Security News
PyPI Introduces Digital Attestations to Strengthen Python Package Security
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
@socket.tech/socket-plugs
Advanced tools
This project features a collection of applications built using Socket's data layer.
contracts
- Source code for the contracts.deployments
- Deployment addresses for the project, categorized by project type (SuperToken, SuperBridge).scripts
- Scripts for deploying, verifying contracts, and more.scripts/constants/projectConstants
- Project constants, categorized by project type (SuperToken, SuperBridge).src/enums
- Token and project enums.test
- Tests for the contracts.SuperToken SuperTokens are contracts that enable the creation of tokens on multiple chains. They function by locking/unlocking tokens on the initial chain using a Vault and minting/burning tokens on the destination chain using a Controller. More details on SuperTokens can be found here.
SuperBridge SuperBridges are contracts that allow Chains or AppChains to onboard assets and tokens from other chains. They use lock/unlock mechanisms on the source chain and mint/burn mechanisms on the destination chain. More details on SuperBridges can be found here.
Hook Contracts Hooks are extensions to the SuperBridge and SuperToken. They add additional functionality to the bridge or token and are invoked during the execution of a SuperBridge or SuperToken transaction.
Clone project and install dependencies.
git clone https://github.com/SocketDotTech/socket-plugs
Move to the repository folder and install dependencies.
cd socket-plugs
Install all dependencies.
yarn setup:all
To create a new project, run:
yarn project:new
Follow the prompts to create a new project. This will create a new project in scripts/constants/projectConstants/supertoken/projectname_<mainnet/testnet>.ts
or scripts/constants/projectConstants/superbridge/projectname_<mainnet/testnet>.ts
.
Note: SuperBridge allows custom setups where multiple tokens on the vault chain can be mapped to a single token on the app chain. For more information, refer to the Project Constants Help Guide section and contact the team for assistance.
Note: this scripts updates your .env to add relevant env variables. If you have anything sensitive/important in .env file, please take a backup first.
src/enums/existing-token-addresses.ts
file to add the address of the token on the destination chain (it may be needed to add the ChainSlug).Note: Ensure you have the correct environment variables set in your .env file. You need to set OWNER_SIGNER_KEY
and RPC URLs for the network you are deploying to.
To deploy the contracts, run:
yarn script:deploy
Note: based on the chain you may run into some rpc issues like intrinsic gas too low
, etc. while running the deploy script. We store network overrides in script/helpers/networks.ts
. You can add overrides for gasPrice, gasLimits to be used by all scripts. For example, if you are running the script for arbitrum sepolia, and it throw intrinsic gas too low
error, try increasing gas limit for arbitrum sepolia to 5 million and retry.
Add API keys for the block explorers you want to verify the contracts in the .env
file. You might also need to update the hardhat.config.ts
file to add the API keys for the block explorers you want to verify the contracts on.
Note: If you are verifying the contracts for SuperBridge on the destination chain, you need to update the hardhat.config.ts
file to add the network in liveNetworks
and to add your chain in customChains
.
To verify the contracts on a block explorer, you can use the following command:
yarn script:verify --network <your network>
Vault Chains - The chains where the token contract is already deployed, and the token will be locked/unlocked for bridging.
Controller Chains - The chains where the token is minted/burned.
Hooks - Hooks are plugins that can be added for extra functionality. We have 2 options for hooks right now:
Rate Limits - You can specify per token daily sending and receiving limits.
Integration Types - We have 3 options for integration types (Recommended: FAST)
Pool Count - This only applies for SuperBridge. Normally, we don't need to specify this and have a default value of 0.
Tests are run using the Forge tool of Foundry.
forge test
FAQs
Plugs built using socket's data layer
The npm package @socket.tech/socket-plugs receives a total of 0 weekly downloads. As such, @socket.tech/socket-plugs popularity was classified as not popular.
We found that @socket.tech/socket-plugs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.