ci: add slither job #431
ci: add slither job #431
Conversation
ci: add more descriptive step names to slither job
ci: set slither target to "src" directory ci: set solidity version for slither compilation to 0.8.19
ci: ignore "solc-version" check from slither job
|
@PaulRBerg, I have added a Slither job to
I opted to compile the files in the target directory using Currently the Slither job is still failing, but this is due to the repo being private and thus requiring Advanced Security to be enabled for the repo to use code scanning. |
|
Update: I have updated the CI script to use the configuration in "slither.config.json" to run the Slither job. |
|
Update: After further investigation, I believe I have pinpointed the issue preventing the use of the local Foundry compilation framework in the Slither job. It seems that the |
There was a problem hiding this comment.
Thanks, @scorpion9979. The PR itself looks great, but the fact that GitHub Code Scanning is available only the Advanced paid plans is a dealbreaker. We will have to wait until we open-source this repository before we merge this PR :(
I opted to compile the files in the target directory using solc instead of the default Foundry compilation framework, as there appeared to be issues with the Foundry configuration
That's strange; the Slither action works in PRBProxy without having to target src.
I have pinpointed the issue preventing the use of the local Foundry compilation framework in the Slither job; It seems that the
filter_pathsfield in the Slither configuration is not working as expected
Should we notify the Slither maintainers about this issue?
UPDATE: as per my comment here, I now realize that I bumped into the same issue when I have first run Slither in this repo. The problem may be due to Sablier using modern Solidity features, e.g. user-defined value types.
|
Ah, wait .. there's another reason why we have to postpone the merge of this PR. Slither does not yet support user-defined operators, but PRBMath V4 (implemented in #432) provides operators. I tried to run Slither locally but got this error:
See the full terminal output here: |
ci: fix double quotes in slither job ci: improve wording in slither summary step name
scorpion9979
force-pushed
the
ci/slither
branch
from
05089d9 to
224bc40
Compare
After reading more about
This could suggest that the specified path will still be accessed by Slither, but any results from that path will be excluded from the final output. This explanation is in line with the behavior where the command
What version of Slither are you running? I tried running the same command locally and it worked fine. Version: Output: |
PaulRBerg
force-pushed
the
main
branch
5 times, most recently
from
32fed59 to
4aafb70
Compare
|
FYI @scorpion9979, we've just made the repo public now - if you ever find a moment to rebase from However, it's worth noting that Slither still doesn't work with user-defined operators: So I'm unsure if we can make Slither work with V2 Core, but it's worth trying! |
|
Thanks, @PaulRBerg. I'll look into this and get back to you ASAP. |
|
@PaulRBerg During my investigation of the problem, I was able to find a tiny bug in the Slither config that was causing the Slither CI job to fail at the solc remapping and compilation step. After addressing the bug, I was able to confirm that the job is now failing due to having no support for the user-defined operators used in prb-math. Local RunCommand:
Version:Slither 0.9.5 Output:
|
|
Thank you for your continued involvement in this PR, @scorpion9979! And sorry to hear that we can't merge this due to Slither not working with user-defined operators 😞 I will keep this PR open but I will mark it as backlog.
