From 64203c70eeda587c4a36c8765d9d9a957a93323d Mon Sep 17 00:00:00 2001 From: Debugger022 Date: Wed, 29 Jan 2025 18:04:08 +0530 Subject: [PATCH 1/7] chore: add slither and remove yarn checksome update --- .github/workflows/cd.yaml | 4 +- .github/workflows/ci.yaml | 84 +++++++++++++++++++++++++++++++++------ 2 files changed, 72 insertions(+), 16 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index ff115014a..ded98c44b 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -21,9 +21,7 @@ jobs: cache: "yarn" - name: Install dependencies - # Hack to get around failing "ethereumjs-abi The remote archive doesn't match the expected checksum" error - run: YARN_CHECKSUM_BEHAVIOR=update yarn - + run: yarn - name: Build run: yarn build diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index dc476b058..a58c25e6c 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,6 +5,7 @@ on: pull_request: branches: [main, develop] workflow_dispatch: + jobs: lint: name: Lint @@ -20,8 +21,7 @@ jobs: cache: "yarn" - name: Install dependencies - # Hack to get around failing "ethereumjs-abi The remote archive doesn't match the expected checksum" error - run: YARN_CHECKSUM_BEHAVIOR=update yarn + run: yarn - name: Check linting of solidity and typescript run: yarn lint @@ -32,14 +32,16 @@ jobs: env: NODE_OPTIONS: --max-old-space-size=4096 steps: - - uses: actions/checkout@v2 + - name: Check out code + uses: actions/checkout@v2 - - uses: actions/setup-node@v2 + - name: Setup Node.js environment + uses: actions/setup-node@v2 with: node-version: 18 cache: "yarn" - - name: Install deps + - name: Install dependencies run: yarn - name: Run hardhat compile and tests coverage @@ -66,6 +68,67 @@ jobs: with: recreate: true path: code-coverage-results.md + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + contents: read + security-events: write + steps: + - name: Check out code + uses: actions/checkout@v2 + + - name: Setup Node.js environment + uses: actions/setup-node@v2 + with: + node-version: 18 + cache: "yarn" + + - name: Install dependencies + run: yarn + + - name: Build + run: yarn build + + - name: Set up Python environment + run: | + python3 -m venv .venv + source .venv/bin/activate + pip install slither-analyzer + + - name: Set up Solidity Compiler Version + run: | + source .venv/bin/activate + solc-select install 0.8.25 + solc-select use 0.8.25 + + - name: Debug Environment + run: | + source .venv/bin/activate + echo "Python Version:" + python3 --version + echo "Pip Version:" + pip --version + echo "Installed Python Packages:" + pip list + echo "Node Version:" + node -v + echo "Yarn Version:" + yarn -v + echo "Solidity Compiler Version:" + solc --version + + - name: Summary of static analysis + run: | + source .venv/bin/activate + slither contracts --print human-summary --solc-remaps "@openzeppelin=node_modules/@openzeppelin @venusprotocol=node_modules/@venusprotocol" + continue-on-error: true + + - name: High/Med/Low issues + run: | + source .venv/bin/activate + slither contracts --ignore-compile --solc-remaps "@openzeppelin=node_modules/@openzeppelin @venusprotocol=node_modules/@venusprotocol" + continue-on-error: true deploy: name: Deploy @@ -81,8 +144,7 @@ jobs: cache: "yarn" - name: Install dependencies - # Hack to get around failing "ethereumjs-abi The remote archive doesn't match the expected checksum" error - run: YARN_CHECKSUM_BEHAVIOR=update yarn + run: yarn - name: Build run: yarn build @@ -91,16 +153,13 @@ jobs: run: yarn hardhat deploy export-deployments: + name: Export Deployments runs-on: ubuntu-latest permissions: contents: write - steps: - name: Check out code uses: actions/checkout@v2 - with: - ref: ${{ github.head_ref }} - token: ${{ secrets.VENUS_TOOLS_TOKEN }} - name: Setup Node.js environment uses: actions/setup-node@v2 @@ -109,8 +168,7 @@ jobs: cache: "yarn" - name: Install dependencies - # Hack to get around failing "ethereumjs-abi The remote archive doesn't match the expected checksum" error - run: YARN_CHECKSUM_BEHAVIOR=update yarn + run: yarn - name: Export deployments run: | From bc978290d4e5bb5305e7398dae3755ee7a8fe851 Mon Sep 17 00:00:00 2001 From: Debugger022 Date: Wed, 29 Jan 2025 18:10:59 +0530 