setup

.env.dev

@@ -0,0 +1,16 @@
+PRIVATE_KEY_ANVIL_0=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
+PRIVATE_KEY_ALICE=0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d
+PRIVATE_KEY_BOB=0x5de4111afa1a4b94908f83103eb1f1706367c2e68ca870fc3fb9a804cdab365a
+
+DEPLOYER=0xfeB31F196D4d9115642c505C6efe95be0b75B664
+ANVIL_WALLET_1=0x5fFe7Feef21b5d31BE4Eab9a24ccD60d29a2eF7c
+ANVIL_WALLET_2=0x77e6f07B2fA3607e0aad5b56FDD8b11B06638e26
+
+PRIVATE_KEY=""
+
+ETHERSCAN_API_KEY=""
+POLYGONSCAN_API_KEY=""
+SEPOLIA_KEY=""
+MUMBAI_KEY=""
+MAINNET_KEY=""
+POLYGON_KEY=""

.github/workflows/coverage.yaml

@@ -0,0 +1,58 @@
+on:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    branches:
+      - "main"
+
+name: Coverage
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  coverage:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: './'
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Run coverage
+        run: forge coverage --report summary --report lcov
+
+      # To ignore coverage for certain directories modify the paths in this step as needed. The
+      # below default ignores coverage results for the test and script directories. Alternatively,
+      # to include coverage in all directories, comment out this step. Note that because this
+      # filtering applies to the lcov file, the summary table generated in the previous step will
+      # still include all files and directories.
+      # The `--rc lcov_branch_coverage=1` part keeps branch info in the filtered report, since lcov
+      # defaults to removing branch info.
+      - name: Filter directories
+        run: |
+          sudo apt update && sudo apt install -y lcov
+          lcov --remove lcov.info 'test/*' 'script/*' 'src/mocks/*' --output-file lcov.info --rc lcov_branch_coverage=1
+
+      # This step posts a detailed coverage report as a comment and deletes previous comments on
+      # each push. The below step is used to fail coverage if the specified coverage threshold is
+      # not met. The below step can post a comment (when it's `github-token` is specified) but it's
+      # not as useful, and this action cannot fail CI based on a minimum coverage threshold, which
+      # is why we use both in this way.
+      - name: Post coverage report
+        if: github.event_name == 'pull_request' # This action fails when ran outside of a pull request.
+        uses: romeovs/[email protected]
+        with:
+          delete-old-comments: true
+          lcov-file: ./lcov.info
+          github-token: ${{ secrets.GITHUB_TOKEN }} # Adds a coverage summary comment to the PR.
+
+      - name: Verify minimum coverage
+        uses: zgosalvez/github-actions-report-lcov@v2
+        with:
+          coverage-files: ./lcov.info
+          minimum-coverage: 100 # Set coverage threshold.

.github/workflows/lint.yaml

@@ -0,0 +1,46 @@
+on:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    branches:
+      - "main"
+
+name: Lint
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: './'
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Build contracts
+        run: |
+          forge --version
+          forge build --sizes
+          
+  lint:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: './'
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - run: npm install -g solhint
+      - run: solhint './src/**/*.sol'

.github/workflows/run-mythril.yaml

@@ -0,0 +1,45 @@
+name: Run Mythril Analysis
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: './'
+    strategy:
+      matrix:
+        python-version: ["3.10"]
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+      - uses: actions/cache@v3
+        with:
+          path: '**/node_modules'
+          key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
+      - name: Install node packages
+        run: yarn install
+      - name: Install minimal nightly rust build
+        uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: nightly
+      - run: rustup default nightly
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install mythril
+      - name: Run mythril analysis
+        run: |
+          myth analyze contracts/*.sol --solc-json helpers/static-analysis-remappings.json --execution-timeout 9000
+          

.github/workflows/run-slither.yaml

@@ -0,0 +1,61 @@
+name: Run Slither Analysis
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  run-slither:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: './'
+    strategy:
+      matrix:
+        python-version: ["3.10"]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with: 
+            node-version : 18.15
+      - uses: actions/cache@v3
+        with:
+          path: '**/node_modules'
+          key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
+      - name: Install node packages
+        run: yarn install
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: |
+            python -m pip install --upgrade pip
+            pip install slither-analyzer==0.8.3
+
+      - name: Run Slither
+        uses: crytic/[email protected]
+        id: slither
+        with:
+          node-version: 18.15
+          slither-config: ./slither.config.json
+          fail-on: medium
+          sarif: results.sarif
+          slither-version: 0.9.0
+          target: ./
+          slither-args: --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/
+
+      - name: Create/update checklist as PR comment
+        uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        with:
+          script: |
+            const script = require('.github/scripts/comment')
+            const header = '# Slither report'
+            const body = `${{ steps.slither.outputs.stdout }}`
+            await script({ github, context, header, body })

.github/workflows/scripts/comment.js

@@ -0,0 +1,26 @@
+module.exports = async ({ github, context, header, body }) => {
+    const comment = [header, body].join("\n");
+
+    const { data: comments } = await github.rest.issues.listComments({
+      owner: context.repo.owner,
+      repo: context.repo.repo,
+      issue_number: context.payload.number,
+    });
+
+    const botComment = comments.find(
+      (comment) =>
+        // github-actions bot user
+        comment.user.id === 41898282 && comment.body.startsWith(header)
+    );
+
+    const commentFn = botComment ? "updateComment" : "createComment";
+
+    await github.rest.issues[commentFn]({
+      owner: context.repo.owner,
+      repo: context.repo.repo,
+      body: comment,
+      ...(botComment
+        ? { comment_id: botComment.id }
+        : { issue_number: context.payload.number }),
+    });
+  };

.github/workflows/test.yaml

@@ -0,0 +1,39 @@
+name: test
+
+on:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    branches:
+      - "main"
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: './'
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: nightly
+
+      - name: Run Forge build
+        run: |
+          forge --version
+          forge build --sizes
+        id: build
+
+      - name: Run Forge tests
+        run: |
+          forge test -vvv
+        id: test

.gitignore

@@ -0,0 +1,17 @@
+# Compiler files
+cache/
+out/
+
+# Ignores development broadcast logs
+!/broadcast
+/broadcast/*/31337/
+/broadcast/**/dry-run/
+
+# Docs
+docs/
+
+# Dotenv file
+.env
+
+node_modules
+dist

.gitmodules

@@ -0,0 +1,12 @@
+[submodule "lib/forge-std"]
+	path = lib/forge-std
+	url = https://github.com/foundry-rs/forge-std
+	branch = v1.5.5
+[submodule "lib/openzeppelin-contracts-upgradeable"]
+	path = lib/openzeppelin-contracts-upgradeable
+	url = https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
+	branch = v4.8.3
+[submodule "lib/openzeppelin-contracts"]
+	path = lib/openzeppelin-contracts
+	url = https://github.com/Openzeppelin/openzeppelin-contracts
+	branch = v4.8.3

.solhint.json

@@ -0,0 +1,10 @@
+{
+    "extends": "solhint:recommended",
+    "plugins": [],
+    "rules": {
+      "compiler-version": ["error","0.8.20"],
+      "func-visibility": ["warn", { "ignoreConstructors": true }],
+      "avoid-suicide": "error",
+      "avoid-sha3": "warn"
+    }
+  }