Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
core-artifacts
Advanced tools
Maple is a decentralized corporate credit market. Maple provides capital to institutional borrowers through globally accessible fixed-income yield opportunities.
For Borrowers, Maple offers transparent and efficient financing done entirely on-chain.
For Liquidity Providers, Maple offers a sustainable yield source through professionally managed lending pools.
MPL-<liquidityAsset>
50-50 Balancer Pool Tokens (BPTs) providing reserve capital against loan defaults (E.g., MPL-USDC 50-50 BPTs for USDC Pools)For Pool Delegates, Maple is a vehicle to attract funding and earn performance fees.
For all technical documentation related to the Maple protocol, please refer to the GitHub wiki.
git clone git@github.com:maple-labs/maple-core.git
cd maple-core
dapp update
To create a new config.json file, use DAPP_SRC=contracts dapp mk-standard-json | pbcopy
and then paste that into a new file. If using deployed libraries, make sure to add
export DAPP_LIBRARIES=" contracts/libraries/loan/v1/LoanLib.sol:LoanLib:0x51A189ccD2eB5e1168DdcA7e59F7c8f39AA52232 contracts/libraries/pool/v1/PoolLib.sol:PoolLib:0x2c1C30fb8cC313Ef3cfd2E2bBf2da88AdD902C30"
in that format (space delimited with a space at the beginning) with relevant libraries and addresses.
make test
(runs ./test.sh
)./test.sh <test_name>
(e.g. ./test.sh test_fundLoan
)To alter number of fuzz runs, change the --fuzz-runs
flag in test.sh
. Note: Number of --fuzz-runs
in test.sh
should remain constant on push. Only change for local testing if needed.
Auditor | Report link |
---|---|
Peckshield | PeckShield-Audit-Report-Maple-v1.0 |
Code Arena | Code Arena April 2021 Audit |
Dedaub (before v1.0.0 release commit) | Dedaub-Audit-Report-Maple-Core |
FAQs
Consist artifacts of the maple protocol
The npm package core-artifacts receives a total of 7 weekly downloads. As such, core-artifacts popularity was classified as not popular.
We found that core-artifacts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.