diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml new file mode 100644 index 000000000000..9eab9a0b3de9 --- /dev/null +++ b/.github/workflows/static-analysis.yml @@ -0,0 +1,61 @@ +name: Static analysis + +on: + push: + branches: + - master + - develop + pull_request: + workflow_dispatch: + +env: + PYTEST_ADDOPTS: "--color=yes" + +jobs: + slither: + name: Slither run + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Fetch history + run: git fetch + + - name: Setup node + uses: actions/setup-node@v1 + with: + node-version: '12.x' + + - name: Get yarn cache directory path + id: yarn-cache-dir-path + run: echo "::set-output name=dir::$(yarn cache dir)" + + - uses: actions/cache@v2 + id: yarn-cache + with: + path: ${{ steps.yarn-cache-dir-path.outputs.dir }} + key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} + restore-keys: | + ${{ runner.os }}-yarn- + + - name: Install Dependencies + # only install dependencies if there was a change in the deps + # if: steps.yarn-cache.outputs.cache-hit != 'true' + run: yarn install + + - name: Build + run: yarn build + + - name: Set up Python 3.8 + uses: actions/setup-python@v2 + with: + python-version: '3.8' + + - name: Install Slither + run: pip3 install slither-analyzer + + - name: Run analysis + working-directory: ./packages/contracts + shell: bash + run: yarn test:slither + continue-on-error: true diff --git a/.gitignore b/.gitignore index 18b731ead5fc..45c8671678a8 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,9 @@ cache-ovm l2geth/build/bin packages/contracts/deployments/custom packages/contracts/coverage* +packages/contracts/@ens* +packages/contracts/@openzeppelin* +packages/contracts/hardhat* packages/data-transport-layer/db diff --git a/.nvmrc b/.nvmrc new file mode 100644 index 000000000000..62df50f1eefe --- /dev/null +++ b/.nvmrc @@ -0,0 +1 @@ +14.17.0 diff --git a/README.md b/README.md index d7b11ea584f2..8ed492095de5 100644 --- a/README.md +++ b/README.md @@ -23,14 +23,14 @@ Extensive documentation is available [here](http://community.optimism.io/docs/) * [`message-relayer`](./packages/message-relayer): Service for relaying L2 messages to L1 * [`l2geth`](./l2geth): Fork of [go-ethereum v1.9.10](https://github.com/ethereum/go-ethereum/tree/v1.9.10) implementing the [OVM](https://research.paradigm.xyz/optimism#optimistic-geth). * [`integration-tests`](./integration-tests): Integration tests between a L1 testnet, `l2geth`, -* [`ops`](./ops): Contains Dockerfiles for containerizing each service involved in the protocol, +* [`ops`](./ops): Contains Dockerfiles for containerizing each service involved in the protocol, as well as a docker-compose file for bringing up local testnets easily ## Quickstart ### Installation -Dependency management is done using `yarn`. +Dependency management is done using `yarn`. ```bash git clone git@github.com:ethereum-optimism/optimism.git @@ -67,7 +67,7 @@ you can run `yarn lerna run test --parallel --since master` #### Running the integration tests The integration tests first require bringing up the Optimism stack. This is done via -a Docker Compose network. For better performance, we also recommend enabling Docker +a Docker Compose network. For better performance, we also recommend enabling Docker BuildKit ```bash @@ -110,3 +110,11 @@ can be hard to filter through. In order to view the logs from a specific service ``` docker-compose logs --follow ``` +### Static analysis + +To run `slither` locally in `./packages/contracts` do + +``` +pip3 install slither-analyzer +yarn test:slither +``` diff --git a/ops/docker/hardhat/yarn.lock b/ops/docker/hardhat/yarn.lock index bad1ef0d6d31..5d7149c252ea 100644 --- a/ops/docker/hardhat/yarn.lock +++ b/ops/docker/hardhat/yarn.lock @@ -2252,9 +2252,9 @@ wrappy@1: integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8= ws@^7.2.1: - version "7.4.4" - resolved "https://registry.yarnpkg.com/ws/-/ws-7.4.4.tgz#383bc9742cb202292c9077ceab6f6047b17f2d59" - integrity sha512-Qm8k8ojNQIMx7S+Zp8u/uHOx7Qazv3Yv4q68MiWWWOJhiwG5W3x7iqmRtJo8xxrciZUY4vRxUTJCKuRnF28ZZw== + version "7.4.6" + resolved "https://registry.yarnpkg.com/ws/-/ws-7.4.6.tgz#5654ca8ecdeee47c33a9a4bf6d28e2be2980377c" + integrity sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A== xtend@^4.0.0, xtend@^4.0.1, xtend@~4.0.0: version "4.0.2" diff --git a/packages/contracts/package.json b/packages/contracts/package.json index e8f750f6d7a3..ec5771a978c3 100644 --- a/packages/contracts/package.json +++ b/packages/contracts/package.json @@ -32,6 +32,9 @@ "test:contracts": "hardhat test --show-stack-traces", "test:gas": "hardhat test \"test/contracts/OVM/execution/OVM_StateManager.gas-spec.ts\" --no-compile --show-stack-traces", "test:coverage": "NODE_OPTIONS=--max_old_space_size=8192 hardhat coverage", + "test:slither": "slither .", + "pretest:slither": "rm -f @openzeppelin && rm -f @ens && rm -f hardhat && ln -s ../../node_modules/@openzeppelin @openzeppelin && ln -s ../../node_modules/@ens @ens && ln -s ../../node_modules/hardhat hardhat", + "posttest:slither": "rm -f @openzeppelin && rm -f @ens && rm -f hardhat", "lint": "yarn lint:fix && yarn lint:check", "lint:fix": "yarn run lint:fix:typescript", "lint:fix:typescript": "prettier --config .prettierrc.json --write \"hardhat.config.ts\" \"{src,test}/**/*.ts\"", diff --git a/packages/contracts/slither.config.json b/packages/contracts/slither.config.json new file mode 100644 index 000000000000..8827f71e57ec --- /dev/null +++ b/packages/contracts/slither.config.json @@ -0,0 +1,12 @@ +{ + "detectors_to_exclude": "conformance-to-solidity-naming-conventions,assembly-usage,low-level-calls,block-timestamp", + "exclude_informational": false, + "exclude_low": false, + "exclude_medium": false, + "exclude_high": false, + "solc_disable_warnings": false, + "hardhat_ignore_compile": true, + "disable_color": false, + "exclude_dependencies": true, + "filter_paths": "@openzeppelin|hardhat|contracts/test-helpers|contracts/test-libraries" +}