@sushiswap/bentobox - npm Package Compare versions

Comparing version 0.3.0 to 0.4.0

package.json

 {
-  "name": "@sushiswap/bentobox",
-  "version": "0.3.0",
-  "description": "BentoBox",
-  "main": "index.js",
-  "files": [
-    "contracts",
-    "deployments"
-  ],
-  "directories": {
-    "test": "test"
-  },
-  "scripts": {
-    "build": "hardhat compile",
-    "console": "hardhat console",
-    "mainnet:deploy": "hardhat --network mainnet deploy",
-    "mainnet:verify": "hardhat --network mainnet etherscan-verify --solc-input --license UNLICENSED",
-    "mainnet:export": "hardhat --network mainnet export",
-    "ropsten:deploy": "hardhat --network ropsten deploy",
-    "ropsten:verify": "hardhat --network ropsten etherscan-verify --solc-input --license UNLICENSED",
-    "ropsten:export": "hardhat --network ropsten export",
-    "kovan:deploy": "hardhat --network kovan deploy",
-    "kovan:export": "hardhat --network kovan export",
-    "kovan:verify": "hardhat --network kovan etherscan-verify --solc-input --license UNLICENSED",
-    "test": "hardhat test --deploy-fixture",
-    "test:coverage": "node --max-old-space-size=4096 ./node_modules/.bin/hardhat coverage",
-    "test:gas": "REPORT_GAS=true yarn test",
-    "prettier": "prettier --write test/**/*.js",
-    "lint": "yarn prettier && solhint -c .solhint.json 'contracts/**/*.sol'"
-  },
-  "husky": {
-    "hooks": {
-      "pre-push": "yarn lint && yarn test"
+    "name": "@sushiswap/bentobox",
+    "version": "0.4.0",
+    "description": "BentoBox",
+    "files": [
+        "abi",
+        "artifacts",
+        "contracts",
+        "deployments",
+        "exports",
+        "types"
+    ],
+    "directories": {
+        "test": "test"
+    },
+    "scripts": {
+        "build": "BUILD_ARTIFACTS=1 hardhat compile",
+        "console": "hardhat console",
+        "testnet:deploy": "yarn ropsten:deploy && yarn rinkeby:deploy && yarn goerli:deploy && yarn kovan:deploy && yarn moonbase:deploy && yarn arbitrum:deploy",
+        "mainnet:deploy": "hardhat --network mainnet deploy",
+        "mainnet:export": "hardhat --network mainnet export --export exports/mainnet.json",
+        "ropsten:deploy": "hardhat --network ropsten deploy",
+        "ropsten:export": "hardhat --network ropsten export --export exports/ropsten.json",
+        "rinkeby:deploy": "hardhat --network rinkeby deploy",
+        "rinkeby:export": "hardhat --network rinkeby export --export exports/rinkeby.json",
+        "goerli:deploy": "hardhat --network goerli deploy",
+        "goerli:export": "hardhat --network goerli export --export exports/goerli.json",
+        "kovan:deploy": "hardhat --network kovan deploy",
+        "kovan:export": "hardhat --network kovan export --export exports/kovan.json",
+        "moonbeam:deploy": "hardhat --network moonbase deploy",
+        "moonbeam:export": "hardhat --network moonbase export --export exports/moonbase.json",
+        "arbitrum:deploy": "hardhat --network arbitrum deploy",
+        "arbitrum:export": "hardhat --network arbitrum export --export exports/arbitrum.json",
+        "fantom:deploy": "hardhat --network fantom deploy",
+        "fantom:export": "hardhat --network fantom export --export exports/fantom.json",
+        "fantomtest:deploy": "hardhat --network fantomtest deploy",
+        "fantomtest:export": "hardhat --network fantomtest export --export exports/fantomtest.json",
+        "binance:deploy": "hardhat --network binance deploy",
+        "binance:export": "hardhat --network binance export --export exports/binance.json",
+        "binancetest:deploy": "hardhat --network binancetest deploy",
+        "binancetest:export": "hardhat --network binancetest export --export exports/binancetest.json",
+        "matic:deploy": "hardhat --network matic deploy",
+        "matic:export": "hardhat --network matic export --export exports/matic.json",
+        "mumbai:deploy": "hardhat --network mumbai deploy",
+        "mumbai:export": "hardhat --network mumbai export --export exports/mumbai.json",
+        "avalanche:deploy": "hardhat --network avalanche deploy",
+        "avalanche:export": "hardhat --network avalanche export --export exports/avalanche.json",
+        "fuji:deploy": "hardhat --network fuji deploy",
+        "fuji:export": "hardhat --network fuji export --export exports/fuji.json",
+        "huobi:deploy": "hardhat --network huobi deploy",
+        "huobi:export": "hardhat --network huobi export --export exports/huobi.json",
+        "huobitest:deploy": "hardhat --network huobitest deploy",
+        "huobitest:export": "hardhat --network huobitest export --export exports/huobitest.json",
+        "tomo:deploy": "hardhat --network tomo deploy",
+        "tomo:export": "hardhat --network tomo export --export exports/tomo.json",
+        "tomotest:deploy": "hardhat --network tomotest deploy",
+        "tomotest:export": "hardhat --network tomotest export --export exports/tomotest.json",
+        "export": "hardhat export --export-all exports/deployments.json",
+        "flatten": "hardhat flatten",
+        "test": "hardhat test",
+        "coverage": "cross-env COVERAGE=1 NODE_OPTIONS=\"--max-old-space-size=2048\" hardhat coverage",
+        "gas": "cross-env REPORT_GAS=true yarn test",
+        "prettier": "prettier --write *.js *.json test/**/*.js contracts/**/*.sol",
+        "docgen": "hardhat compile && hardhat docgen",
+        "lint": "yarn prettier && solhint -c .solhint.json 'contracts/**/*.sol'"
+    },
+    "husky": {
+        "hooks": {
+            "pre-push": "yarn lint && yarn test"
+        }
+    },
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/sushiswap/bentobox.git"
+    },
+    "author": "",
+    "license": "UNLICENSED",
+    "bugs": {
+        "url": "https://github.com/sushiswap/bentobox/issues"
+    },
+    "homepage": "https://github.com/sushiswap/bentobox#readme",
+    "devDependencies": {
+        "@codechecks/client": "^0.1.10",
+        "@nomiclabs/hardhat-ethers": "^2.0.1",
+        "@nomiclabs/hardhat-etherscan": "^2.1.1",
+        "@nomiclabs/hardhat-solhint": "^2.0.0",
+        "@nomiclabs/hardhat-waffle": "^2.0.1",
+        "@sushiswap/core": "github:sushiswap/sushiswap#d487cc7",
+        "@sushiswap/sdk": "5.0.0-canary.56",
+        "@tenderly/hardhat-tenderly": "^1.0.10",
+        "@uniswap/lib": "^2.2.0-alpha",
+        "@uniswap/v2-core": "^1.0.1",
+        "big-integer": "^1.6.48",
+        "chai": "^4.3.0",
+        "coveralls": "^3.1.0",
+        "cross-env": "^7.0.3",
+        "dotenv": "^8.2.0",
+        "ethereum-waffle": "^3.3.0",
+        "ethereumjs-util": "^7.0.7",
+        "ethers": "^5.0.31",
+        "hardhat": "^2.0.11",
+        "hardhat-abi-exporter": "^2.0.8",
+        "hardhat-dependency-compiler": "^1.0.0",
+        "hardhat-deploy": "^0.7.0-beta.46",
+        "hardhat-deploy-ethers": "^0.3.0-beta.7",
+        "hardhat-docgen": "^1.0.3",
+        "hardhat-gas-reporter": "^1.0.4",
+        "hardhat-preprocessor": "^0.1.2",
+        "hardhat-spdx-license-identifier": "^2.0.3",
+        "hardhat-typechain": "^0.3.4",
+        "hardhat-watcher": "^2.1.1",
+        "husky": "^4.3.6",
+        "mocha": "^8.2.1",
+        "prettier": "^2.2.1",
+        "prettier-plugin-solidity": "^1.0.0-beta.2",
+        "solc": "0.6.12",
+        "solhint": "^3.3.2",
+        "solhint-plugin-prettier": "^0.0.5",
+        "solidity-coverage": "^0.7.15",
+        "ts-generator": "^0.1.1",
+        "typechain": "^4.0.1",
+        "typechain-target-ethers-v5": "^5.0.1"
+    },
+    "dependencies": {
+        "@boringcrypto/boring-solidity": "boringcrypto/BoringSolidity#8f2b54f645a7844ae266cc50dc3ae4c125c7b9fc"
     }
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/sushiswap/bentobox.git"
-  },
-  "author": "",
-  "license": "UNLICENSED",
-  "bugs": {
-    "url": "https://github.com/sushiswap/bentobox/issues"
-  },
-  "homepage": "https://github.com/sushiswap/bentobox#readme",
-  "devDependencies": {
-    "@codechecks/client": "^0.1.10",
-    "@nomiclabs/hardhat-ethers": "^2.0.1",
-    "@nomiclabs/hardhat-etherscan": "^2.1.0",
-    "@nomiclabs/hardhat-solhint": "^2.0.0",
-    "@nomiclabs/hardhat-waffle": "^2.0.1",
-    "@sushiswap/core": "1.4.1",
-    "@tenderly/hardhat-tenderly": "^1.0.6",
-    "@uniswap/lib": "^2.2.0-alpha",
-    "@uniswap/v2-core": "^1.0.1",
-    "chai": "^4.2.0",
-    "coveralls": "^3.1.0",
-    "cross-env": "^7.0.3",
-    "dotenv": "^8.2.0",
-    "ethereum-waffle": "^3.2.1",
-    "ethereumjs-util": "^7.0.7",
-    "ethers": "^5.0.24",
-    "hardhat": "^2.0.5",
-    "hardhat-abi-exporter": "^2.0.6",
-    "hardhat-dependency-compiler": "^1.0.0",
-    "hardhat-deploy": "^0.7.0-beta.38",
-    "hardhat-deploy-ethers": "^0.3.0-beta.7",
-    "hardhat-gas-reporter": "^1.0.3",
-    "hardhat-preprocessor": "^0.1.1",
-    "hardhat-spdx-license-identifier": "^2.0.2",
-    "hardhat-watcher": "^2.0.0",
-    "husky": "^4.3.6",
-    "mocha": "^8.2.1",
-    "prettier": "^2.2.1",
-    "prettier-plugin-solidity": "^1.0.0-beta.2",
-    "solhint": "^3.3.2",
-    "solhint-plugin-prettier": "^0.0.5",
-    "solidity-coverage": "^0.7.12"
-  }
 }

README.md

 # BentoBox
 
-[![Coverage Status](https://coveralls.io/repos/github/sushiswap/bentobox/badge.svg?branch=master)](https://coveralls.io/github/sushiswap/bentobox?branch=master)
+[![Coverage Status](https://coveralls.io/repos/github/sushiswap/bentobox/badge.svg?branch=master&service=github)](https://coveralls.io/github/sushiswap/bentobox?branch=master)
 
@@ -14,16 +14,18 @@ Platforms like Compound and Aave allow users to deposit assets as collateral and borrow other assets against this. These protocols have attracted billions of dollars, but they suffer from some major limitations. Taking away these limitations could see much larger adoption. BentoBox aims to do just that.
 - The supplied assets can be used for flash loans, providing extra revenue for suppliers.
+- Strategies can provide additional revenue
 
 ## Docs
 
-[Development](docs/DEVELOPMENT.md)
+[Development](documentation/DEVELOPMENT.md)
 
-[Deployment](docs/DEPLOYMENT.md)
+[Deployment](documentation/DEPLOYMENT.md)
 
 ## Security
-Audits are being performed by Quantstamp and Peckshield
 
-We use [Slither](https://github.com/crytic/slither) for static analysis. Reports and comments are here:
+An early version was audited by PeckShield and partially by Quantstamp. The thoroughness wasn't overwhelming,
+which led to the creation of an internal audit checklist (see checks.txt in the docs folder).
 
-[BentoBox.sol](docs/Slither_BentoBox.md)
+Contracts are covered 100% by tests.
 
+Formal verification is done using Certora. All reported issues were fixed.
 
@@ -30,0 +32,0 @@ ## Licence

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Copyleft License

License

(Experimental) Copyleft license information was found.

Found 1 instance in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

Non-permissive License

License

(Experimental) A license not known to be considered permissive was found.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Copyleft License

License

(Experimental) Copyleft license information was found.

Found 1 instance in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

Non-permissive License

License

(Experimental) A license not known to be considered permissive was found.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

27864976

increased by1868.91%

Number of package files

442

increased by675.44%

Lines of code

190870

increased by1345.33%

Number of lines in readme file

34

increased by6.25%

Worsened metrics

Dependency count

1

increased byInfinity%

Dev dependency count

40

increased by25%

Number of high supply chain risk alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

2

increased by100%

Dependency changes

• + Added@boringcrypto/boring-solidity@boringcrypto/BoringSolidity#8f2b54f645a7844ae266cc50dc3ae4c125c7b9fc