/v1

Secure your protocol and maintain composability by plugging into Cypher.

Primary LanguageSolidityGNU Affero General Public License v3.0AGPL-3.0

🔐 cypher • ci license solidity

Introducing Cypher, an on-chain security system to help prevent hacks. Integrate with all of your other preferred protocols and monitoring services.

Website

Deploy your contracts through our frontend with your custom parameters, extend our EscrowContract, and add these lines to your withdraw function:

import { CypherProtocol } from "../../src/CypherProtocol.sol";

contract MockProtocol is CypherProtocol {
  constructor(address deployer, address registry)
    CypherProtocol("MockProtocol", deployer, registry)
  {}
}

ICypherEscrow escrow = ICypherEscrow(getEscrow());
escrow.escrowETH{ value: ethBalances[msg.sender] }(msg.sender, msg.sender, 1);

From there, select how you want to be communicated with:

  • Twitter
  • Discord
  • Telegram
  • Cell
  • Email

Features

  • Reentrancy protection mechanism
    • ETH deposited reentrancy
    • ERC20 deposited reentrancy
  • Testing Suite
    • ETH deposited reentrancy
    • ERC20 deposited reentrancy
  • Check against flashbots (MEV)
  • onERC721Received
  • onERC1155Received

Deploying contracts for tests

  1. fill out your own .env with these vars:
# RPC URL sourced by scripts
RPC_URL=[enter_here]

# The deployment private key sourced by scripts
DEPLOYER_KEY=[enter_here]

# Etherscan key for contract verification
ETHERSCAN_KEY=[enter_here]
  1. Enter this command to trigger Foundry's shell scripts: bash utils/run_script.sh
  2. Then, when it asks you for the command, enter one of these depending on what you want to test: Deploy DeployProd Mint
  3. Check the chain!

Checklist

Ensure you completed all of the steps below before submitting your pull request:

  • Ran forge snapshot?
  • Ran npm run lint?
  • Ran forge test?

Commits

  • ♻️ refactor
  • 📝 docs
  • ✨ feat
  • 👷‍♂️ edit
  • 🎨 cleanup
  • ⚡️ gas optimize

Blueprint

lib
├─ forge-std — https://github.com/foundry-rs/forge-std
├─ solmate — https://github.com/Rari-Capital/solmate
scripts
├─ Deploy.s.sol — Simple Deployment Script
src
├─ CypherEscrowCore escrow contract for your protocol
├─ CypherProtocolThe interface for your contracts
├─ CypherRegistryDatabase of all registered Cypher contracts
test
└─ CypherEscrow.t — Exhaustive tests for ETH based reentrancy hacks
└─ CypherEscrowERC20.t — Exhaustive tests for ERC20 based reentrancy hacks

Development

Setup

forge install

Building

forge build

Testing

forge test

Deployment & Verification

Inside the utils/ directory are a few preconfigured scripts that can be used to deploy and verify contracts.

Scripts take inputs from the cli, using silent mode to hide any sensitive information.

NOTE: These scripts are required to be _executable meaning they must be made executable by running chmod +x ./utils/*._

NOTE: these scripts will prompt you for the contract name and deployed addresses (when verifying). Also, they use the -i flag on forge to ask for your private key for deployment. This uses silent mode which keeps your private key from being printed to the console (and visible in logs).

First time with Forge/Foundry?

See the official Foundry installation instructions.

Then, install the foundry toolchain installer (foundryup) with:

curl -L https://foundry.paradigm.xyz | bash

Now that you've installed the foundryup binary, anytime you need to get the latest forge or cast binaries, you can run foundryup.

So, simply execute:

foundryup

🎉 Foundry is installed! 🎉

Writing Tests with Foundry

With Foundry, all tests are written in Solidity! 🥳

Create a test file for your contract in the test/ directory.

For example, src/Greeter.sol has its test file defined in ./test/Greeter.t.sol.

To learn more about writing tests in Solidity for Foundry, reference Rari Capital's solmate repository created by @transmissions11.

Configure Foundry

Using foundry.toml, Foundry is easily configurable.

For a full list of configuration options, see the Foundry configuration documentation.

License

AGPL-3.0-only

Acknowledgements

Disclaimer

These smart contracts are being provided as is. No guarantee, representation or warranty is being made, express or implied, as to the safety or correctness of the user interface or the smart contracts. They have not been audited and as such there can be no assurance they will work as intended, and users may experience delays, failures, errors, omissions, loss of transmitted information or loss of funds. The creators are not liable for any of the foregoing. Users should proceed with caution and use at their own risk.