Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@exodus/assets-base
Advanced tools
[![npm][npm-image]][npm-url] [npm-image]: https://img.shields.io/npm/v/@exodus/assets-base.svg?style=flat-square [npm-url]: https://www.npmjs.com/package/@exodus/assets-base
This package aggregates all built-in asset metadata packages for use across all Exodus projects. Please limit the usage of this package to testing or places where it makes sense. It only makes sense when Custom Tokens or other dynamic asset features are not needed.
yarn add @exodus/assets-base
Token names for chains that support Custom Tokens are no longer chose, they need to be generated. Asset names for Custom Tokens are generated by the Custom Tokens Registry. Here we provide the ct
script for generating the asset names for inclusion into asset metadata libraries as built-in assets.
ct
yarn ct --network:<network> tokenAddress1 tokenAddress2 ....
Where <network>
one of solana
, ethereum
, bsc
, matic
...
It will print out the token metadata that should become part of assets-base tokens definitions file.
batch-token-generator
CMC_PRO_API_KEY
input.yml
(see asset-lis-sol-example.yml example) andyarn batch-token-generator <path-to-input.yml>
The script will output data to be pasted into asset metadata packages. The output may be out-of-date.
import assets from '@exodus/assets-base'
for (const [key, val] of Object.entries(assets)) {
console.log(`${key}: ${val.properName}`) // bitcoin: Bitcoin
}
From a technical point of view, a "token" is an asset:
asset.name !== asset.baseAsset.name
: it is a "non-primary" asset of the chainassetType
property: ETHEREUM_ERC20
, BINANCE_TOKEN
, SOLANA_TOKEN
.In some cases a token can be a "gas" token(feeAsset
): the asset used to pay for fees on the given network (e.g ontologygas, vethor, tfuel).
At UX level:
Assets are defined in the asset metadata packages. We have one asset metadata package per chain. Example: @exodus/ethereum-meta
for the Ethereum chain. These packages export objects with the following (partial) list of properties:
{
name: 'aeron_ethereum_deadbeef',
baseAssetName: 'ethereum',
feeAssetName: 'ethereum',
assetType: 'ETHEREUM_ERC20',
decimals: 8,
ticker: 'ARN',
tickerAlias: 'ARNv1',
tickerAliases: ['ARNv1'],
units: [ base: 0, [ticker]: 18 ]
displayName: 'Aeron',
displayTicker: 'ARN',
displayNetworkName: 'Ethereum',
displayNetworkTicker: 'ETH',
addresses: { current: '0xBA5F11b16B155792Cf3B2E6880E8706859A8AEB6' },
}
These attributes are defined as follows:
Attribute | Definition | Desktop Usage | Mobile Usage | Pricing Server/Exchange Usage |
---|---|---|---|---|
name | The unique identifier of the asset which is used by code in all wallets to reference specific assets. | :point_left: | :point_left: | name is notably, not used when making requests to the pricing and exchange servers; in those cases, ticker is used. See the ticker section below for details. |
displayName | The name of the asset, as displayed to the user in our wallets. | :point_left: | :point_left: | n/a |
decimals | Many assets support fractional values. They accomplish this by using a scaling factor denoted by the value of decimals. This value indicates how many zeroes there are to the right of the decimal point the fixed-point representation of a token. | :point_left: | :point_left: | n/a |
baseAssetName (optional) | The base asset name. This field only applies to tokens. The base asset of tokens is the primary asset of a blockchain. If this field is not defined it MUST fall back to name . This makes primary assets on chains without tokens their own base asset. E.g. the baseAssetName of ERC20 tokens on the Ethereum network is ethereum . E.g. the baseAssetName of bitcoin is bitcoin . | This field is mapped into an asset object to be accessed as asset.baseAsset | This field is mapped into an asset object to be accessed as asset.baseAsset | n/a |
feeAssetName (optional) | The fee asset name. This is intended to be set by assets where the fee asset is not the primary network asset. If not defined, this MUST fall back to baseAssetName . E.g. the feeAssetName on the Vechain network is vethor . is | This field is mapped into an asset object to be accessed as asset.feeAsset | This field is mapped into an asset object to be accessed as asset.feeAsset | n/a |
assetType | A type parameter so assets can be grouped. Used for grouping tokens of the same base asset. E.g. all Ethereum ERC20 tokens have a type value ETHEREUM_ERC20 | :point_left: | :point_left: | n/a |
ticker | A secondary unique identifier for assets. It is used for anything that requires the asset's symbol (eg: Bitcoin -> BTC). | On desktop it is not required to be unique in the code, however we should treat it as unique because of mobile and exchange usage. | In mobile, this attribute is used as a unique identifier to reference an asset. | In both cases, this attribute is used as an idenfiifer to reference a specific asset when interfacing with the exchange and pricing servers. Note that it is possible for two assets to have the same ticker - in these cases, the old attribute is used to differentiate between the two. |
displayTicker (optional) | The ticker we display to the user. This field MUST fall back to the value of ticker if not defined. It MAY only be used for display purposes. | :point_left: | :point_left: | n/a |
tickerAlias (optional) | This property is specific to Ethereum-like tokens (but may be ported to others). It updates the Unit object to recognize tickerAlias as the same unit as ticker . | :point_left: | :point_left: | n/a |
tickerAliases (optional) | This property is specific to Ethereum-like tokens (but may be ported to others). It behaves the same as tickerAlias except that it is an array of aliases. | :point_left: | :point_left: | n/a |
units | An array used to build the UnitType for this asset/token. The keys are the unit names and the values are the number of decimals. Thus the base value (integer) has zero (0) decimals. The number of keys and their names in the array are arbitrary but the ordering is not. The keys need to be ordered by the decimals number starting with zero and encreasing. By convention the last key should be the same as the ticker . Example for an asset with 8 decimals: [ base: 0, micro: 2, [ticker]: 8 ] | :point_left: | :point_left: | n/a |
displayNetworkName (optional) | The name of the network/blockchain of this asset. If not defined it MUST fall-back to the properName of the asset's baseAsset. It MAY only be used for display purposes. | :point_left: | :point_left: | n/a |
displayNetworkTicker (optional) | The short name of the network/blockchain of this asset. If not defined it MUST fall back to properTicker of the asset's baseAsset. It MAY only be used for display purposes. | :point_left: | :point_left: | n/a |
addresses | These are the contract addresses. They are used to detect transactions/balances/send. Without them then you wouldn't know how to look up which token this is on the ETH blockchain. | :point_left: | :point_left: | n/a |
Some notes on the above from @faris:
name
is required to be unique. No two assets can have the samename
. This is how assets are referenced.
ticker
is required to be unique. The requests to the pricing server and the exchange useticker
(updated by @feri).For the exchange specifically, if two assets have the same
ticker
, the wrong asset could activate on the exchange screen in the wallet. This would happen with mainnet swaps. For instance, theold
EOS would activate instead of the new EOS.
FAQs
Base level package for supporting Exodus assets.
The npm package @exodus/assets-base receives a total of 2,151 weekly downloads. As such, @exodus/assets-base popularity was classified as popular.
We found that @exodus/assets-base demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.