Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@pimlico/erc20-paymaster
Advanced tools
PimlicoERC20Paymaster is an ERC-4337 Paymaster contract by Pimlico which is able to sponsor gas fees in exchange for ERC20 tokens. The contract refunds excess tokens if the actual gas cost is lower than the initially provided amount. It also allows updating price configuration and withdrawing tokens by the contract owner. The contract uses an Oracle to fetch the latest token prices.
The PimlicoERC20Paymaster contract inherits from BasePaymaster.
Deploy the PimlicoERC20Paymaster contract, providing the required parameters such as the ERC20 token, EntryPoint contract, and Oracle contract addresses. Update the price markup and price update threshold configurations if needed, using the updateConfig function. If necessary, the contract owner can withdraw tokens using the withdrawToken function. To update the token price, call the updatePrice function. For more information, please refer to the comments within the contract source code.
This repository uses both hardhat and foundry for development, and assumes you have already installed hardhat/foundry
Hardhat is used for gas metering and developing sdk.
npm install
Npx hardhat test
This will show results for the gas metering on different modes based on 1) refund 2) token payment limit 3) price update
note : first transaction is expensive because nonce increases 0 -> 1
Foundry is used for unit tests
forge install
forge test
forge coverage
This project is licensed under the GNU General Public License v3.0.
FAQs
A permissionless ERC20 Paymaster implementation by Pimlico
We found that @pimlico/erc20-paymaster demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.