Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@samwitch/erc1155-orderbook
Advanced tools
Readme
This efficient order book utilises the BokkyPooBahsRedBlackTreeLibrary
library for sorting prices allowing O(log n)
for tree segment insertion, traversal, and deletion. It supports batch orders and batch cancelling, ERC2981
royalties, and a dev and burn fee on each trade.
It is kept gas efficient by packing data in many areas:
uint24
quantity + uint40
order id) into a 256bit word giving a 4x improvement compared to using 1 storage slot per orderThe order book is kept healthy by requiring a minimum quantity that can be added - partial quantities can still be taken from the order book. Cancelling orders shifts all entries at that price level to remove gaps.
Constraints:
While this order book was created for ERC1155
NFTs it could be adapted for ERC20
tokens.
Potential improvements:
To start copy the .env.sample
file to .env
and fill in PRIVATE_KEY
at a minimum (starts with 0x
).
yarn install
# To compile the contracts
yarn compile
# To run the tests
yarn test
# To get code coverage
yarn coverage
# To deploy all contracts
yarn deploy --network <network>
yarn deploy --network fantom_testnet
# Export abi
yarn abi
# To fork or open a node connection
yarn fork
yarn fork --fork <rpc_url>
yarn fork --fork https://rpc.ftm.tools
# To impersonate an account on a forked or local blockchain for debugging
yarn impersonate
FAQs
EFficient on-chain orderbook for ERC1155 tokens
We found that @samwitch/erc1155-orderbook demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.