Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge dev into main #436

Open
wants to merge 57 commits into
base: main
Choose a base branch
from
Open

Merge dev into main #436

wants to merge 57 commits into from

Conversation

hensha256
Copy link
Collaborator

@hensha256 hensha256 commented Jan 10, 2025

Redoing #429

gretzke and others added 30 commits June 14, 2024 19:59
* update hardhat

* remove symlinks by using hardhat-foundry

use hardhat-foundry package to use foundry remappings to compile. Symlinks are no longer necessary
After upgrade HH412 error was thrown caused by the existing symlinks
ref:
https://hardhat.org/hardhat-runner/docs/errors#HH412
NomicFoundation/hardhat#3623

* update compiler version to ^0.8.24 supporting the cancun upgrades

* fix ci

* fix lock file

* Update yarn.lock

* regenerate gas snapshots

* install foundry in ci

* Use mainnet permit2 (#347)

* solc upgrade to 0.8.26

* use mainnet permit2 work started

* fix uniswap tests

* Remove block from resetFork

* Refactor to fetch fee tiers

* remove NFT protocols for V4 router (#348)

* first pass

* fix forge builds

* fix reentrancy test

* Add check to receive

* remove .only rip

* add todo for tests that need wrtiting

* update readme and planner

---------

Co-authored-by: Alice <[email protected]>
Co-authored-by: Alice Henshaw <[email protected]>
* import with dif version of OZ

* fix remapping issue

* duplicate exports and v3 version error

* remove else statement and fix format

* fix duplicate IERC165 in typechain

* permit, decrease, collect, burn commands

* all v3 commands separately

* add structs

* remove mint and increaseLiquidity on v3

* test change

* fix yarn.lock

* pass foundry tests for now

* nit - change name

* spelling error

* v3pm address not needed

* some gas tests

* check msg.sender

* format

* transient storage

* unauthorized tests

* transient storage

* v3 multicall with tests

* v3 call + transient storage

* no decode

* clean up tests

* some changes

* comment changes

* suggestion fixes

* regenerate yarn.lock file

* revert yarn.lock

* some changes

* separate migration tests

* bignumber to fix test

* fix remappings for forge compile

* remove command placeholder

* remove transient storage

* format

* use v3 periphery 0.8 instead

* fix gas snapshots

* v3 position manager addresses

* name change

* remove v4 in this pr

* remove unnecessary stuff

* change test names

* fix erc721 permit

* more tests

* name changes, comments, test

---------

Co-authored-by: gretzke <[email protected]>
* Make reentrancy guard transient

* locker tests

* abstract the locker library away

* Updated locker tests

* move map, and fix CI

* Update lint.yml

* update comment
* v4 periphery git submodule

* deploy v4

* prettier

* point v4 periphery to main

* use solmate/src and deploy v4

* format

* update v4-periphery and future proof deployRouter

* prettier
* update v4-periphery, change remapping, and update deploy test

* make immutables public

* little fixes

* last one

* make only migrator immutables public
* update v4 periphery to main and update deployRouter

* point to updated v4 posm
* v4 planner

* some renaming
* separate uniswap tests

* Move permit2 tests
* batch permit decode in calldata

* array of structs

* PR comment
* v4 mint so far

* solmate remapping

* v4 mint and increase tests

* prettier

* update v4 periphery to main

* some gas tests

* remove selector check in v4 posm call

* organize some tests

* more tests

* prettier

* more tests

* update gas

* remove unnecessary import

* remove unnecessary encodings
* complete setup, everything working

* v4 command plus planner

* use main v4 branch

* update periphery, handle changes

* linting

* V4 test setup

* working pool setup

* cleanup of imports

* 2 working v4 swap tests

* exact out swaps

* 2 hop swap tests

* update periphery
* update tests to correspond with posm

* match deploy universal router with alices

* update oz for ierc721permit problem

* switch back to OZ 4.7.0

* use OZ 5.0.2 to match v4

* remove internal _msgSender()