Thanks for sharing that. Random pro tip: have you tried Warp? Their permalinks feature is pretty cool. The perfect solution for sharing terminal outputs as you did here. |
|
Thanks, @PaulRBerg. Hopefully user-defined operators will be supported in time. Re Warp: I've looked into using it, but unfortunately it's not available on Linux which is what I personally use. |
|
@PaulRBerg Looks like Slither v0.10.0 fixes the crash on prb-math now, as mentioned in crytic/slither#1989 (comment). I've gone ahead and tested the repo locally with Slither v0.10.0 and I can confirm that it works as shown below. I've also gone ahead and merged the Local RunCommand:
Version:Slither 0.10.0 Output:
|
|
Very cool, thanks for the update @scorpion9979. Could you please fix the git conflicts? And @andreivladbrg, could you please assist Ahmed by reviewing this PR? |
|
@andreivladbrg PR #713 fixes the merge conflicts. |
* docs: delete wikis * test: polish precompiles tests build: add branch for solady in ".gitmodules" * docs: polish deployments section * docs: polish security program * docs: polish license section * chore: remove Codecov token * refactor: update gas snapshot * build: change version to 1.0.0-rc.0 chore: update "repository" in "package.json" * refactor: stringify create2 salts * refactor: rename deployer to broadcaster feat: use $ETH_FROM as broadcaster * chore: fix rpc url for gnosis chain * docs: refine license section * test: update createSelectFork * chore: use solhint-community build: add "solhint-community" node.js dep build: remove "solhint" node.js * build: bump solady * build: release v1.0.0 * test: remove duplicate bounds * docs: mention audits in the bug bounty * chore: say token streaming * test: rename "basic" to "concrete" * test: order imports correctly * perf: use vars.sablierAddress Closes #607 * perf: define "vars.asset" as "address" Closes #608 * fix: data URI scheme test: update hard-coded values test: use LibString to remove data URI prefix Closes #616 * test: update Precompiles bytecodes * docs: roll v1.0.1 docs: add CHANGELOG * docs: update recommended install branch * chore: add missing modifier in test_SetFlashFee test * Add Contribution info in README.md * test: convert 'flashFee' integration tests to unit tests * test: convert 'setFlashFee' integration tests to unit tests * test: add 'Comptroller' setup for concrete unit test * test: update 'flashFee' unit-test to inherit from Comptroller * test: update 'setFlashFee' unit-test to inherit from Comptroller * style: run prettier on README * test: deploy correctly precompiled comptroller * feat: deploy core 2 * test: change default profile value * Fix error when importing @prb/math packages when installed via npm (#648) * fix: address #646 * chore: update remapping in slither config --------- Co-authored-by: Paul Razvan Berg <[email protected]> * test: fix string parameter * docs: roll v1.0.2 * docs: update recommended remapping * docs: add "Architecture" in README closes #551 * perf: dry "isCold" and "isWarm" Closes #610 * docs: fix nitpicks Closes #611 * test: use "given" keyword in branching trees (#656) * refactor: using Given keyword in branching Trees (#641) * Using Given keyword on the branching trees (cherry picked from commit d365705) * test: use "it" for test nodes --------- Co-authored-by: Paul Razvan Berg <[email protected]> test: rename to "givenCallerAdmin" test: use given keyword in the integration branching trees test: use given keyword for modifiers for fuzz tests test: use given keyword in test contracts and brancing trees test: refactor test function names to use Given and When test: refactor test function names to use Given and When refactor: reverting in dev comments refactor: rename test function names to cleaner form test: polish branching trees test: improve "mapSymbol" tree test: improve "safeAssetDecimals" tree test: improve "safeAssetSymbol" tree * refactor: givenWithdrawableAmountNotZero modifier name * test: use "when" for time-related branches * test: address feedback in tree wording branch * test: polish branching trees * fix: remove duplicated branch in createWithMilestones.tree --------- Co-authored-by: Shub <[email protected]> Co-authored-by: andreivladbrg <[email protected]> Co-authored-by: Alexander González <[email protected]> * docs: mention audits * docs: add Discord badge * test: update comment * fix: fix incorrect spec in isStream.tree (#677) * test: use "given" instead of "when" (#678) * test: use "given" instead of "when" * test: