Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
State-of-the-art, highly opinionated, hyper-optimised, and secure πVyper smart contract building blocks.
<img src=https://github.com/pcaversaccio/snekmate/assets/25297591/a899251b-d22b-4cb3-8109-88facba53d6a width="1050"/>
State-of-the-art, highly opinionated, hyper-optimised, and secure πVyper smart contract building blocks.
[!WARNING] This is experimental software and is provided on an "as is" and "as available" basis. We do not give any warranties and will not be liable for any losses incurred through any use of this code base.
src
βββ snekmate
βββ auth
β βββ ownable β "Owner-Based Access Control Functions"
β βββ ownable_2step β "2-Step Ownership Transfer Functions"
β βββ access_control β "Multi-Role-Based Access Control Functions"
β βββ interfaces
β β βββ IAccessControl β "AccessControl Interface Definition"
β βββ mocks
β βββ ownable_mock β "`ownable` Module Reference Implementation"
β βββ ownable_2step_mock β "`ownable_2step` Module Reference Implementation"
β βββ access_control_mock β "`access_control` Module Reference Implementation"
βββ extensions
β βββ erc2981 β "ERC-721 and ERC-1155 Compatible ERC-2981 Reference Implementation"
β βββ erc4626 β "Modern and Gas-Efficient ERC-4626 Tokenised Vault Implementation"
β βββ interfaces
β β βββ IERC2981 β "EIP-2981 Interface Definition"
β βββ mocks
β βββ erc2981_mock β "`erc2981` Module Reference Implementation"
β βββ erc4626_mock β "`erc4626` Module Reference Implementation"
βββ governance
β βββ timelock_controller β "Multi-Role-Based Timelock Controller Reference Implementation"
β βββ mocks
β βββ timelock_controller_mock β "`timelock_controller` Module Reference Implementation"
βββ tokens
β βββ erc20 β "Modern and Gas-Efficient ERC-20 + EIP-2612 Implementation"
β βββ erc721 β "Modern and Gas-Efficient ERC-721 + EIP-4494 Implementation"
β βββ erc1155 β "Modern and Gas-Efficient ERC-1155 Implementation"
β βββ interfaces
β β βββ IERC20Permit β "EIP-2612 Interface Definition"
β β βββ IERC721Enumerable β "EIP-721 Optional Enumeration Interface Definition"
β β βββ IERC721Metadata β "EIP-721 Optional Metadata Interface Definition"
β β βββ IERC721Permit β "EIP-4494 Interface Definition"
β β βββ IERC721Receiver β "EIP-721 Token Receiver Interface Definition"
β β βββ IERC1155 β "EIP-1155 Interface Definition"
β β βββ IERC1155MetadataURI β "EIP-1155 Optional Metadata Interface Definition"
β β βββ IERC1155Receiver β "EIP-1155 Token Receiver Interface Definition"
β β βββ IERC4906 β "EIP-4906 Interface Definition"
β βββ mocks
β βββ erc20_mock β "`erc20` Module Reference Implementation"
β βββ erc721_mock β "`erc721` Module Reference Implementation"
β βββ erc1155_mock β "`erc1155` Module Reference Implementation"
βββ utils
βββ base64 β "Base64 Encoding and Decoding Functions"
βββ batch_distributor β "Batch Sending Both Native and ERC-20 Tokens"
βββ create_address β "`CREATE` EVM Opcode Utility Function for Address Calculation"
βββ create2_address β "`CREATE2` EVM Opcode Utility Functions for Address Calculations"
βββ ecdsa β "Elliptic Curve Digital Signature Algorithm (ECDSA) Secp256k1-Based Functions"
βββ p256 β "Elliptic Curve Digital Signature Algorithm (ECDSA) Secp256r1-Based Functions"
βββ message_hash_utils β "Signature Message Hash Utility Functions"
βββ signature_checker β "ECDSA and EIP-1271 Signature Verification Functions"
βββ eip712_domain_separator β "EIP-712 Domain Separator"
βββ math β "Standard Mathematical Utility Functions"
βββ merkle_proof_verification β "Merkle Tree Proof Verification Functions"
βββ multicall β "Multicall Functions"
βββ interfaces
β βββ IERC1271 β "EIP-1271 Interface Definition"
β βββ IERC5267 β "EIP-5267 Interface Definition"
βββ mocks
βββ base64_mock β "`base64` Module Reference Implementation"
βββ batch_distributor_mock β "`batch_distributor` Module Reference Implementation"
βββ create_address_mock β "`create_address` Module Reference Implementation"
βββ create2_address_mock β "`create2_address` Module Reference Implementation"
βββ ecdsa_mock β "`ecdsa` Module Reference Implementation"
βββ p256_mock β "`p256` Module Reference Implementation"
βββ message_hash_utils_mock β "`message_hash_utils` Module Reference Implementation"
βββ signature_checker_mock β "`signature_checker` Module Reference Implementation"
βββ eip712_domain_separator_mock β "`eip712_domain_separator` Module Reference Implementation"
βββ math_mock β "`math` Module Reference Implementation"
βββ merkle_proof_verification_mock β "`merkle_proof_verification` Module Reference Implementation"
βββ multicall_mock β "`multicall` Module Reference Implementation"
[!IMPORTANT]
π snekmate uses a ZeroVer-based versioning scheme. This means π snekmate's major version will never exceed the first and most important number in computing: zero.
