Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
@sonastream/core
Advanced tools
Sona Protocol 
Website | Documentation | Releases | Twitter
Table of Contents
Requirements
Contracts
contracts
├── SonaReserveAuction.sol
├── SonaRewardToken.sol
├── SonaRewards.sol
├── access
│ ├── SonaAdmin.sol
│ └── SonaMinter.sol
├── interfaces
│ ├── IRewardGateway.sol
│ ├── ISonaReserveAuction.sol
│ ├── ISonaRewardToken.sol
│ └── IWETH.sol
├── test
│ ├── SonaReserveAuction.t.sol
│ ├── SonaRewardToken.t.sol
│ ├── SonaRewards.t.sol
│ ├── Util.sol
│ ├── access
│ │ └── SonaAdmin.t.sol
│ └── mock
│ ├── ContractBidderMock.sol
│ ├── ERC20Mock.sol
│ └── Weth9Mock.sol
└── utils
├── AddressableTokenId.sol
└── ZeroCheck.sol
Getting Started
Installation
- With git installed, run
git clone https://github.com/sonastream/core.git cdin tocore- Run
make install
Commands
To see all commands that can be run with make, check out the makefile command table
Headers
- Install https://github.com/transmissions11/headers
- Run
headers <insert-header> - Paste from your clipboard
Testing
To run tests, run the command make test. To change the logs verbosity, update the makefile' command with less or more v
Coverage
To get the test coverage, run make cover
Environment
Fill in your .env at your root with:
MNEMONIC=
ETHERSCAN_KEY=
TREASURY=
REDISTRIBUTION=
AUTHORIZER=
RPC_URL_GOERLI=
RPC_URL_SEPOLIA=
Deploying
| Command | Environment |
|---|---|
| make deploy_local | Local anvil (http://localhost:8546) |
| make deploy_sepolia | Sepolia |
Foundry and type definitions
When updating foundry modules, commit your changes locally and run forge install <package-name>. Then, update the remappings across the following files to allow builds, security scanning and goto definitions to work properly:
- slitherConfig.json
- .vscode/settings.json
- remappings.txt
Analyzers
The repo comes with two static analyzers for checking for security vulnerabiltiies and gas optimizations
| Command | Environment |
|---|---|
| make analyze | Runs solstat and outputs a report to reports/solstat_report.md |
| make sec | Runs slither and outputs a report to stdout |
Maintainers
FAQs
A set of contracts for the sona protocol
The npm package @sonastream/core receives a total of 51 weekly downloads. As such, @sonastream/core popularity was classified as not popular.
We found that @sonastream/core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 08 Mar 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025