Test CI/CD OpenZeppelin

[Dargon789]

Fixes #????

PR Checklist

• Tests
• Documentation
• Changeset entry (run npx changeset add)

Summary by Sourcery

Add clear function to EnumerableSet and EnumerableMap. Add a new set type for pairs of bytes32. Expose an efficient hashing function for pairs of bytes32. Add non-reverting variants of SafeERC20 transfer functions. Expose an internal function in ERC2771Forwarder. Make TimelockController receive function virtual. Stop explicitly setting paused to false in Pausable constructor. Add ERC6909 standard implementation with extensions for metadata, token supply, and content URI. Add a library for calldata manipulation.

New Features:

• Add clear function to EnumerableSet and EnumerableMap which deletes all values in the set or map respectively.
• Add Bytes32x2Set to EnumerableSet that handles (ordered) pairs of bytes32.
• Expose efficientKeccak256 for hashing non-commutative pairs of bytes32 without allocating extra memory.
• Add trySafeTransfer and trySafeTransferFrom to SafeERC20 that do not revert and return false if the transfer is not successful.
• Expose the _isTrustedByTarget internal function in ERC2771Forwarder to check whether a target trusts the forwarder.
• Make TimelockController receive function virtual.
• Stop explicitly setting paused to false during construction in Pausable.
• Add ERC6909 standard implementation.
• Add ERC6909Metadata extension which adds metadata functionality.
• Add ERC6909TokenSupply extension which tracks total supply for each token id.
• Add ERC6909ContentURI extension which adds content URI functionality.
• Add Calldata library with emptyBytes and emptyString functions to generate empty bytes and string calldata types respectively

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request introduces several new features and improvements, including a clear function for EnumerableSet and EnumerableMap, a Bytes32x2Set struct for EnumerableSet, trySafeTransfer and trySafeTransferFrom functions for SafeERC20, a GovernorProposalGuardian extension, a standard implementation of ERC6909, and metadata and content URI extensions for ERC6909. It also exposes the _isTrustedByTarget internal function in ERC2771Forwarder, adds a Calldata library, makes the receive function in TimelockController virtual, stops explicitly setting paused to false during construction in Pausable, and exposes efficientKeccak256 for hashing non-commutative pairs of bytes32.

Updated class diagram for EnumerableSet

classDiagram
  class EnumerableSet {
    <<library>>
  }
  class Bytes32x2Set {
    bytes32[2][] _values
    mapping(bytes32 valueHash => uint256) _positions
    add(bytes32[2] memory value) bool
    remove(bytes32[2] memory value) bool
    clear(Bytes32x2Set storage self) internal
    contains(bytes32[2] memory value) bool
    length() uint256
    at(uint256 index) bytes32[2] memory
    values() bytes32[2][] memory
    _hash(bytes32[2] memory value) bytes32
  }
  EnumerableSet -- Bytes32x2Set : contains

Loading

Updated class diagram for EnumerableMap

classDiagram
  class EnumerableMap {
    <<library>>
  }
  EnumerableMap : +clear()
  note for EnumerableMap "Adds a clear function to EnumerableMaps which deletes all entries in the map"

Loading

Updated class diagram for SafeERC20

classDiagram
  class SafeERC20 {
    <<library>>
  }
  SafeERC20 : +trySafeTransfer(IERC20 token, address to, uint256 value) bool
  SafeERC20 : +trySafeTransferFrom(IERC20 token, address from, address to, uint256 value) bool
  note for SafeERC20 "Adds trySafeTransfer and trySafeTransferFrom that do not revert and return false if the transfer is not successful."

Loading

Class diagram for GovernorProposalGuardian

classDiagram
  class GovernorProposalGuardian {
    address private _proposalGuardian
    event ProposalGuardianSet(address oldProposalGuardian, address newProposalGuardian)
    proposalGuardian() address
    setProposalGuardian(address newProposalGuardian)
    _setProposalGuardian(address newProposalGuardian)
    _validateCancel(uint256 proposalId, address caller) bool
  }
  class Governor
  Governor <|-- GovernorProposalGuardian
  note for GovernorProposalGuardian "Adds a governance extension that defines a proposal guardian who can cancel proposals at any stage in their lifecycle."

