Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
synthetix
Advanced tools
Synthetix is a crypto-backed synthetic asset platform.
It is a multitoken system, powered by SNX, the Synthetix Network Token. SNX holders can lock SNX to issue Synths, on-chain synthetic assets. The network currently supports seven synthetic assets, sUSD (Synthetic USD), sAUD, sEUR, sGBP, sJPY, sKRW, sXAU (a synthetic gold ounce) and sXDR (a basket of synthetic currencies).
Synthetix uses a proxy system so that upgrades will not be disruptive to the functionality of the contract. This smooths user interaction, since new functionality will become available without any interruption in their experience. It is also transparent to the community at large, since each upgrade is accompanied by events announcing those upgrades.
Prices are currently introduced into the blockchain by a trusted oracle. A parallel avenue of research is the ongoing decentralisation of this price oracle.
Please note that this repository is under development.
The code here will be under continual audit and improvement as the project progresses.
A note on the branches used in this repo.
master
represents the contracts live on mainnet
and all testnets.alpha
is for the newest version of contracts, and is reserved for deploys to kovan
beta
is for promoted alpha contracts, and is reserved for deploys to rinkeby
release-candidate
is for promoted beta contracts, and is reserved for deploys to ropsten
When a new version of the contracts makes its way through all testnets, it eventually becomes promoted in master
, with semver reflecting contract changes in the major
or minor
portion of the version (depending on backwards compatibility). patch
changes are simply for changes to the JavaScript interface.
const snx = require('synthetix');
// retrieve an object detailing the contract deployed to the given network.
snx.getTarget({ network: 'rinkeby', contract: 'ProxySynthetix' });
/*
{
name: 'ProxySynthetix',
address: '0x322A3346bf24363f451164d96A5b5cd5A7F4c337',
source: 'Proxy',
link: 'https://rinkeby.etherscan.io/address/0x322A3346bf24363f451164d96A5b5cd5A7F4c337',
timestamp: '2019-03-06T23:05:43.914Z',
network: 'rinkeby'
}
*/
// retrieve an object detailing the contract ABI and bytecode
snx.getSource({ network: 'rinkeby', contract: 'Proxy' });
/*
{
bytecode: '0..0',
abi: [ ... ]
}
*/
// retrieve the array of synths used
snx.getSynths({ network: 'rinkeby' }).map(({ name }) => name);
// ['XDR', 'sUSD', 'sEUR', ...]
Same as above but as a CLI tool that outputs JSON:
npx synthetix target --network rinkeby --contract ProxySynthetix
# {
# "name": "ProxySynthetix",
# "address": "0x322A3346bf24363f451164d96A5b5cd5A7F4c337",
# "source": "Proxy",
# "link": "https://rinkeby.etherscan.io/address/0x322A3346bf24363f451164d96A5b5cd5A7F4c337",
# "timestamp": "2019-03-06T23:05:43.914Z",
# "network": "rinkeby"
# }
npx synthetix source --network rinkeby --contract Proxy
# {
# "bytecode": "0..0",
# "abi": [ ... ]
# }
npx synthetix synths --network rinkeby --key name
# ["XDR", "sUSD", "sEUR", ... ]
Install the dependencies for the project using npm
$ npm i
To run the tests:
$ npm test
Traditionally gold was used as a reserve store of value by various governments around the world to prove that there was value to back their currency. The Synthetix system replicates this setup, but completely on-chain, and with multiple flavours of stablecoin (Synths), and a store of value backing them up (SNX - Synthetix Network Token).
As users transact in the system, small fees are remitted, which get sent to SNX holders that enable the economy to exist. Multicurrency is the latest piece of work on the system.
Users are able to withdraw their fees in any nomin currency that we support. Users are entitled to fees once they've issued synths (to help create the economy generating the fees) and waited for a complete fee period to elapse (currently 7 days). Issuers are incentivised to maintain the ratio of collateral (SNX) to Synths such that the Synths in circulation are generally only worth 20% of the value of the Synthetix Network Tokens backing them up via a penalty for being over 20% collateralised. This allows pretty severe price shocks to SNX without threatening the value of the Synths.
We have also invented a nomin currency called XDRs (Synthetix Drawing Rights, loosely modeled on SDRs from the UN). Its exchange rate is derived by looking at a basket aggregate of currencies to avoid biasing towards any particular fiat currency. Fees are stored in this currency, and users can hold these Synths if they want to lessen the impact on their holdings from a particular fiat currency changing in value.
Now that we have an exchange()
mechanism that allows users to switch between Synth currencies, it made sense to move the fee logic out the Synth token into its own standalone contract. This allows us to have more complex fee collection logic as well.
Also it's worth noting that there's a decimal library being used for "floating point" math with 10^18 as the base. Also many of the contracts are provided behind a proxy contract for easy upgradability.
We have also implemented what I'm going to call almost-ERC223 since the last audit. This allows you as a contract to implement a tokenFallback
function which gets called by our contracts whenever transfers or exchanges happen. Unlike ERC223, it is not a requirement that contracts implement this function, as we're already listed on a number of DEXes that do not implement this functionality, and we need to preserve full backwards compatibility for them. Users can also pass a bytes[]
memo when they transfer, but we implement the standard ERC20 transfer event, again for backwards compatibility with tooling such as Etherscan.
0xfeefeefee...
and stored in XDRs. Allows users to claim fees they're entitled to.onlyDuringSetup
modifier should no longer be callable.tokenFallback()
function._dec
on an operation makes it operate "on decimals" by either dividing out the extra UNIT after a multiplication, or multiplying it in before a division.selfdestruct
.tokenFallback
if the destination address is a contract.FAQs
The smart contracts which make up the Synthetix system. (synthetix.io)
The npm package synthetix receives a total of 268 weekly downloads. As such, synthetix popularity was classified as not popular.
We found that synthetix demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.