Subject: [PATCH 2/7] chore: update yarn.lock --- yarn.lock | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/yarn.lock b/yarn.lock index 42fb305e9..4185dde4b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3398,7 +3398,24 @@ __metadata: languageName: node linkType: hard -"@venusprotocol/isolated-pools@^3.4.0, @venusprotocol/isolated-pools@workspace:.": +"@venusprotocol/isolated-pools@npm:^3.4.0": + version: 3.8.0 + resolution: "@venusprotocol/isolated-pools@npm:3.8.0" + dependencies: + "@nomiclabs/hardhat-ethers": ^2.2.3 + "@openzeppelin/contracts": ^4.8.3 + "@openzeppelin/contracts-upgradeable": ^4.8.3 + "@openzeppelin/hardhat-upgrades": ^1.21.0 + "@solidity-parser/parser": ^0.13.2 + "@venusprotocol/solidity-utilities": 2.0.3 + ethers: ^5.7.0 + hardhat-deploy: ^0.11.14 + module-alias: ^2.2.2 + checksum: 2f1713fac1049d03456d46164673e8d1a3e222bb20daede6cf7162e414bbb5113fa1085ecdb63eb7161743b450e345fd64baa395ab0a77147cb154697a739b3c + languageName: node + linkType: hard + +"@venusprotocol/isolated-pools@workspace:.": version: 0.0.0-use.local resolution: "@venusprotocol/isolated-pools@workspace:." dependencies: From b721b49b65d8e394a5296c778bc7cdaaa005a37a Mon Sep 17 00:00:00 2001 From: Debugger022 Date: Wed, 12 Feb 2025 16:57:29 +0530 Subject: [PATCH 3/7] chore: update slither script --- .github/workflows/ci.yaml | 44 +++++++++++++++++++++++++ analyze.sh | 67 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 111 insertions(+) create mode 100644 analyze.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a58c25e6c..371c5d6ff 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -130,6 +130,50 @@ jobs: slither contracts --ignore-compile --solc-remaps "@openzeppelin=node_modules/@openzeppelin @venusprotocol=node_modules/@venusprotocol" continue-on-error: true + slither-analysis: + runs-on: ubuntu-latest + permissions: + contents: read + security-events: write + + steps: + - name: 📥 Check out code + uses: actions/checkout@v4 + + - name: 🛠️ Set up Node.js environment + uses: actions/setup-node@v4 + with: + node-version: 18 + cache: "yarn" + + - name: 📦 Install dependencies + run: | + cd packages/smart-contracts + yarn install + + - name: 🏗️ Build project + run: | + cd packages/smart-contracts + yarn build + + - name: 🐍 Set up Python environment + run: | + python3 -m venv .venv + source .venv/bin/activate + pip install slither-analyzer + + - name: Set up Solidity Compiler Version + run: | + source .venv/bin/activate + solc-select install 0.8.25 + solc-select use 0.8.25 + + - name: 🔍 Run Solidity Static Analysis + run: | + source .venv/bin/activate + chmod +x analyze.sh + bash analyze.sh + deploy: name: Deploy runs-on: ubuntu-22.04 diff --git a/analyze.sh b/analyze.sh new file mode 100644 index 000000000..baab00e69 --- /dev/null +++ b/analyze.sh @@ -0,0 +1,67 @@ +#!/bin/bash + +# Function to extract Solidity version from a contract file +get_solidity_version() { + grep -Eo "pragma solidity \^?[0-9]+\.[0-9]+\.[0-9]+" "$1" | awk '{print $3}' | head -n 1 | tr -d '^' +} + +# Check if Slither and solc-select are installed +if ! command -v slither &> /dev/null; then + echo "❌ Error: Slither is not installed. Install it with: pip install slither-analyzer" + exit 1 +fi + +if ! command -v solc-select &> /dev/null; then + echo "❌ Error: solc-select is not installed. Install it from: https://github.com/crytic/solc-select" + exit 1 +fi + +# Set the contract directory (modify this path if needed) +CONTRACT_DIR="./contracts" + +# Check if contract directory exists +if [ ! -d "$CONTRACT_DIR" ]; then + echo "❌ Error: Contract directory '$CONTRACT_DIR' not found!" + exit 1 +fi + +echo "🔍 Searching for Solidity files in '$CONTRACT_DIR'..." + +# Create a list to track installed versions +installed_versions=() + +# Find and process each Solidity file +find "$CONTRACT_DIR" -type f -name "*.sol" | while read -r contract; do + sol_version=$(get_solidity_version "$contract") + + if [ -z "$sol_version" ]; then + echo "⚠️ Warning: Could not detect Solidity version in $contract" + continue + fi + + echo "🔹 Detected Solidity version: $sol_version for contract: $contract" + + # Remove `^` from version if present + sol_version_cleaned=$(echo "$sol_version" | tr -d '^') + + # Check if version is already installed + if [[ ! " ${installed_versions[@]} " =~ " $sol_version_cleaned " ]]; then + echo "📥 Installing Solidity compiler version $sol_version_cleaned..." + solc-select install "$sol_version_cleaned" + installed_versions+=("$sol_version_cleaned") + fi + + echo "🔄 Switching to Solidity $sol_version_cleaned..." + solc-select use "$sol_version_cleaned" + + # Run Slither analysis + echo "🔍 Running Slither on $contract..." + slither "$contract" --solc-remaps "@openzeppelin=node_modules/@openzeppelin @venusprotocol=node_modules/@venusprotocol" + + echo "✅ Analysis complete for $contract" +done + +echo "🎉 Static analysis completed for all Solidity files!" + + + From 59cbb20d7c6ed5ddf8e9986c116467592fcedd71 Mon Sep 17 00:00:00 2001 From: Debugger022 Date: Wed, 12 Feb 2025 17:02:05 +0530 Subject: [PATCH 4/7] chore: update CI.yaml file --- .github/workflows/ci.yaml | 63 +-------------------------------------- 1 file changed, 1 insertion(+), 62 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d2e8ad29d..4764df6f1 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -68,68 +68,7 @@ jobs: with: recreate: true path: code-coverage-results.md - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - contents: read - security-events: write - steps: - - name: Check out code - uses: actions/checkout@v2 - - - name: Setup Node.js environment - uses: actions/setup-node@v2 - with: - node-version: 18 - cache: "yarn" - - - name: Install dependencies - run: yarn - - - name: Build - run: yarn build - - - name: Set up Python environment - run: | - python3 -m venv .venv - source .venv/bin/activate - pip install slither-analyzer - - - name: Set up Solidity Compiler Version - run: | - source .venv/bin/activate - solc-select install 0.8.25 - solc-select use 0.8.25 - - - name: Debug Environment - run: | - source .venv/bin/activate - echo "Python Version:" - python3 --version - echo "Pip Version:" - pip --version - echo "Installed Python Packages:" - pip list - echo "Node Version:" - node -v - echo "Yarn Version:" - yarn -v - echo "Solidity Compiler Version:" - solc --version - - - name: Summary of static analysis - run: | - source .venv/bin/activate - slither contracts --print human-summary --solc-remaps "@openzeppelin=node_modules/@openzeppelin @venusprotocol=node_modules/@venusprotocol" - continue-on-error: true - - - name: High/Med/Low issues - run: | - source .venv/bin/activate - slither contracts --ignore-compile --solc-remaps "@openzeppelin=node_modules/@openzeppelin @venusprotocol=node_modules/@venusprotocol" - continue-on-error: true - + slither-analysis: runs-on: ubuntu-latest permissions: From 644ad1c421b88cc6fad9eda7d643d3fe158fde63 Mon Sep 17 00:00:00 2001 From: Debugger022 Date: Wed, 12 Feb 2025 17:04:08 +0530 Subject: [PATCH 5/7] chore: update CI.yaml file --- .github/workflows/ci.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4764df6f1..993519b47 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -87,12 +87,10 @@ jobs: - name: 📦 Install dependencies run: | - cd packages/smart-contracts yarn install - name: 🏗️ Build project run: | - cd packages/smart-contracts yarn build - name: 🐍 Set up Python environment From b253d553874f7826c6f2a2373d4189f0672f2f55 Mon Sep 17 00:00:00 2001 From: Debugger022 Date: Wed, 12 Feb 2025 17:18:30 +0530 Subject: [PATCH 6/7] chore: lint fixes --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 993519b47..ba9913585 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -68,7 +68,7 @@ jobs: with: recreate: true path: code-coverage-results.md - + slither-analysis: runs-on: ubuntu-latest permissions: From 1f2afb1da7e5b40bb64a103edd333259c757d72a Mon Sep 17 00:00:00 2001 From: Debugger022 Date: Wed, 12 Feb 2025 17:41:57 +0530 Subject: [PATCH 7/7] fix: pr comments --- .github/workflows/ci.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ba9913585..3b3740535 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -141,6 +141,9 @@ jobs: steps: - name: Check out code uses: actions/checkout@v2 + with: + ref: ${{ github.head_ref }} + token: ${{ secrets.VENUS_TOOLS_TOKEN }} - name: Setup Node.js environment uses: actions/setup-node@v2