Loading

Class diagram for ERC6909

classDiagram
  class ERC6909 {
    mapping(address owner => mapping(uint256 id => uint256)) private _balances
    mapping(address owner => mapping(address operator => bool)) private _operatorApprovals
    mapping(address owner => mapping(address spender => mapping(uint256 id => uint256))) private _allowances
    error ERC6909InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 id)
    error ERC6909InsufficientAllowance(address spender, uint256 allowance, uint256 needed, uint256 id)
    error ERC6909InvalidApprover(address approver)
    error ERC6909InvalidReceiver(address receiver)
    error ERC6909InvalidSender(address sender)
    error ERC6909InvalidSpender(address spender)
    supportsInterface(bytes4 interfaceId) bool
    balanceOf(address owner, uint256 id) uint256
    allowance(address owner, address spender, uint256 id) uint256
    isOperator(address owner, address spender) bool
    approve(address spender, uint256 id, uint256 amount) bool
    setOperator(address spender, bool approved) bool
    transfer(address receiver, uint256 id, uint256 amount) bool
    transferFrom(address sender, address receiver, uint256 id, uint256 amount) bool
    _mint(address to, uint256 id, uint256 amount)
    _transfer(address from, address to, uint256 id, uint256 amount)
    _burn(address from, uint256 id, uint256 amount)
    _update(address from, address to, uint256 id, uint256 amount)
    _approve(address owner, address spender, uint256 id, uint256 amount)
    _setOperator(address owner, address spender, bool approved)
    _spendAllowance(address owner, address spender, uint256 id, uint256 amount)
  }
  class Context
  Context <|-- ERC6909
  class ERC165
  ERC165 <|-- ERC6909
  note for ERC6909 "Adds a standard implementation of ERC6909."

Loading

Class diagram for ERC6909ContentURI

classDiagram
  class ERC6909ContentURI {
    string private _contractURI
    mapping(uint256 id => string) private _tokenURIs
    event ContractURIUpdated()
    event URI(string value, uint256 indexed id)
    contractURI() string
    tokenURI(uint256 id) string
    _setContractURI(string memory newContractURI)
    _setTokenURI(uint256 id, string memory newTokenURI)
  }
  class ERC6909
  ERC6909 <|-- ERC6909ContentURI
  note for ERC6909ContentURI "Adds an extension of ERC6909 which adds content URI functionality."

Loading

Class diagram for ERC6909TokenSupply

classDiagram
  class ERC6909TokenSupply {
    mapping(uint256 id => uint256) private _totalSupplies
    totalSupply(uint256 id) uint256
    _update(address from, address to, uint256 id, uint256 amount)
  }
  class ERC6909
  ERC6909 <|-- ERC6909TokenSupply
  note for ERC6909TokenSupply "Adds an extension of ERC6909 which tracks total supply for each token id."

Loading

Updated class diagram for ERC2771Forwarder

classDiagram
  class ERC2771Forwarder
  ERC2771Forwarder : +_isTrustedByTarget(address target) internal view virtual returns (bool)
  note for ERC2771Forwarder "Exposes the `_isTrustedByTarget` internal function to check whether a target trusts the forwarder."

Loading

Class diagram for Calldata

classDiagram
  class Calldata {
    <<library>>
    emptyBytes() bytes calldata
    emptyString() string calldata
  }
  note for Calldata "Library with `emptyBytes` and `emptyString` functions to generate empty `bytes` and `string` calldata types."

Loading

Updated class diagram for TimelockController

classDiagram
  class TimelockController
  TimelockController : +receive() external payable virtual
  note for TimelockController "Receive function is now virtual."

Loading

Updated class diagram for Pausable

classDiagram
  class Pausable
  Pausable : -constructor()
  note for Pausable "Stop explicitly setting `paused` to `false` during construction."

Loading

Updated class diagram for Hashes

classDiagram
  class Hashes {
    <<library>>
  }
  Hashes : +efficientKeccak256(bytes32 a, bytes32 b) internal pure returns (bytes32)
  note for Hashes "Expose `efficientKeccak256` for hashing non-commutative pairs of bytes32 without allocating extra memory."

