Security News
Django Joins curl in Pushing Back on AI Slop Security Reports
Django has updated its security policies to reject AI-generated vulnerability reports that include fabricated or unverifiable content.
By Sarah Gooding - Jun 30, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@across-protocol/contracts-v2
Advanced tools
Contains smart contract suite to enable instant token transfers between any two networks. Relays are backstopped by
liquidity held in a central HubPool on Ethereum, which also serves as the cross-chain administrator of all contracts in the
system. SpokePool contracts are deployed to any network that wants to originate token deposits or be the final
destination for token transfers, and they are all governed by the HubPool on Ethereum.
This contract set is the second iteration of the Across smart contracts which facilitate token transfers from any L2 to L1.
These contracts were audited by OpenZeppelin which is a great resource for understanding the contracts.
This video is also useful for understanding the technical architecture.
Build
yarn
yarn hardhat compile
Test
yarn test # Run unit tests without gas analysis
yarn test:gas-analytics # Run only tests that count gas costs
yarn test:report-gas # Run unit tests with hardhat-gas-reporter enabled
Lint
yarn lint
yarn lint-fix
Deploy and Verify
NODE_URL_1=https://mainnet.infura.com/xxx yarn hardhat deploy --tags HubPool --network mainnet
ETHERSCAN_API_KEY=XXX yarn hardhat etherscan-verify --network mainnet --license AGPL-3.0 --force-license --solc-input
Slither
Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.
Spire-Contracts has been analyzed using Slither@0.9.2 and no major bugs was found. To rerun the analytics, run:
slither contracts/SpokePool.sol
\ --solc-remaps @=node_modules/@
\ --solc-args "--optimize --optimize-runs 1000000"
\ --filter-paths "node_modules"
\ --exclude naming-convention
You can replace SpokePool.sol with the specific contract you want to analyze.
ZK Sync Adapter
These are special instructions for compiling and deploying contracts on zksync. The compile command will create artifacts-zk and cache-zk directories.
Compile
This step requires Docker Desktop to be running, as the solc docker image is fetched as a prerequisite.
yarn compile-zksync
FAQs
The latest contract deployments on Production will always be under the `deployed` tag.
The npm package @across-protocol/contracts-v2 receives a total of 814 weekly downloads. As such, @across-protocol/contracts-v2 popularity was classified as not popular.
We found that @across-protocol/contracts-v2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 30 May 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ECMAScript 2025 Finalized with Iterator Helpers, Set Methods, RegExp.escape, and More
ECMAScript 2025 introduces Iterator Helpers, Set methods, JSON modules, and more in its latest spec update approved by Ecma in June 2025.
By Sarah Gooding - Jun 26, 2025
Security News
Node.js Homepage Adds Paid Support Link, Prompting Contributor Pushback
A new Node.js homepage button linking to paid support for EOL versions has sparked a heated discussion among contributors and the wider community.
By Sarah Gooding - Jun 25, 2025