SizeCredit · aviggiano · Jul 16, 2024 · Jul 3, 2024 · Jul 3, 2024 · Jul 3, 2024
diff --git a/.env-example b/.env-example
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -12,11 +12,11 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  test:
+  sizes:
     strategy:
       fail-fast: true
 
-    name: Foundry
+    name: Contract sizes
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -28,23 +28,79 @@ jobs:
         with:
           version: nightly
 
-      - name: Format
-        run: |
-          forge fmt --check
-        id: fmt
-
       - name: Contract sizes
         run: |
           forge --version
           forge build --sizes --skip CryticTester
         id: build
 
+  fmt:
+    strategy:
+      fail-fast: true
+
+    name: Forge Fmt
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Setup Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: nightly
+
+      - name: Format
+        run: |
+          forge fmt --check
+        id: fmt
+
+  test:
+    strategy:
+      fail-fast: true
+
+    name: Forge Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Setup Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: nightly
+
       - name: Test
         run: |
           forge test -vvv
         id: test
+
+  testFork:
+    strategy:
+      fail-fast: true
+
+    name: Forge Fork Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Setup Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: nightly
+
+      - name: Test Fork
+        run: |
+          forge test -vvv
+        id: test
         env:
-          API_KEY_INFURA: ${{ secrets.API_KEY_INFURA }} 
+          API_KEY_INFURA: ${{ secrets.API_KEY_INFURA }}
+          FOUNDRY_INVARIANT_RUNS: 0
+          FOUNDRY_INVARIANT_DEPTH: 0
+          FOUNDRY_PROFILE: fork
 
   slither:
     strategy:
@@ -87,8 +143,9 @@ jobs:
         run: npm run solhint
 
   invariants:
-    needs: [test, slither, solhint]
+    needs: [sizes, fmt, test, testFork, slither, solhint]
     strategy:
+      fail-fast: true
       matrix:
         mode: [assertion, property]
 
@@ -124,13 +181,12 @@ jobs:
           ./script/prepare_crytic.sh
           ./echidna . --contract CryticTester --config echidna.yaml --test-mode ${{ matrix.mode }} --corpus-dir corpus --test-limit 10000
 
-  abi-coverage:
+  abi:
     strategy:
       fail-fast: true
 
-    name: ABI/Coverage
+    name: ABI
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/main'
     steps:
       - uses: actions/checkout@v3
         with:
@@ -144,35 +200,54 @@ jobs:
       - name: Install dependencies
         run: npm install
 
-      - name: Setup git config
-        run: |
-          git config --local user.email "dev@size.cash"
-          git config --local user.name "Size"
-
-      - name: Coverage
-        run: |
-          ./script/update_readme_coverage.sh
-          git add README.md
-          git commit -m "Update coverage [skip ci]" || true
-
       - name: ABI
         run: |
           forge build --build-info
 
-      - name: Archive production artifacts
+      - name: Archive ABI
         uses: actions/upload-artifact@v4
         with:
           name: abi
           path: |
             out/Size.sol/Size.json
-            out/PriceFeed.sol/PriceFeed.json
-            out/VariablePoolBorrowRateFeed.sol/VariablePoolBorrowRateFeed.json
-            out/PoolMock.sol/PoolMock.json
+            out/IPriceFeed.sol/IPriceFeed.json
+            out/IPool.sol/IPool.json
             out/WETH.sol/WETH.json
             out/USDC.sol/USDC.json
             out/Errors.sol/Errors.json
             out/Events.sol/Events.json
 
+  coverage:
+    strategy:
+      fail-fast: true
+
+    name: Coverage
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Setup Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: nightly
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Setup git config
+        run: |
+          git config --local user.email "dev@size.cash"
+          git config --local user.name "Size"
+
+      - name: Coverage
+        run: |
+          ./script/update_readme_coverage.sh
+          git add README.md
+          git commit -m "Update coverage [skip ci]" || true
+
       - name: Push
         run: |
           git push https://${{ env.token }}@github.com/${{ github.event.repository.full_name }}.git

diff --git a/.gitignore b/.gitignore
@@ -10,8 +10,8 @@ out/
 # Docs
 docs/
 
-# Dotenv file
-.env
+# Dotenv files
+.env*
 
 # plots
 plots/*.csv

diff --git a/README.md b/README.md
@@ -11,13 +11,16 @@ Supported pair:
 Target networks:
 
 - Ethereum mainnet
-- Base
+- [Base](./deployments/8453.json)
 
 ## Audits
 
-- [2024-03-19 - LightChaserV3](./audits/2024-03-19-LightChaserV3.md)
+- [2024-06-10 - Code4rena (WIP)](https://code4rena.com/reports/2024-06-size)
+- [2024-06-08 - Spearbit](./audits/2024-06-08-Spearbit.pdf)
 - [2024-03-26 - Solidified](./audits/2024-03-26-Solidified.pdf)
-- [2024-05-30 - Spearbit (draft)](./audits/2024-05-30-Spearbit-draft.pdf)
+- [2024-03-19 - LightChaserV3](./audits/2024-03-19-LightChaserV3.md)
+
+For bug reports, please refer to our [Bug Bounty Program](https://size.credit/)
 
 ## Documentation
 
@@ -175,6 +178,13 @@ yarn echidna-property
 yarn echidna-assertion
 ```
 
+### Onchain fuzzing
+
+```bash
+source .env
+FOUNDRY_PROFILE=fork FOUNDRY_INVARIANT_RUNS=0 FOUNDRY_INVARIANT_DEPTH=0 forge test --mc FoundryForkTester -vvvvv --ffi
+```
+
 Check the coverage report with
 
 ```bash
@@ -215,6 +225,20 @@ for i in {0..5}; do halmos --loop $i; done
 ## Deployment
 
 ```bash
-source .env
-CHAIN_NAME=$CHAIN_NAME DEPLOYER_ADDRESS=$DEPLOYER_ADDRESS yarn deploy-sepolia-mocks --broadcast
+source .env.base_sepolia
+forge script script/Deploy.s.sol --rpc-url $RPC_URL --gas-limit 30000000 --sender $DEPLOYER_ADDRESS --account $DEPLOYER_ACCOUNT --ffi --verify
+```
+
+### Deployment checklist
+
+1. Deploy
+2. Grant `KEEPER_ROLE` to keeper bot
+3. Grant `BORROW_RATE_UPDATER_ROLE` to updater bot
+4. Grant `PAUSER_ROLE` to pauser bot
+
+## Upgrade
+
+```bash
+source .env.sepolia
+forge script script/Upgrade.s.sol --rpc-url $RPC_URL --gas-limit 30000000 --sender $DEPLOYER_ADDRESS --account $DEPLOYER_ACCOUNT --ffi --verify
 ```
diff --git a/audits/2024-05-30-Spearbit-draft.pdf → audits/2024-06-08-Spearbit.pdf b/audits/2024-05-30-Spearbit-draft.pdf → audits/2024-06-08-Spearbit.pdf