SyndicateProtocol
diff --git a/‎.env-sample‎
Lines changed: 8 additions & 2 deletions b/‎.env-sample‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎.github/workflows/contract-tests.yml‎
Lines changed: 106 additions & 98 deletions b/‎.github/workflows/contract-tests.yml‎
Lines changed: 106 additions & 98 deletions
diff --git a/‎audit-ci.jsonc‎
Lines changed: 3 additions & 51 deletions b/‎audit-ci.jsonc‎
Lines changed: 3 additions & 51 deletions
diff --git a/‎deploy/InboxStubCreator.js‎
Lines changed: 13 additions & 4 deletions b/‎deploy/InboxStubCreator.js‎
Lines changed: 13 additions & 4 deletions
@@ -1,5 +1,11 @@
-L1_RPC_URL="http://127.0.0.1:8545"
 L1_PRIV_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"
-CONFIG_NETWORK_NAME="arb1"
+CONFIG_NETWORK_NAME="custom"
 DEPLOYED_CONTRACTS_DIR="./scripts/files/"
 DISABLE_VERIFICATION=true
+
+# to use the 'custom' hardhat network, set the following variables
+CUSTOM_RPC_URL="http://127.0.0.1:8545"
+CUSTOM_ETHERSCAN_API_KEY=
+CUSTOM_CHAINID=1337
+CUSTOM_ETHERSCAN_API_URL=
+CUSTOM_ETHERSCAN_BROWSER_URL=
@@ -21,7 +21,8 @@ jobs:
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
         with:
-          version: nightly
+          version: stable
+          cache: false
 
       - name: Setup node/yarn
         uses: actions/setup-node@v3
@@ -50,7 +51,8 @@ jobs:
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
         with:
-          version: nightly
+          version: stable
+          cache: false
 
       - name: Setup nodejs
         uses: actions/setup-node@v2
@@ -62,7 +64,8 @@ jobs:
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
         with:
-          version: nightly
+          version: stable
+          cache: false
 
       - name: Check Contracts Format
         run: forge fmt --check
@@ -128,7 +131,8 @@ jobs:
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
         with:
-          version: nightly
+          version: stable
+          cache: false
 
       - uses: OffchainLabs/actions/run-nitro-test-node@main
         with:
@@ -150,114 +154,88 @@ jobs:
 
       - name: Test 4844
         run: yarn test:4844
-  # test-e2e:
-  #   name: Test e2e
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - uses: actions/checkout@v3
-  #       with:
-  #         submodules: recursive
-
-  #     - uses: OffchainLabs/actions/run-nitro-test-node@main
-  #       with:
-  #         l3-node: true
-  #         no-token-bridge: true
-  #         no-l3-token-bridge: true
-  #         nitro-contracts-branch: '${{ github.event.pull_request.head.sha || github.sha }}'
-  #         nitro-testnode-ref: node-18
-
-  #     - name: Setup node/yarn
-  #       uses: actions/setup-node@v3
-  #       with:
-  #         node-version: 18
-  #         cache: 'yarn'
-  #         cache-dependency-path: '**/yarn.lock'
 
-  #     - name: Install packages
-  #       run: yarn
-
-  #     - name: Compile contracts
-  #       run: yarn build
+  test-e2e:
+    name: Test e2e
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
 
-  #     - name: Run e2e tests
-  #       run: yarn test:e2e
-  # test-e2e-custom-fee-token:
-  #   name: Test e2e custom fee token
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - uses: actions/checkout@v3
-  #       with:
-  #         submodules: recursive
+      - uses: OffchainLabs/actions/run-nitro-test-node@main
+        with:
+          l3-node: true
+          no-token-bridge: true
+          no-l3-token-bridge: true
+          nitro-contracts-branch: '${{ github.event.pull_request.head.sha || github.sha }}'
+          nitro-testnode-ref: v3-support
 
-  #     - uses: OffchainLabs/actions/run-nitro-test-node@main
-  #       with:
-  #         l3-node: true
-  #         args: --l3-fee-token
-  #         no-token-bridge: true
-  #         no-l3-token-bridge: true
-  #         nitro-contracts-branch: '${{ github.event.pull_request.head.sha || github.sha }}'
-  #         nitro-testnode-ref: node-18
+      - name: Setup node/yarn
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          cache: 'yarn'
+          cache-dependency-path: '**/yarn.lock'
 
-  #     - name: Setup node/yarn
-  #       uses: actions/setup-node@v3
-  #       with:
-  #         node-version: 18
-  #         cache: 'yarn'
-  #         cache-dependency-path: '**/yarn.lock'
+      - name: Install packages
+        run: yarn
 
-  #     - name: Install packages
-  #       run: yarn
+      - name: Compile contracts
+        run: yarn build
 