Loading

File-Level Changes

Change	Details	Files
Added a clear function to EnumerableSet to remove all values from a set in O(n) time, along with a warning about unbounded gas costs.	Added _clear function to remove all values from a set. Added clear function to Bytes32Set. Added clear function to AddressSet. Added clear function to UintSet. Updated documentation to include the new clear function and its gas cost warning.	contracts/utils/structs/EnumerableSet.sol scripts/generate/templates/EnumerableSet.js test/utils/structs/EnumerableSet.behavior.js test/utils/structs/EnumerableSet.test.js
Added a Bytes32x2Set struct to EnumerableSet to manage sets of bytes32[2] values, including functions for adding, removing, checking existence, clearing, and enumerating elements.	Added Bytes32x2Set struct definition. Added add function to add a bytes32[2] value to the set. Added remove function to remove a bytes32[2] value from the set. Added clear function to remove all values from the set. Added contains function to check if a bytes32[2] value is in the set. Added length function to return the number of values in the set. Added at function to return the value at a given index in the set. Added values function to return all values in the set as an array. Added _hash function to hash bytes32[2] values for efficient storage and retrieval.	contracts/utils/structs/EnumerableSet.sol scripts/generate/templates/EnumerableSet.js scripts/generate/templates/EnumerableSet.opts.js
Added a clear function to EnumerableMap to remove all entries from a map in O(n) time, along with a warning about unbounded gas costs.	Added clear function to Bytes32ToBytes32Map. Added clear function to UintToUintMap. Added clear function to UintToAddressMap. Added clear function to UintToBytes32Map. Added clear function to AddressToUintMap. Added clear function to AddressToAddressMap. Added clear function to AddressToBytes32Map. Added clear function to Bytes32ToUintMap. Added clear function to Bytes32ToAddressMap.	contracts/utils/structs/EnumerableMap.sol scripts/generate/templates/EnumerableMap.js test/utils/structs/EnumerableMap.behavior.js test/utils/structs/EnumerableMap.test.js
Added trySafeTransfer and trySafeTransferFrom functions to SafeERC20 to allow for ERC20 transfers that return a boolean instead of reverting on failure.	Added trySafeTransfer function. Added trySafeTransferFrom function. Updated tests to include tests for the new functions.	contracts/token/ERC20/utils/SafeERC20.sol test/token/ERC20/utils/SafeERC20.test.js CHANGELOG.md
Added a governance extension, GovernorProposalGuardian, that allows a designated guardian to cancel proposals at any stage, or defaults to the proposer if no guardian is set.	Added GovernorProposalGuardian contract. Added proposalGuardian function to get the address of the proposal guardian. Added setProposalGuardian function to set the address of the proposal guardian. Added _setProposalGuardian internal function to set the address of the proposal guardian. Added ProposalGuardianSet event. Overrode _validateCancel function to allow the proposal guardian to cancel proposals.	contracts/governance/extensions/GovernorProposalGuardian.sol test/governance/extensions/GovernorProposalGuardian.test.js contracts/mocks/governance/GovernorProposalGuardianMock.sol CHANGELOG.md
Added a standard implementation of ERC6909, a token standard that allows for multiple token types within a single contract.	Added ERC6909 contract. Added balanceOf function. Added allowance function. Added isOperator function. Added approve function. Added setOperator function. Added transfer function. Added transferFrom function. Added _mint function. Added _transfer function. Added _burn function. Added _update function. Added _approve function. Added _setOperator function. Added _spendAllowance function.	contracts/token/ERC6909/draft-ERC6909.sol test/token/ERC6909/ERC6909.test.js test/token/ERC6909/ERC6909.behavior.js contracts/interfaces/draft-IERC6909.sol CHANGELOG.md docs/modules/ROOT/pages/erc6909.adoc
Added an extension of ERC6909 which adds metadata functionality.	Added ERC6909Metadata contract. Added name function. Added symbol function. Added decimals function. Added _setName function. Added _setSymbol function. Added _setDecimals function. Added ERC6909NameUpdated event. Added ERC6909SymbolUpdated event. Added ERC6909DecimalsUpdated event.	contracts/token/ERC6909/extensions/draft-ERC6909Metadata.sol test/token/ERC6909/extensions/ERC6909Metadata.test.js contracts/mocks/docs/token/ERC6909/ERC6909GameItems.sol CHANGELOG.md
Added an extension of ERC6909 which adds content URI functionality.	Added ERC6909ContentURI contract. Added contractURI function. Added tokenURI function. Added _setContractURI function. Added _setTokenURI function. Added ContractURIUpdated event. Added URI event.	contracts/token/ERC6909/extensions/draft-ERC6909ContentURI.sol test/token/ERC6909/extensions/ERC6909ContentURI.test.js CHANGELOG.md
Added an extension of ERC6909 which tracks total supply for each token id.	Added ERC6909TokenSupply contract. Added totalSupply function. Overrode _update function to update total supply.	contracts/token/ERC6909/extensions/draft-ERC6909TokenSupply.sol test/token/ERC6909/extensions/ERC6909TokenSupply.test.js CHANGELOG.md
Exposed the _isTrustedByTarget internal function in ERC2771Forwarder to allow checking whether a target trusts the forwarder.	Changed _isTrustedByTarget function visibility from private to internal virtual.	contracts/metatx/ERC2771Forwarder.sol CHANGELOG.md
Added a library with emptyBytes and emptyString functions to generate empty bytes and string calldata types.	Added Calldata library. Added emptyBytes function. Added emptyString function.	contracts/utils/Calldata.sol test/utils/Calldata.test.js CHANGELOG.md
The receive function in TimelockController is now virtual.	Changed receive function to virtual.	contracts/governance/TimelockController.sol CHANGELOG.md
Stopped explicitly setting paused to false during construction in Pausable.	Removed constructor that sets _paused = false.	contracts/utils/Pausable.sol CHANGELOG.md
Exposed efficientKeccak256 for hashing non-commutative pairs of bytes32 without allocating extra memory.	Changed _efficientKeccak256 function name to efficientKeccak256 and visibility from private to internal.	contracts/utils/cryptography/Hashes.sol CHANGELOG.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[socket-security]