* pr comments

* add license
* ETH input v4 tests

* eth output v4 tests

* PR comments
* add v4 to receive function

* linting

* PR comments

* fix and snapshots
* take portion test

* take portion test native

* correct comment

* take portion on input test

* remove console logs oops
* OZ L-09

* Remove .vscode/settings.json from the repository
* update periphery to main

* update periphery after it updated main

* update again

* update again
…379)

* add different tests for increasing and add tests for forwarding eth

* fix gas snapshot

* add more comments

* fix gas snapshots

* fix gas again

* add comments on unpermit tests
* ABDK CVF106

* fix comment
dianakocsis and others added 26 commits September 5, 2024 14:22
* update periphery

* remove position config

* lint
* Periphery update - calldata decoder

* rename function and snapshots

* actually use the function
* Update .gitmodules (#337)

There is no need to use an account for GitHub.

* chore(infra): set up deploy

---------

Co-authored-by: Jonney <[email protected]>
* chore: fix yarn publish

* Update deploy.yml

* Update deploy.yml
* update periphery

* update initialize ABI

* temporary position descriptor constructor arg

* lint

* updated snap
* restrict increase, decrease, and burn

* prettier

* initialize v4 pool call

* prettier

* refactor logic into function, plus optimise decode

* merge latest periphery

* move v3 logic outside of dispatcher

* initialize pool tests

* sbapshot

* larger refactor

* pull v4 periphery and revert payments

* make checkV4InitializeCall like the others

* Call initialize directly

* undo v3 refactor

* imports

* remove unused typescript type

* remove unnecessary extra immutable

* Bump beta version

* Improve coments

* Add pool intiialization to some tests

---------

Co-authored-by: Alice Henshaw <[email protected]>
* Update .gitmodules (#337)

There is no need to use an account for GitHub.

* deploy script for Base Sepolia

* updating some deploys for sepolia L2s

* include vanity/public RPCs for scripts

* Update script/deployParameters/DeployOPSepolia.s.sol

Co-authored-by: Alice <[email protected]>

* Update script/deployParameters/DeployUnichainSepolia.s.sol

Co-authored-by: Alice <[email protected]>

---------

Co-authored-by: Jonney <[email protected]>
Co-authored-by: Alice <[email protected]>
* Latest v4 periphery

* why didnt the linter catch this
* v3 refactor and pull latest periphery

* switch to if else
* allow permit2 to silently fail to avoid dos

* fix tests
* update periphery not working

* fix ur according to periphery update

* prettier

* fix issue during hardhat tests fixed in version 2.22.14

* change optimizer size

* change optimizer runs for manager only

* update again

* prettier

* update periphery again

* switch runs to 30000

---------

Co-authored-by: gretzke <[email protected]>
* Update .gitmodules (#337)

There is no need to use an account for GitHub.

* chore(infra): set up deploy (#397)

* chore: yarn publish (#402)

* chore: yarn publish

* Update deploy.yml

* Update deploy.yml

* Update deploy.yml

* Update deploy.yml

* chore: add provenance (#404)

* compile contracts in workflow (#405)

* feat: deploy worldchain (#411)

* fix: update UR address on worldchain (#412)

previous accidentally set it to the unsupported protocol

* Create CODEOWNERS (#419)

---------

Co-authored-by: Jonney <[email protected]>
Co-authored-by: mr-uniswap <[email protected]>
Co-authored-by: Emily Williams <[email protected]>
Co-authored-by: marktoda <[email protected]>
Co-authored-by: dianakocsis <[email protected]>
@hensha256 hensha256 requested a review from a team as a code owner January 10, 2025 13:27
Copy link