-  #     - name: Compile contracts
-  #       run: yarn build
+      - name: Run e2e tests
+        run: yarn test:e2e
 
-  #     - name: Run e2e tests
-  #       run: yarn test:e2e
-  # test-e2e-fee-token-6-decimals:
-  #   name: Test e2e fee token with 6 decimals
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - uses: actions/checkout@v3
-  #       with:
-  #         submodules: recursive
+  test-e2e-custom-fee-token:
+    name: Test e2e custom fee token
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
 
-  #     - uses: OffchainLabs/actions/run-nitro-test-node@main
-  #       with:
-  #         l3-node: true
-  #         args: --l3-fee-token --l3-fee-token-decimals 6
-  #         no-token-bridge: true
-  #         no-l3-token-bridge: true
-  #         nitro-contracts-branch: '${{ github.event.pull_request.head.sha || github.sha }}'
-  #         nitro-testnode-ref: 'non18-decimal-token-node-18'
+      - uses: OffchainLabs/actions/run-nitro-test-node@main
+        with:
+          l3-node: true
+          args: --l3-fee-token
+          no-token-bridge: true
+          no-l3-token-bridge: true
+          nitro-contracts-branch: '${{ github.event.pull_request.head.sha || github.sha }}'
+          nitro-testnode-ref: v3-support
 
-  #     - name: Setup node/yarn
-  #       uses: actions/setup-node@v3
-  #       with:
-  #         node-version: 18
-  #         cache: 'yarn'
-  #         cache-dependency-path: '**/yarn.lock'
+      - name: Setup node/yarn
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          cache: 'yarn'
+          cache-dependency-path: '**/yarn.lock'
 
-  #     - name: Install packages
-  #       run: yarn
+      - name: Install packages
+        run: yarn
 
-  #     - name: Compile contracts
-  #       run: yarn build
+      - name: Compile contracts
+        run: yarn build
 
-  #     - name: Run e2e tests
-  #       run: yarn test:e2e
+      - name: Run e2e tests
+        run: yarn test:e2e
 
-  bold-upgrade:
-    name: BOLD upgrade test
+  test-e2e-fee-token-6-decimals:
+    name: Test e2e fee token with 6 decimals and pricer
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
         with:
           submodules: recursive
 
-      - name: Install Foundry
-        uses: foundry-rs/foundry-toolchain@v1
+      - uses: OffchainLabs/actions/run-nitro-test-node@main
         with:
-          version: nightly
+          l3-node: true
+          args: --l3-fee-token --l3-fee-token-pricer --l3-fee-token-decimals 6
+          no-token-bridge: true
+          no-l3-token-bridge: true
+          nitro-testnode-ref: v3-support
+          nitro-contracts-branch: '${{ github.event.pull_request.head.sha || github.sha }}'
 
       - name: Setup node/yarn
         uses: actions/setup-node@v3
@@ -270,11 +248,41 @@ jobs:
         run: yarn
 
       - name: Compile contracts
-        run: yarn build:all
+        run: yarn build
+
+      - name: Run e2e tests
+        run: yarn test:e2e
+
+  # bold-upgrade:
+  #   name: BOLD upgrade test
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@v3
+  #       with:
+  #         submodules: recursive
+
+  #     - name: Install Foundry
+  #       uses: foundry-rs/foundry-toolchain@v1
+  #       with:
+  #         version: stable
+  #         cache: false
+
+  #     - name: Setup node/yarn
+  #       uses: actions/setup-node@v3
+  #       with:
+  #         node-version: 18
+  #         cache: 'yarn'
+  #         cache-dependency-path: '**/yarn.lock'
+
+  #     - name: Install packages
+  #       run: yarn
+
+  #     - name: Compile contracts
+  #       run: yarn build:all
 
-      - name: Copy .env
-        run: |
-          cp ./.env-sample ./.env
+  #     - name: Copy .env
+  #       run: |
+  #         cp ./.env-sample ./.env
 
