Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@chimera-monorepo/contracts
Advanced tools
Chimera Smart Contracts Package
Prerequisites
Install foundry or update with foundryup.
Run:
yarn workspace @chimera-monorepo/contracts forge cleanyarn workspace @chimera-monorepo/contracts forge installyarn workspace @chimera-monorepo/contracts forge build
Scripts configuration
Protocol variables
The protocol variables for contracts deployment and configuration are fetched from the environment files located at script/<environment> (e.g. TestnetStaging.sol).
The TestnetStaging.sol environment file defines the following contracts:
DefaultValuesfor the default protocol variables (e.g. epoch length, expiry time buffer, etc)TestnetAssetsfor the staging assets addressesTestnetStagingDomainsfor the environment domains and their details and addressesTestnetStagingEnvironmentfor defining theEverclearHubinitialization parameters
Domains
The domains to be used must be configured in:
script/<environment>.sol(the domains for a specific environment)cli/config/domains.json(all the domains for all environments)
In domains.json, the declared domains follow the following interface:
interface Domain {
name: string;
id: number;
rpc: string;
verifierUrl?: string;
verifierAPIKey?: string;
maxBlockGasLimit: number;
environment: Environment;
realm: Realm;
owner?: Address; // viem address type
}
enum Environment {
TESTNET_STAGING = 'TestnetStaging',
MAINNET_STAGING = 'MainnetStaging',
TESTNET_PRODUCTION = 'TestnetProduction',
MAINNET_PRODUCTION = 'MainnetProduction',
}
enum Realm {
HUB = 'hub',
SPOKE = 'spoke',
}
Deployments
To be able to interact with deployed contracts these must be declared in:
cli/config/hub.jsonfor theEverclearHubcontractscli/config/spoke.jsonfor theEverclearSpokecontracts
Both follow the following interface:
interface Contract {
address: Address; // viem address type
domainName: string;
domainId: number;
}
Assets
To whitelist and update asset configurations these must be declared in:
cli/config/assets/<environment>.jsonfor listing all the assets for an environmentscript/assets/<environment>/<asset_symbol>.solfor the actual adopted and fees configuration
In cli/config/assets/<environment>.json the assets follow the interface:
interface Asset {
symbol: string;
contractName: string;
}
Using the script CLI
For each task, the CLI will ask the user to select options or input values. In order for it to work properly, the necessary domains, contracts and protocol arguments must be previously configured in the files explained ut supra.
Before running each script, the user will be asked to choose the account to broadcast from. All private keys defined in .env will be fetched no matter their variable name (without exposing any value) and shown as options to choose from.
To start the CLI tool run:
$ yarn cli
This will show the user the following options:
- deploy Hub or Spoke contracts
- setup domains and gateways
- update protocol variables
- set / update asset configuration
Deploy Contracts
Steps:
- choose between Hub or Spoke contracts
- choose environment
- choose domain to deploy to (if there is only one domain, that one will be used)
- choose the private key to broadcast from
- choose if the run must be broadcasted or dry ran
- after deployment, update the
deployments/<environment>/<domain>/<contract>.jsonfile with the newaddress,startBlock, andabi(usually inout/<contract>.sol)
Note: if deployments fail, it may be due to an out of gas error. This can be resolved by running the forge script command with the --gas-estimate-multiplier set higher (e.g. 300 for 3x the estimate, default is 130).
Setup hub domains and gateways
Steps:
- Deploy the hub contracts
- Update the environment file in
script/<environment>.sol
Update protocol variable
Steps:
- choose between Hub or Spoke contracts
- choose environment
- choose domain
- choose the variable to update and input the required arguments
- choose the private key to broadcast from
- choose if the run must be broadcasted or dry ran
Set / update asset configuration
Steps:
- choose environment
- choose the asset to setup or update (fetched from
cli/config/assets/<environment>.json) - choose the private key to broadcast from
- choose if the run must be broadcasted or dry ran
FAQs
Smart contracts for Everclear
The npm package @chimera-monorepo/contracts receives a total of 64 weekly downloads. As such, @chimera-monorepo/contracts popularity was classified as not popular.
We found that @chimera-monorepo/contracts demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 Jan 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025