Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@circles/circles-contracts
Advanced tools
circles-contracts
Smart Contracts for Circles UBI
Ethereum Smart Contracts for the Circles UBI system: A decentralised Universal Basic Income platform based on personal currencies.
Basic design
There are several components:
Token contract
This is derived from standard ERC20 implementations, with two main differences: The ability to mint UBI to the token owner, and the hubTransfer function that allows transitive transfers. Token contracts store the address of the Hub that deployed them, and can only transact transitively with tokens from the same hub. Tokens have owners, which can be an external account or any kind of contract - in our deployment, they are Gnosis Safes.
Hub contract
This is the location of system-wide variables and the trust graph. It has special permissions on all tokens that were deployed through it and have authorized it to perform transitive exchanges. All the parameters in a Hub are immutable and it has no owner.
Illustrated here are some of the main available calls:
signupmethod of theHubdeploys a Circles token- Safe or external accounts make trust connections within the hub with the trust method
- Users send transitive transactions with the hub, which has special permissions on tokens
Installation
npm i @circles/circles-contracts
Requires Node version 14.
Development
Requires Node version 14. You can change your node version to the tested version with nvm use.
Install all required dependencies via npm install.
npm test will re-build the contracts / tests and run all of the tests in the test directory.
Tests are executed with the help of Truffle and written in javascript using Mocha with the Chai assertion library.
When you run npm test a new local blockchain will be started with ganache-cli (unless you already have one running). The contracts will be deployed and the javascript tests will make transactions to this chain.
Helper functions defined in test/helpers provides functionality for more complicated tests such as: reading the event log, or checking for an EVM "revert / throw", or changing the blockstamp times.
Note that: We commit the build dir on purpose, because the rest of our stack pulls this repo in from npm and gets the abis from them.
License
GNU Affero General Public License v3.0 AGPL-3.0
FAQs
Unknown package
We found that @circles/circles-contracts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 07 Jun 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025