Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
@digix/dao-contracts
Advanced tools
This repository contains the Ethereum Smart contracts for DigixDAO.
The following are the key dependencies for setting-up/testing DigixDAO:
Install all dependencies (in the dao-contracts
directory):
npm install
Compile using:
npm run compile
You may want to delete the build/
directory before re-compiling
We have written a script to simulate basic functionality of DigixDAO. This script can be run by:
npm run test:simulate
This runs the test/simulateDao.js
code. Re-usable javascript functions can
be located in test/setup.js
and test/daoHelpers.js
.
We are in progress of improving the test coverage of DigixDAO contracts. All tests can be
located in the test
directory, segregated by the storage
, service
and
interactive
layer. You can refer to this for an overview of how the tests work.
Before running any tests, you need to run Ganache, a development Ethereum instance, in a separate terminal:
npm run ganache
To test the interactive/DaoFundingManager
contract:
node_modules/.bin/truffle test test/DaoFundingManager.js
To test the storage
layer:
node_modules/.bin/truffle test test/storage/*
Note: The truffle configuration can be found in the
truffle.js
file. Ganache running locally is the development
network.
Doxity is a really cool tool to generate a static page for contract documentations.
Install dependencies for the doxity project
cd scripts/doxity/
npm install
After making modifications to the contracts (or adding Natspec), to compile the documentation from contracts
npm run docs:compile
To publish the compiled documentation into HTML pages
npm run docs:publish
To start the Gatsby server
npm run docs:server
You can now view the documentation at http://localhost:8000
The latest documentation based on the master
branch is available here
To understand how DigixDAO works, the best place to start is reading the Governance Model paper
Feel free to join our Discord channel, dgdao-governance
room, to talk about DigixDAO governance.
These are the absolutes/invariants of DigixDAO contracts. If you can make any of these absolutes false, you have found a bug in our contracts.
The contracts' functions have also been extensively commented on their purpose and expected behaviour. If those comments do not hold, it's highly likely that you have found a bug in our contracts.
Feel free to try to break our contracts and please contact us if you successfully find a bug.
We welcome pull requests from developers. We highly recommend interested developers to go through the DigixDAO Governance Model.
Most of our contracts have been documented extensively in their codes. This is an overview of what each contract does:
Most contracts implement the Resolver Client contract, whose addresses are securely fetched from one Contract Resolver.
The Storage layer contracts interact with Ethereum's persistent storage. They can only be used publicly to read from public
functions. All the functions that can update the state variables can only be called from specific DigixDAO smart contracts, for example, this. We try to include as less as possible logic in contracts under this layer. The storage layer contracts are:
The Interactive layer contracts can be called publicly. They contain DigixDAO's logic. DigixDAO's logic is segregated into multiple parts, namely:
Conditional checks and authorizing msg.sender
is done in the DaoCommon.sol contract.
FAQs
Smart contracts for DigixDAO
The npm package @digix/dao-contracts receives a total of 5 weekly downloads. As such, @digix/dao-contracts popularity was classified as not popular.
We found that @digix/dao-contracts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 12 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.