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
pypi/halmos@0.2.4 🔁 pypi/halmos@0.2.3	None	0	1.04 MB	daejunpark, justin_gerard

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
License Policy Violation	pypi/halmos@0.2.4	License: AGPL-3.0 - Not allowed by license policy (halmos-0.2.4/src/halmos/calldata.py, halmos-0.2.4/examples/simple/test/Multicaller.t.sol, halmos-0.2.4/tests/regression/test/Deal.t.sol, halmos-0.2.4/examples/tokens/ERC20/test/DEIStablecoin.sol, halmos-0.2.4/tests/regression/test/Create2.t.sol, halmos-0.2.4/tests/regression/test/Getter.t.sol, halmos-0.2.4/examples/simple/test/SimpleState.t.sol, halmos-0.2.4/tests/regression/test/Panic.t.sol, halmos-0.2.4/examples/tokens/ERC20/test/DEIStablecoin.t.sol, halmos-0.2.4/tests/regression/test/Call.t.sol, halmos-0.2.4/tests/regression/test/Store.t.sol, halmos-0.2.4/pyproject.toml, halmos-0.2.4/LICENSE, halmos-0.2.4/tests/regression/test/Snapshot.t.sol, halmos-0.2.4/tests/solver/test/Solver.t.sol, halmos-0.2.4/tests/solver/test/SignedDiv.t.sol, halmos-0.2.4/examples/tokens/ERC20/test/CurveTokenV3.t.sol, halmos-0.2.4/tests/regression/test/AssertTest.t.sol, halmos-0.2.4/PKG-INFO, halmos-0.2.4/tests/regression/test/Revert.t.sol, halmos-0.2.4/tests/regression/src/Counter.sol)	fv-requirements.txt	⚠︎
License Policy Violation	pypi/halmos@0.2.4	License: AGPL-3.0 - Not allowed by license policy (halmos/main.py, halmos-0.2.4.dist-info/LICENSE, halmos-0.2.4.dist-info/METADATA)	fv-requirements.txt	⚠︎

View full report↗︎

Next steps

What is a license policy violation?

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore pypi/halmos@0.2.4

[sourcery-ai]

Hey @Dargon789 - I've reviewed your changes - here's some feedback:

Overall Comments:

• Consider adding tests for the clear function in EnumerableSet.behavior.js.

Here's what I looked at during the review

• 🟡 General issues: 2 issues found
• 🟢 Security: all looks good
• 🟡 Testing: 1 issue found
• 🟡 Complexity: 1 issue found
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[Dargon789]

Test CI/CD OpenZeppelin #7

[openzeppelin-code]

Test CI/CD OpenZeppelin

Generated at commit: f281e98c94cf668d13e6d064d3d0b9c173fb8014

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	3 4 0 12 32 51
Dependencies	Critical High Medium Low Note Total	1 0 0 0 0 1

---

For more details view the full report in OpenZeppelin Code Inspector