diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2e1ab882..fdae57ce 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -56,17 +56,17 @@ jobs:
key: cape-v5-${{ hashFiles('Cargo.lock') }}
- name: Linting
- run: nix-shell --run "prepend-timestamps lint-ci"
+ run: nix-shell --run "lint-ci"
- name: Build Slow Tests
# Make sure the slow tests build, but don't run them (we have another workflow for that).
- run: nix-shell --run "prepend-timestamps cargo test --release --features=slow-tests --no-run"
+ run: nix-shell --run "cargo test --release --features=slow-tests --no-run"
- name: Run Tests
- run: nix-shell --run "prepend-timestamps cape-test-geth"
+ run: nix-shell --run "cape-test-geth"
- name: Generate Docs
- run: nix-shell --run "prepend-timestamps make-doc"
+ run: nix-shell --run "make-doc"
- name: Build all executables
run: nix-shell --run "cargo build --release"
diff --git a/.github/workflows/slither.yml b/.github/workflows/slither.yml
new file mode 100644
index 00000000..72990bcc
--- /dev/null
+++ b/.github/workflows/slither.yml
@@ -0,0 +1,42 @@
+name: Slither
+
+on:
+ push:
+ branches:
+ - main
+ pull_request:
+ workflow_dispatch:
+
+jobs:
+ slither:
+ runs-on: [self-hosted, X64]
+ container:
+ image: ghcr.io/espressosystems/nix:main
+ volumes:
+ - github_nix_281:/nix
+ steps:
+ - uses: styfle/cancel-workflow-action@0.9.1
+ name: Cancel Outdated Builds
+ with:
+ access_token: ${{ github.token }}
+
+ - uses: cachix/cachix-action@v10
+ with:
+ name: espresso-systems-private
+ authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+
+ - uses: actions/checkout@v2
+ name: Checkout Repository
+
+ - name: Work around git issue after git CVE-2022-24765 fix.
+ run: git config --global --add safe.directory "$PWD"
+
+ - name: Run slither
+ run: nix-shell --run "slither ./contracts --sarif slither.sarif"
+ continue-on-error: true
+
+ - name: Upload slither SARIF file
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: slither.sarif
+
diff --git a/.github/workflows/slow-tests.yml b/.github/workflows/slow-tests.yml
index ab0148d4..c80218c8 100644
--- a/.github/workflows/slow-tests.yml
+++ b/.github/workflows/slow-tests.yml
@@ -29,7 +29,7 @@ jobs:
- uses: cachix/cachix-action@v10
with:
name: espresso-systems-private
- authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+ authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Potential broken submodules fix
run: |
@@ -53,4 +53,4 @@ jobs:
key: cape-v5-${{ hashFiles('Cargo.lock') }}
- name: Run Tests
- run: nix-shell --run "prepend-timestamps cape-test-geth-slow"
+ run: nix-shell --run "cape-test-geth-slow"
diff --git a/.gitignore b/.gitignore
index 5524ea61..949ddce4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,3 +28,6 @@ __pycache__/
.*.sw*
scratch/
+
+# Slither analysis results
+slither.sarif
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1fbe9c9d..7849574f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,13 +16,13 @@ lint:
tags:
- docker
script:
- - nix-shell --run "prepend-timestamps lint-ci"
+ - nix-shell --run "lint-ci"
test:
tags:
- docker
script:
- - nix-shell --run "prepend-timestamps cape-test-geth"
+ - nix-shell --run "cape-test-geth"
cache:
key: cape-test
paths:
@@ -33,7 +33,7 @@ doc:
tags:
- docker
script:
- - nix-shell --run "prepend-timestamps make-doc"
+ - nix-shell --run "make-doc"
artifacts:
paths:
- doc
diff --git a/Slither.md b/Slither.md
new file mode 100644
index 00000000..e8dc7077
--- /dev/null
+++ b/Slither.md
@@ -0,0 +1,21 @@
+
+
+# Slither
+
+Run `run-slither` to analyze the contracts.
+
+To disable warnings add a code comment, for example
+
+ // slither-disable-next-line variable-scope
+
+The configuration file is [slither.config.json](./slither.config.json).
+
+The slither github workflow file is
+[.github/workflows/slither.yml](./.github/workflows/slither.yml).
diff --git a/bin/prepend-timestamps b/bin/prepend-timestamps
deleted file mode 100755
index 33a9d771..00000000
--- a/bin/prepend-timestamps
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-# Copyright (c) 2022 Espresso Systems (espressosys.com)
-# This file is part of the Configurable Asset Privacy for Ethereum (CAPE) library.
-#
-# This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
-# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with this program. If not, see .
-
-set -euo pipefail
-
-$@ | ts '[%Y-%m-%d %H:%M:%S]'
diff --git a/bin/run-ci-tests b/bin/run-ci-tests
index 8214966d..95908460 100755
--- a/bin/run-ci-tests
+++ b/bin/run-ci-tests
@@ -10,6 +10,7 @@ set -euo pipefail
make-doc
lint-ci
+run-slither
cape-test-geth
echo Ok!
diff --git a/bin/run-slither b/bin/run-slither
index 6eeb4cd9..65001748 100755
--- a/bin/run-slither
+++ b/bin/run-slither
@@ -9,5 +9,4 @@
set -euo pipefail
-slither --solc-remaps @openzeppelin/=`pwd`/node_modules/.pnpm/@openzeppelin+contracts@4.3.3/node_modules/@openzeppelin/,@rari-capital/=`pwd`/node_modules/.pnpm/@rari-capital+solmate@6.2.0/node_modules/@rari-capital/,solidity-bytes-utils/=`pwd`/node_modules/.pnpm/solidity-bytes-utils@0.8.0/node_modules/solidity_bytes_utils/ contracts
-
+slither contracts
diff --git a/contracts/contracts.svg b/contracts/contracts.svg
index 3796a8fd..15d27fbe 100644
--- a/contracts/contracts.svg
+++ b/contracts/contracts.svg
@@ -4,252 +4,255 @@
-