We offer three convenient ways to install the π snekmate contracts:
You can install π snekmate via submodules using Foundry with:
forge install pcaversaccio/snekmate
[!NOTE] If you want to leverage π snekmate's
VyperDeployer
contract for your own testing, ensure that you compile the πVyper contracts with the same EVM version as configured in yourfoundry.toml
file. TheVyperDeployer
contract offers two overloadeddeployContract
functions that allow the configuration of the target EVM version. Please note that since πVyper version0.4.0
the default EVM version is set tocancun
. Furthermore, theVyperDeployer
contract relies on the Python scriptcompile.py
for successful compilation and deployment. Always use theVyperDeployer
contract alongside with the aforementioned script.
You can install π snekmate from PyPI with:
pip install snekmate
You can use
pip install snekmate -t .
to install the contracts directly into the current working directory!
You can install π snekmate from npm with:
npm install --save-dev snekmate
Or if you are using Yarn:
yarn add --dev snekmate
In case you are using pnpm, invoke:
pnpm add --save-dev snekmate
[!CAUTION] It is possible to install the latest versions of
main
or any other branch locally viapip install git+https://github.com/pcaversaccio/snekmate.git@<branch>
orforge install pcaversaccio/snekmate && forge update
. Each branch, including themain
branch, must be understood as a development branch that should be avoided in favour of tagged releases. The release process includes security measures that the repository branches do not guarantee.
πVyper favours code reuse through composition rather than inheritance (Solidity inheritance makes it easy to break the Liskov Substitution Principle). A πVyper module encapsulates everything required for code reuse, from type and function declarations to state. All π snekmate contracts are πVyper modules. Thus, many of the π snekmate contracts do not compile independently, but you must import
and initializes
them. Please note that if a module is stateless, it does not require the keyword initializes
(or uses
) for initialisation (or usage). Each module contract has an associated mock contract in the mock/
directory, which is part of the associated contract subdirectory. These mock contracts are very illustrative of how π snekmate contracts can be used as πVyper modules.
[!IMPORTANT] All π snekmate contracts are very well documented in the form of general code and NatSpec comments. There are no shortcuts β if you are importing specific logic, read the documentation!
Please read here to learn more about using πVyper modules.
This repository contains Foundry-based unit tests, property-based tests (i.e. stateless fuzzing), and invariant tests (i.e. stateful fuzzing) for all contracts, if applicable. All tests are run as part of the CI pipeline test-contracts
.
[!NOTE] An invariant is a property of a program that should always hold true. Fuzzing is a way of checking whether the invariant is falsifiable.
Contract | Unit Tests | Property-Based Tests | Invariant Tests |
---|---|---|---|
ownable | β | β | β |
ownable_2step | β | β | β |
access_control | β | β | β |
erc2981 | β | β | β |
erc4626 | β | β | β |
timelock_controller | β | β | β |
erc20 | β | β | β |
erc721 | β | β | β |
erc1155 | β | β | β |
base64 | β | β | β |
batch_distributor | β | β | β |
create_address | β | β | β |
create2_address | β | β | β |
ecdsa | β | β | β |
p256 | β | β | β |
message_hash_utils | β | β | β |
signature_checker | β | β | β |
eip712_domain_separator | β | β | β |
math | β | β | β |
merkle_proof_verification | β | β | β |
multicall | β | β | β |
β Test Type Implemented β β Test Type Not Implemented
Furthermore, the echidna
-based property tests for the erc20
and erc721
contracts are available in the test/tokens/echidna/
directory. You can run the tests by invoking:
# Run Echidna ERC-20 property tests.
~$ FOUNDRY_PROFILE=echidna echidna test/tokens/echidna/ERC20Properties.sol --contract CryticERC20ExternalHarness --config test/echidna.yaml
# Run Echidna ERC-721 property tests.
~$ FOUNDRY_PROFILE=echidna echidna test/tokens/echidna/ERC721Properties.sol --contract CryticERC721ExternalHarness --config test/echidna.yaml
Eventually, the halmos
-based symbolic tests for the erc20
, erc721
, erc1155
, and math
contracts are available in the test/tokens/halmos/
and test/utils/halmos/
directories. You can run the tests by invoking:
[!IMPORTANT] You must install the Yices 2 SMT solver before invoking the
halmos
-based symbolic tests.
# Run Halmos ERC-20 symbolic tests.
~$ FOUNDRY_PROFILE=halmos halmos --contract ERC20TestHalmos --config test/halmos.toml
# Run Halmos ERC-721 symbolic tests. Be careful, this is a (very!) time-consuming operation.
~$ FOUNDRY_PROFILE=halmos halmos --contract ERC721TestHalmos --config test/halmos.toml
# Run Halmos ERC-1155 symbolic tests. Be careful, this is a time-consuming operation.
~$ FOUNDRY_PROFILE=halmos halmos --contract ERC1155TestHalmos --config test/halmos.toml
# Run Halmos math symbolic tests.
~$ FOUNDRY_PROFILE=halmos halmos --contract MathTestHalmos --config test/halmos.toml
[!TIP] If you encounter any issues, please ensure that you have the latest πVyper version installed locally.
This repository is inspired by or directly modified from many sources, primarily:
CREATE
Factoryπ snekmate only exists thanks to its contributors. There are many ways to get involved and contribute to our high-quality and secure smart contracts. Check out our Contribution Guidelines!
I am a strong advocate of the open-source and free software paradigm. However, if you feel my work deserves a donation, you can send it to this address: 0xe9Fa0c8B5d7F79DeC36D3F448B1Ac4cEdedE4e69
. I can pledge that I will use this money to help fix more existing challenges in the Ethereum ecosystem π€.
<img src=https://user-images.githubusercontent.com/25297591/167394075-1813e258-3b03-4bc8-9305-69126a07d57e.png width="1050"/>
FAQs
State-of-the-art, highly opinionated, hyper-optimised, and secure πVyper smart contract building blocks.
We found that snekmate demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.