correct "given" branches --------- Co-authored-by: andreivladbrg <[email protected]> * ci: cache testing contracts (#681) * Fix Github workflow build cache * ci: add "out" dir in github cache * Update .github/workflows/ci.yml * Update .github/workflows/ci.yml * Update .github/workflows/ci-deep.yml --------- Co-authored-by: Lumyo <[email protected]> Co-authored-by: Paul Razvan Berg <[email protected]> * feat: add transferrable bool field for stream NFT * feat: override _beforeTokenTransfer for Stream NFT and test cases * test: Add test for NFT transfer functionality * test: add more testing and resolve #669 * perf: dry "_beforeTokenTransfer" refactor: remove "canStreamTransfer" refactor: remove double "r" in "transferrable" refactor: simplify implementation test: allow non-transferable streams in invariant tests test: dry tests for "isTransferable" test: improve function and test names * test: add a new branch to burn.tree * test: polish burn tests * test: update precompiles * feat: implement _afterTokenTransfer to emit an event * test: expect MetadataUpdate event to be emitted * test: update Precompiles bytecode * test: transferFrom function * chore: add commented parameters in ERC721 hooks * docs: improve writing in NatSpec test: fix typos * build: upgrade solidity version to 0.8.21 (#688) * build: upgrade solidity version to 0.8.21 * build: bump the pragma back to >=0.8.19 * build: show unproved and unsupported SMTChecker * refactor: update gas snapshot --------- Co-authored-by: Paul Razvan Berg <[email protected]> * refactor: change the streamed amount to total amount in NFT SVG (#692) * refactor: change the streamed card from NFT SVG with total build: update shell scripts accordingly test: update tests accordingly * chore: say "total amount" in comments for total card * refactor: change the "Total" from NFT SVG with "Amount" build: update shell script accordingly test: update tests accordingly * chore: fix typo in shell script * refactor: dry-fy withdraw function refactor: dry-fy renounce function * build: remove OZ from peer dependencies * docs: roll 1.1.0 (#693) * docs: roll 1.1.0 * docs: update changelog --------- Co-authored-by: Paul Razvan Berg <[email protected]> * chore: fix typo in DataTypes * docs: correct github hyperlink docs: order change logs chronologically * docs: update changelog * build: switch to "solhint" chore: disable Solhint rules * refactor: capitalize immutable variables (#700) * refactor: capitalize immutable variables in NoDelegateCall build: remove "immutable-vars-naming" from solhint file * test: make asset and holder immutable in fork tests test: capitalize constans in fork tests * docs: polish background description * chore: remove "cbor_metadata" * perf: optimize withdraw function * Remove the ability to cancel for recipients (#710) * feat: remove ability to cancel for recipient feat: remove sender's hook test: update tests accordingly * feat: emit asset in cancel and withdraw events refactor: remove recipient from cancel event test: update tests accordingly test: update precompiles bytecode * chore: update gas snapshot * test: update Precompiles bytecode * docs: include recipient disable to cancel in changelog * refactor: add "recipient" in cancel event docs: refine explanatory comments refactor: reorder parameters in events * test: update Precompiles bytecode * chore: add explantory comment --------- Co-authored-by: Paul Razvan Berg <[email protected]> * test: add DeployOptimized utils contracts (#712) * test: add DeployOptimized utils contracts test: move and rename functions from Base_Test * docs: fix typo in comments * test: rename deploy optimized functions --------- Co-authored-by: Paul Razvan Berg <[email protected]> * style: fix Prettier formatting issue --------- Co-authored-by: Paul Razvan Berg <[email protected]> Co-authored-by: andreivladbrg <[email protected]> Co-authored-by: Anton Cheng <[email protected]> Co-authored-by: Prince Allwin <[email protected]> Co-authored-by: PraneshASP <[email protected]> Co-authored-by: Andrei Vlad Birgaoanu <[email protected]> Co-authored-by: Shub <[email protected]> Co-authored-by: Alexander González <[email protected]> Co-authored-by: Lumyo <[email protected]>
it seems it doesn't, there have been too many commits since this PR was created. I think it would be better to start a new PR starting from main, and include this change. Can you work on this @scorpion9979 ? |
|
@andreivladbrg Done here: #714 |
|
Closing in favor of #714 |
Addresses #418.