Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
@hq20/contracts
Advanced tools
HQ20/contracts is a Solidity project with contracts, libraries and examples to help you build fully-featured distributed applications for the real world.
Disclaimer: The contracts are expected to be used as smart contract patterns for you to draw inspiration from, and for them to be easy to understand they have been kept deliberately simple. If you decide to reuse the contracts, or to copy and paste code in them, make sure that you look for and close the vulnerabilities. If you plan to go to the mainnet, please get a third party audit done.
At the time of this writing (May 2020
), this are the contents of this repository:
contracts ──┬─── access - Access Control Contracts, some of them built on top of `AccessControl.sol`
├─── classifieds - Example of a decentralized classifieds market for ERC721
├─── dao - Example of building a decentralized venture capital fund
├─── energy - Example of building a decentralized market for energy distribution
├─── exchange - The Uniswap decentralized market contracts, with solidity tests
├─── introspection - Example of using ERC165 to verify contract types before casting
├─── issuance - Example of an ICO, can be used as well for share issuances
├─── lists - Reusable implementations of different types of linked lists
├─── math - Reusable implementation of a lightweight fixed point math library
├─── state - Reusable implementation of a fully-featured state machine
├─── token - Token implementations, including a reusable dividend-bearing ERC20
├─── utils - Reusable library to cast between `uint` and `int`.
└─── voting - Example implementations of token-based and address-based votings
Use the package manager yarn to install dependencies.
$ yarn add @hq20/contracts
pragma solidity ^0.6.0;
import "@hq20/contracts/contracts/access/Roles.sol"
contract MyContract is Roles {
constructor() public Roles(msg.sender) {
// do something
}
}
Contracts go in contracts
, test files go in test
.
Inside the contracts folder the files are organized by topic and by type.
At the root of contracts
are directories for each one of the topics, containing the simplest implementations that are in a mature state.
For contracts that are under development there is a contracts/drafts
directory with the appropriate topic folders inside.
For contracts that are used for testing of libraries or internal methods there is a contracts/test
directory with the appropriate topic folders inside.
The test
directory replicates the structure of the contracts
directory.
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
As well as bug fixes, we will welcome updates to the basic contracts that make them even easier to understand, examples of contracts implementing a particular feature, or advanced contracts that put together a number of features into a complete use case.
Please make sure to update tests as appropriate.
FAQs
A set of reusable smart contracts from HQ20
The npm package @hq20/contracts receives a total of 1 weekly downloads. As such, @hq20/contracts popularity was classified as not popular.
We found that @hq20/contracts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.