socket-security bot commented Jan 10, 2025

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@fastify/[email protected] None 0 80.2 kB gurgunday
npm/@nomicfoundation/[email protected] None 0 13.2 MB nomic-foundation-publisher
npm/@nomicfoundation/[email protected] None 0 13.8 MB nomic-foundation-publisher
npm/@nomicfoundation/[email protected] None 0 18.9 MB nomic-foundation-publisher
npm/@nomicfoundation/[email protected] None 0 18.9 MB nomic-foundation-publisher
npm/@nomicfoundation/[email protected] None 0 21 MB nomic-foundation-publisher
npm/@nomicfoundation/[email protected] None 0 20.9 MB nomic-foundation-publisher
npm/@nomicfoundation/[email protected] None 0 15.3 MB nomic-foundation-publisher
npm/@nomicfoundation/[email protected] filesystem, shell 0 306 kB nomic-foundation-publisher
npm/@nomicfoundation/[email protected] None 0 649 kB fvictorio
npm/@nomicfoundation/[email protected] None 0 125 kB fvictorio
npm/@nomicfoundation/[email protected] None +2 1.5 MB fvictorio
npm/@nomicfoundation/[email protected] network 0 545 kB fvictorio
npm/@nomicfoundation/[email protected] filesystem, shell 0 25.6 kB schaable
npm/@openzeppelin/[email protected] None 0 1.7 MB frangio
npm/[email protected] None +1 12.8 kB nexdrew
npm/[email protected] None +6 222 kB sindresorhus
npm/[email protected] None 0 6.14 kB sindresorhus
npm/[email protected] environment, filesystem, shell 0 151 kB abetomo
npm/[email protected] environment, filesystem, network, shell +2 2.9 MB kanej
npm/[email protected] None 0 343 kB faleij
npm/[email protected] None +1 9.2 MB r0qs
npm/[email protected] environment, network, unsafe 0 1.17 MB matteo.collina
npm/[email protected] None 0 3.73 kB sindresorhus

🚮 Removed packages: npm/@nomicfoundation/[email protected], npm/@nomicfoundation/[email protected], npm/@nomicfoundation/[email protected], npm/@nomicfoundation/[email protected], npm/@nomicfoundation/[email protected], npm/@nomicfoundation/[email protected], npm/@nomicfoundation/[email protected], npm/@nomicfoundation/[email protected], npm/@nomicfoundation/[email protected], npm/@nomicfoundation/[email protected], npm/@nomicfoundation/[email protected], npm/@openzeppelin/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

Copy link

socket-security bot commented Jan 10, 2025

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
AI-detected potential code anomaly npm/[email protected]
  • Notes: The code appears to be a WebAssembly (WASM) module implementing HTTP parsing functionality. The code contains suspicious elements such as ability to handle HTTP headers, message bodies, and chunk extensions. While it may be legitimate parser code, the obfuscated nature and presence of low-level binary operations warrants careful review due to potential for misuse in HTTP request/response manipulation or header injection attacks.
  • Confidence: 1.00
  • Severity: 0.60
⚠︎
AI-detected potential code anomaly npm/[email protected]
  • Notes: The code appears to be a WebAssembly (WASM) module implementing HTTP parsing functionality. The code contains suspicious elements such as ability to handle HTTP headers, message bodies, and chunk extensions. While it may be legitimate parser code, the obfuscated nature and presence of low-level binary operations warrants careful review due to potential for misuse in HTTP request/response manipulation or header injection attacks.
  • Confidence: 1.00
  • Severity: 0.60
⚠︎
Shell access npm/@nomicfoundation/[email protected] ⚠︎
Filesystem access npm/@nomicfoundation/[email protected] ⚠︎
Filesystem access npm/[email protected] ⚠︎
Filesystem access npm/[email protected] ⚠︎
Filesystem access npm/[email protected] ⚠︎
Filesystem access npm/[email protected] ⚠︎
Filesystem access npm/[email protected] ⚠︎
Dynamic require npm/[email protected] ⚠︎
Filesystem access npm/@nomicfoundation/[email protected] ⚠︎
Shell access npm/@nomicfoundation/[email protected] ⚠︎

View full report↗︎

Next steps

What is an AI-detected potential code anomaly?

AI has identified unusual behaviors that may pose a security risk.

An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

What is shell access?

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

What is filesystem access?

Accesses the file system, and could potentially read sensitive data.

If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead.

What is dynamic require?

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants