Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@tokamak-network/deploy-v3
Advanced tools
This package includes a CLI script for deploying the latest Uniswap V3 smart contracts to any EVM (Ethereum Virtual Machine) compatible network.
This package vends a CLI for executing a deployment script that results in a full deployment of Uniswap Protocol v3.
Get the arguments for running the latest version of the script via npx @tokamak-network/deploy-v3 --help
.
As of v1.0.3
the arguments are:
> npx @tokamak-network/deploy-v3 --help
Usage: npx @tokamak-network/deploy-v3 [options]
Options:
-pk, --private-key <string> Private key used to deploy all contracts
-j, --json-rpc <url> JSON RPC URL where the program should be deployed
-ncl, --native-currency-label <string> Native currency label, e.g. ETH
-o, --owner-address <address> Contract address that will own the deployed artifacts after the script runs
-s, --state <path> Path to the JSON file containing the migrations state (optional) (default: "./state.json")
-g, --gas-price <number> The gas price to pay in GWEI for each transaction (optional)
-c, --confirmations <number> How many confirmations to wait for after each transaction (optional) (default: "2")
-V, --version output the version number
-h, --help display help for command
The script runs a set of migrations, each migration deploying a contract or executing a transaction. Migration state is
saved in a JSON file at the supplied path (by default ./state.json
).
To use the script, you must fund an address, and pass the private key of that address to the script so that it can construct and broadcast the deployment transactions.
The block explorer verification process (e.g. Etherscan) is specific to the network. For the existing deployments,
we have used the @nomiclabs/hardhat-etherscan
hardhat plugin in the individual repositories to verify the deployment addresses.
Note that in between deployment steps, the script waits for confirmations. By default, this is set to 2
. If the network
only mines blocks when the transactions is queued (e.g. a local testnet), you must set confirmations to 0
.
To run unit tests, run yarn test
.
For testing the script, run yarn start
.
To publish the script, first create a version: npm version <version identifier>
, then publish via npm publish
.
Don't forget to push your tagged commit!
We estimate 30M - 40M gas needed to run the full deploy script.
Delete state.json
before a fresh deploy. state.json
tracks which steps have already occurred. If there are any entries, the deploy script will attempt to pick up from the last step in state.json
.
Check out state.json
. It'll show you the final deployed addresses.
Depends on the confirmation times and gas parameter. The deploy script sends up to a total of 14 transactions.
You can file them in issues
on this repo and we'll try our best to respond.
FAQs
Deploy Uniswap V3 smart contracts
The npm package @tokamak-network/deploy-v3 receives a total of 0 weekly downloads. As such, @tokamak-network/deploy-v3 popularity was classified as not popular.
We found that @tokamak-network/deploy-v3 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.