.0-rc.2) (github.com)
[2] Cairo GitHub release v2.17.0-rc.2 (github.com)
[3] Starknet Foundry GitHub release v0.58.1 (github.com)
[4] Starknet Foundry book: snforge requires Scarb >= 2.12.0 (github.com)
[5] starknet-foundry tag v0.58.1 .tool-versions (pins scarb 2.16.1) (github.com)
[6] USC GitHub release list showing 2.8.0-rc.0 (github.com)
[7] USC README at v2.8.0-rc.0 (supported Sierra versions list) (github.com)
[8] Starknet docs: USC is bundled with Starknet Foundry (docs.starknet.io)

Citations:

• 1: https://github.com/software-mansion/scarb/releases
• 2: https://github.com/starkware-libs/cairo/releases/tag/v2.17.0-rc.2
• 3: https://github.com/foundry-rs/starknet-foundry/releases/tag/v0.58.1
• 4: https://github.com/foundry-rs/starknet-foundry/releases
• 5: https://github.com/foundry-rs/starknet-foundry/blob/v0.58.1/.tool-versions
• 6: https://github.com/software-mansion/universal-sierra-compiler/releases
• 7: https://github.com/software-mansion/universal-sierra-compiler/tree/v2.8.0-rc.0
• 8: https://docs.starknet.io/learn/cheatsheets/tools?utm_source=openai

---

🏁 Script executed:

#!/bin/bash
# Read-only check: ensure key pinned versions stay synchronized across config files.
# Expected: Scarb.toml and .tool-versions values for scarb/snforge_std(starknet-foundry) are aligned.

set -euo pipefail

echo "== Extract from Scarb.toml =="
SCARB_TOML_VERSION=$(rg -n '^scarb-version\s*=\s*".*"$' Scarb.toml | sed -E 's/.*"([^"]+)".*/\1/')
SNFORGE_STD_VERSION=$(rg -n '^snforge_std\s*=\s*".*"$' Scarb.toml | sed -E 's/.*"([^"]+)".*/\1/')
echo "scarb-version: ${SCARB_TOML_VERSION}"
echo "snforge_std: ${SNFORGE_STD_VERSION}"

echo
echo "== Extract from .tool-versions =="
SCARB_TOOL_VERSION=$(rg -n '^scarb\s+' .tool-versions | awk '{print $2}')
FOUNDRY_TOOL_VERSION=$(rg -n '^starknet-foundry\s+' .tool-versions | awk '{print $2}')
USC_TOOL_VERSION=$(rg -n '^universal-sierra-compiler\s+' .tool-versions | awk '{print $2}')
echo "scarb: ${SCARB_TOOL_VERSION}"
echo "starknet-foundry: ${FOUNDRY_TOOL_VERSION}"
echo "universal-sierra-compiler: ${USC_TOOL_VERSION}"

echo
echo "== Consistency checks =="
test "${SCARB_TOML_VERSION}" = "${SCARB_TOOL_VERSION}" && echo "OK: scarb versions match" || echo "MISMATCH: scarb versions differ"
test "${SNFORGE_STD_VERSION}" = "${FOUNDRY_TOOL_VERSION}" && echo "OK: snforge_std and starknet-foundry match" || echo "MISMATCH: snforge_std and starknet-foundry differ"

Repository: OpenZeppelin/cairo-contracts

Length of output: 359

---

Resolve the Scarb version mismatch with starknet-foundry 0.58.1.

starknet-foundry 0.58.1 pins scarb 2.16.1 in its own .tool-versions (see GitHub), but this repo pins scarb 2.17.0-rc.2—an RC version one release ahead. While Foundry requires only scarb >= 2.12.0, using an RC build (2.17.0) beyond what the dependency was developed/tested with risks subtle compile or runtime mismatches. Additionally, universal-sierra-compiler is normally bundled with Foundry and should not be overridden without explicit testing.

Either align with the versions Foundry 0.58.1 pins (scarb 2.16.1 + bundled USC), or document that the RC combination has been validated for your project.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.tool-versions around lines 1 - 3, The .tool-versions file currently pins
scarb to 2.17.0-rc.2 which mismatches what starknet-foundry v0.58.1 expects
(scarb 2.16.1) and also overrides universal-sierra-compiler; update
.tool-versions to align with Foundry by setting scarb to 2.16.1 and remove (or
comment/document) the universal-sierra-compiler entry so Foundry’s bundled USC
is used, or alternatively add a short note in the repo documentation stating
that scarb 2.17.0-rc.2 + universal-sierra-compiler override have been validated
for this project if you intend to keep the RC versions.

[immrsd]

LGTM

[immrsd]

Just want to make sure that this file got committed intentionally. Btw, what is the main reasoning for starting to track it?

[ericnordelo]

It is intentional, the reason being for the worfklow to get the universal-sierra-compiler 2.8.0-rc.0, since foundry uses the latest stable by default, and 2.7.0 doesn't support scarb 2.17.