-      - name: Test upgrade
-        run: L1_RPC=${{ secrets.L1_RPC || 'https://rpc.ankr.com/eth' }} yarn test:upgrade
+  #     - name: Test upgrade
+  #       run: L1_RPC=${{ secrets.L1_RPC || 'https://rpc.ankr.com/eth' }} yarn test:upgrade
@@ -2,18 +2,8 @@
   "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
   "low": true,
   "allowlist": [
-    // OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
-    "GHSA-4g63-c64m-25w9",
     // OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
-    "GHSA-xrc4-737v-9q75",
-    // OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
-    "GHSA-qh9x-gcfh-pcrw",
-    // OpenZeppelin Contracts vulnerable to ECDSA signature malleability. Only an issue for the functions that take a single `bytes` argument, and not the functions that take `r, v, s` or `r, vs` as separate arguments.
-    "GHSA-4h98-2769-gh6h",
-    // GovernorCompatibilityBravo may trim proposal calldata
     "GHSA-93hq-5wgc-jc82",
-    // OpenZeppelin Contracts ERC165Checker unbounded gas consumption
-    "GHSA-7grf-83vw-6f5x",
     // OpenZeppelin: Using ERC2771Context with a custom forwarder can yield address(0)
     "GHSA-g4vp-m682-qqmp",
     // OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
@@ -22,59 +12,21 @@
     "GHSA-5h3x-9wvq-w4m2",
     // axios cookies data-privacy issue; used only in hardhat-deploy and sol2uml (dev deps)
     "GHSA-wf5p-g6vw-rhxx",
-    // flat vulnerable to Prototype Pollution
-    "GHSA-2j2x-2gpw-g8fm",
-    // regular expression DoS in debug
-    "GHSA-gxpj-cx7g-858c",
-    // tough-cookie Prototype Pollution vulnerability; used only via eth-gas-reporter
-    "GHSA-72xf-g2v4-qvf3",
-    // minimatch ReDoS vulnerability
-    "GHSA-f8q6-p94x-37v3",
-    // Server-Side Request Forgery in Request
-    "GHSA-p8p7-x288-28g6",
     //  OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees; unused
     "GHSA-wprv-93r4-jj2p",
-    //  follow-redirects improperly handles URLs in the url.parse() function
-    "GHSA-jchw-25xp-jwwc",
-    // yargs-parser Vulnerable to Prototype Pollution
-    "GHSA-p9pc-299p-vxgp",
-    // Axios vulnerable to Server-Side Request Forgery
-    "GHSA-4w2v-q235-vp99",
-    // axios Inefficient Regular Expression Complexity vulnerability
-    "GHSA-cph5-m8f7-6c5x",
-    // Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
-    "GHSA-pw2r-vq6v-hr8c",
-    // Exposure of sensitive information in follow-redirects
-    "GHSA-74fj-2j2h-c42q",
     // Open Zeppelin: Base64 encoding may read from potentially dirty memory
     "GHSA-9vx6-7xxf-x967",
     // semver vulnerable to Regular Expression Denial of Service
     "GHSA-c2qf-rxjj-qqgw",
-    // follow-redirects' Proxy-Authorization header kept across hosts
-    "GHSA-cxjh-pqwp-8mfp",
-    // Prototype Pollution in async
-    "GHSA-fwr7-v2mv-hh25",
-    // ws affected by a DoS when handling a request with many HTTP headers
-    "GHSA-3h5v-q93c-6h6q",
-    // Elliptic allows BER-encoded signatures - only used in dev
-    "GHSA-49q7-c7j4-3p7m",
-    // Elliptic's EDDSA missing signature length check - only used in dev
-    "GHSA-f7q4-pwc6-w24p",
-    // Elliptic's ECDSA missing check for whether leading bit of r and s is zero - only used in dev
-    "GHSA-977x-g7h5-7qgw",
     // Server-Side Request Forgery in axios
     "GHSA-8hc4-vh64-cxmj",
     // Regular Expression Denial of Service (ReDoS) in micromatch
     "GHSA-952p-6rrq-rcjv",
     // cookie accepts cookie name, path, and domain with out of bounds characters
     "GHSA-pxg6-pf52-xh8x",
-    // Elliptic's verify function omits uniqueness validation
-    "GHSA-434g-2637-qmqr",
-    // Valid ECDSA signatures erroneously rejected in Elliptic
-    "GHSA-fc9h-whq2-v747",
-    // secp256k1-node allows private key extraction over ECDH
-    "GHSA-584q-6j8j-r5pm",
     // Regular Expression Denial of Service (ReDoS) in cross-spawn
-    "GHSA-3xgq-45jj-v275"
+    "GHSA-3xgq-45jj-v275",
+    // axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL
+    "GHSA-jr5f-v2jv-69x6"
   ]
 }
@@ -1,15 +1,24 @@
 module.exports = async hre => {
   const { deployments, getNamedAccounts, ethers } = hre
-  const { deploy } = deployments
   const { deployer } = await getNamedAccounts()
 
-  const inboxDeployResult = await deploy('InboxStub', {
+  const inboxDeployResult = await deployments.deploy('InboxStub', {
     from: deployer,
     args: [],
   })
 
-  const bridge = await ethers.getContract('BridgeStub')
-  const inbox = await ethers.getContract('InboxStub')
+  const bridge = await ethers.getContractAt(
+    'BridgeStub',
+    (
+      await deployments.get('BridgeStub')
+    ).address
+  )
+  const inbox = await ethers.getContractAt(
+    'InboxStub',
+    (
+      await deployments.get('InboxStub')
+    ).address
+  )
 
   if (inboxDeployResult.newlyDeployed) {
     await bridge.setDelayedInbox(inbox.address, true)