SabeloMkhwanzi/2023-07-foundry-defi-stablecoin

Foundry DeFi Stablecoin CodeHawks Audit Contest

Contest Details

• Total Prize Pool: $15,000
  • HM Awards: $14,000
  • LQAG Awards: $1,000
• Starts July 24, 2023
• Ends August 5th, 2023
• nSLOC: 236
• Complexity: 177

Submissions

• Submit to CodeHawks

In Scope

All contracts in src are in scope.

Note on script folder: The contracts in script are the scripts you can assume are going to be used to deploy and interact with the contracts. If they have an issue that will affect the overall security of the system, they are in scope. However, if they have a security issue that only affects the script and not the overall deployment of the stablecoin protocol, it is out of scope.

Scope

./src/
├── DSCEngine.sol
├── DecentralizedStableCoin.sol
└── libraries
    └── OracleLib.sol

Everything else is considered out of scope.

Known Issues

The following issues can be ignored.

• A known gas issue, is that we use storage variables instead of immutables for storing the addresses of the collateral. You can ignore this.

• If the protocol ever becomes insolvent, there is almost no way to recover. This is a known issue.

Differential Tests

You can find a nearly idential edition of this code in Vyper here. For gas golfers, doing differential tests on these two contracts might be a great starting point.

About

This is Lesson 12 of theUltimate Foundry 27-hour Solidity Course.

This project is meant to be a stablecoin where users can deposit WETH and WBTC in exchange for a token that will be pegged to the USD. The system is meant to be such that someone could fork this codebase, swap out WETH & WBTC for any basket of assets they like, and the code would work the same.

• Foundry DeFi Stablecoin CodeHawks Audit Contest
  • Contest Details
  • Submissions
  • In Scope
  • Scope
• Known Issues
• Differential Tests
• About
• Getting Started
  • Requirements
  • Quickstart
    • Optional Gitpod
• Usage
  • Start a local node
  • Deploy
  • Deploy - Other Network
  • Testing
    • Test Coverage
• Deployment to a testnet or mainnet
  • Scripts
  • Estimate gas
• Formatting

Getting Started

Requirements

• git
  • You'll know you did it right if you can run git --version and you see a response like git version x.x.x
• foundry
  • You'll know you did it right if you can run forge --version and you see a response like forge 0.2.0 (816e00b 2023-03-16T00:05:26.396218Z)

Quickstart

git clone https://github.com/Cyfrin/foundry-defi-stablecoin-codehawks
cd foundry-defi-stablecoin-codehawks
forge build

Optional Gitpod

If you can't or don't want to run and install locally, you can work with this repo in Gitpod. If you do this, you can skip the clone this repo part.

Usage

Start a local node

make anvil

Deploy

This will default to your local node. You need to have it running in another terminal in order for it to deploy.

make deploy

Deploy - Other Network

See below

Testing

We talk about 4 test tiers in the video.

1. Unit
2. Integration
3. Forked
4. Staging

In this repo we cover #1 and Fuzzing.

forge test

Test Coverage

forge coverage

and for coverage based testing:

forge coverage --report debug

Deployment to a testnet or mainnet

1. Setup environment variables

You'll want to set your SEPOLIA_RPC_URL and PRIVATE_KEY as environment variables. You can add them to a .env file, similar to what you see in .env.example.

• PRIVATE_KEY: The private key of your account (like from metamask). NOTE: FOR DEVELOPMENT, PLEASE USE A KEY THAT DOESN'T HAVE ANY REAL FUNDS ASSOCIATED WITH IT.
  • You can learn how to export it here.
• SEPOLIA_RPC_URL: This is url of the goerli testnet node you're working with. You can get setup with one for free from Alchemy

Optionally, add your ETHERSCAN_API_KEY if you want to verify your contract on Etherscan.

1. Get testnet ETH

Head over to faucets.chain.link and get some tesnet ETH. You should see the ETH show up in your metamask.

2. Deploy

make deploy ARGS="--network sepolia"

Scripts

Instead of scripts, we can directly use the cast command to interact with the contract.

For example, on Sepolia:

1. Get some WETH

cast send 0xdd13E55209Fd76AfE204dBda4007C227904f0a81 "deposit()" --value 0.1ether --rpc-url $SEPOLIA_RPC_URL --private-key $PRIVATE_KEY

2. Approve the WETH

cast send 0xdd13E55209Fd76AfE204dBda4007C227904f0a81 "approve(address,uint256)" 0x091EA0838eBD5b7ddA2F2A641B068d6D59639b98 1000000000000000000 --rpc-url $SEPOLIA_RPC_URL --private-key $PRIVATE_KEY

3. Deposit and Mint DSC

cast send 0x091EA0838eBD5b7ddA2F2A641B068d6D59639b98 "depositCollateralAndMintDsc(address,uint256,uint256)" 0xdd13E55209Fd76AfE204dBda4007C227904f0a81 100000000000000000 10000000000000000 --rpc-url $SEPOLIA_RPC_URL --private-key $PRIVATE_KEY

Estimate gas

You can estimate how much gas things cost by running:

forge snapshot

And you'll see and output file called .gas-snapshot

Formatting

To run code formatting:

forge fmt