Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@aave/deploy-v3
Advanced tools
[![npm (scoped)](https://img.shields.io/npm/v/@aave/deploy-v3)](https://www.npmjs.com/package/@aave/deploy-v3)
This Node.js repository contains the configuration and deployment scripts for the Aave V3 protocol core and periphery contracts. The repository makes use of hardhat
and hardhat-deploy
tools to facilitate the deployment of Aave V3 protocol.
Install Node.JS dependencies:
npm i
Compile contracts before running any other command, to generate Typechain TS typings:
npm run compile
To deploy Aave V3 in a Testnet network, copy the .env.example
into a .env
file, and fill the environment variables MNEMONIC
, and ALCHEMY_KEY
.
cp .env.example .env
Edit the .env
file to fill the environment variables MNEMONIC
, ALCHEMY_KEY
and MARKET_NAME
. You can check all possible pool configurations in this file.
nano .env
Run the deployments scripts and specify which network & aave market configs you wish to deploy.
HARDHAT_NETWORK=goerli npx hardhat deploy
You can use the environment variable FORK
with the network name to deploy into a fork.
FORK=main MARKET_NAME=Aave npx hardhat deploy
You can install the @aave/deploy-v3
package in your Hardhat project to be able to import deployments with hardhat-deploy
and build on top of Aave in local or testnet network.
To make it work, you must install the following packages in your project:
npm i --save-dev @aave/deploy-v3 @aave/core-v3 @aave/periphery-v3
Then, proceed to load the deploy scripts adding the externals
field in your Hardhat config file at hardhat.config.js|ts
.
# Content of hardhat.config.ts file
export default hardhatConfig: HardhatUserConfig = {
{...},
external: {
contracts: [
{
artifacts: 'node_modules/@aave/deploy-v3/artifacts',
deploy: 'node_modules/@aave/deploy-v3/dist/deploy',
},
],
},
}
After all is configured, you can run npx hardhat deploy
to run the scripts or you can also run it programmatically in your tests using fixtures:
import {getPoolAddressesProvider} from '@aave/deploy-v3';
describe('Tests', () => {
before(async () => {
// Set the MARKET_NAME env var
process.env.MARKET_NAME = "Aave"
// Deploy Aave V3 contracts before running tests
await hre.deployments.fixture(['market', 'periphery-post']);`
})
it('Get Pool address from AddressesProvider', async () => {
const addressesProvider = await getPoolAddressesProvider();
const poolAddress = await addressesProvider.getPool();
console.log('Pool', poolAddress);
})
})
npx hardhat --network XYZ etherscan-verify --api-key YZX
Path | Description |
---|---|
deploy/ | Main deployment scripts dir location |
├─ 00-core/ | Core deployment, only needed to run once per network. |
├─ 01-periphery_pre/ | Periphery contracts deployment, only need to run once per network. |
├─ 02-market/ | Market deployment scripts, depends of Core and Periphery deployment. |
├─ 03-periphery_post/ | Periphery contracts deployment after market is deployed. |
deployments/ | Artifacts location of the deployments, contains the addresses, the abi, solidity input metadata and the constructor parameters. |
markets/ | Directory to configure Aave markets |
tasks/ | Hardhat tasks to setup and review market configs |
helpers/ | Utility helpers to manage configs and deployments |
Please be aware that Aave V3 is under BSUL license as of 27 January 2023 or date specified at v3-license-date.aave.eth. The Licensor hereby grants you the right to copy, modify, create derivative works, redistribute, and make non-production use of the Licensed Work. Any exceptions to this license may be specified by Aave governance. This repository containing the deployment scripts for the Aave V3 smart contracts can only be used for local or testing purposes. If you wish to deploy to a production environment you can reach out to Aave Governance here.
FAQs
[![npm (scoped)](https://img.shields.io/npm/v/@aave/deploy-v3)](https://www.npmjs.com/package/@aave/deploy-v3)
We found that @aave/deploy-v3 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.