DEV Community: Ayden The latest articles on DEV Community by Ayden (@coffiasd). https://dev.to/coffiasd https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F915214%2Fb10a88f5-58a0-4e1e-8b40-af1947d6fb62.png DEV Community: Ayden https://dev.to/coffiasd en Audit H/M report Summary from Ondo code4rena Ayden Fri, 13 Oct 2023 06:07:27 +0000 https://dev.to/coffiasd/audit-hm-report-summary-from-ondo-code4rena-4dii https://dev.to/coffiasd/audit-hm-report-summary-from-ondo-code4rena-4dii <h2> 1.Chain support chain cannot be removed or cleared in bridge contracts. </h2> <p>Contracts provide a way to add support for a chain; however, they do not provide a way to delete it.<br> When a contract offers an addition method, it's important to consider whether it should also provide a deletion method</p> <h2> 2.Contract use msg.sender as remote chain receiver when bridge token. </h2> <p>AA wallet like safe has different wallet address on different chains.<br> This vulnerability requires us to be familiar with some commonly used third-party tools in order to discover it</p> <h2> 3.Two different transactions can result in the same txnHash value, thus breaking the approval process of transaction minting </h2> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="n">txnHashToTransaction</span><span class="p">[</span><span class="n">txnHash</span><span class="p">]</span> <span class="o">=</span> <span class="n">Transaction</span><span class="p">(</span><span class="n">srcSender</span><span class="p">,</span> <span class="n">amt</span><span class="p">);</span> </code></pre> </div> <p>Consider whether the keys in similar mappings are always unique?</p> <h2> 4.Admin can’t burn tokens from blocklisted addresses because of a check in _beforeTokenTransfer </h2> <p>The burn operation prematurely calls the beforeTransfer function, but beforeTransfer needs to check if the address is blocked, which hinders the successful execution of the burn</p> <h2> origin </h2> <p><a href="https://blog.coffiasd.cn/23-10-13.html">https://blog.coffiasd.cn/23-10-13.html</a></p> <h2> contact me for SC private review </h2> <p>Twitter:<a href="https://twitter.com/coffiasse">https://twitter.com/coffiasse</a><br> Github:<a href="https://github.com/coffiasd">https://github.com/coffiasd</a><br> TG:<a class="mentioned-user" href="https://dev.to/coffiasd">@coffiasd</a></p> solidity All you need to know about openzeppelin access control Ayden Thu, 27 Jul 2023 04:57:34 +0000 https://dev.to/coffiasd/all-you-need-to-know-about-openzeppelin-access-control-18h8 https://dev.to/coffiasd/all-you-need-to-know-about-openzeppelin-access-control-18h8 <h2> what is access control </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--NF6fU7_i--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://github.com/coffiasd/images/blob/6b8faa901198b07cf99a106518dc14842cc4fe1f/030726.png%3Fraw%3Dtrue" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--NF6fU7_i--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://github.com/coffiasd/images/blob/6b8faa901198b07cf99a106518dc14842cc4fe1f/030726.png%3Fraw%3Dtrue" alt="Alt access control" width="800" height="420"></a></p> <p>Basiclly,access control means "who is allowed to do this thing".It's quite important for smart contract to specify a particular address who can totally control the whole system.Therefor it's critical to fully understand how to use access control before using it in your project or just copy some example code from somewhere.<br> In openzeppelin there are mainly two ways to implementing access control.</p> <ul> <li>Single onlyOwner role</li> <li>Role-Based Access Control (RBAC)</li> </ul> <p>Let's dive into how to master this 2 ways.</p> <h2> master how to use it by practice </h2> <h3> OnlyOwner </h3> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="k">pragma</span> <span class="n">solidity</span> <span class="o">^</span><span class="mf">0.8</span><span class="p">.</span><span class="mi">0</span><span class="p">;</span> <span class="k">import</span> <span class="s">"@openzeppelin/contracts/access/Ownable.sol"</span><span class="p">;</span> <span class="k">contract</span> <span class="n">MyContract</span> <span class="k">is</span> <span class="n">Ownable</span> <span class="p">{</span> <span class="k">function</span> <span class="n">normalThing</span><span class="p">()</span> <span class="k">public</span> <span class="p">{</span> <span class="c1">// anyone can call this normalThing() </span> <span class="p">}</span> <span class="k">function</span> <span class="n">specialThing</span><span class="p">()</span> <span class="k">public</span> <span class="n">onlyOwner</span> <span class="p">{</span> <span class="c1">// only the owner can call specialThing()! </span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>let's create two user for our test.</p> <ul> <li>owner address</li> <li>arbitrary address </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code> <span class="kt">address</span> <span class="n">owner</span> <span class="o">=</span> <span class="kt">address</span><span class="p">(</span><span class="mh">0x100</span><span class="p">);</span> <span class="kt">address</span> <span class="n">arbitrary</span> <span class="o">=</span> <span class="kt">address</span><span class="p">(</span><span class="mh">0x101</span><span class="p">);</span> </code></pre> </div> <p>and the we use owner address to create the smart contract,it's quite simple you don't even need to pass any parameters.openzeppelin <code>Ownable</code> would set msg.sender as it's owner as default.we use foundry for testing,if you're not familiar with foundry,go and learn it first before proceeding further.</p> <p>Firstly,we use owner address create our smart contract above in foundry test contract setUp function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="c1">//let's set address owner to msg.sender. </span><span class="n">vm</span><span class="p">.</span><span class="n">prank</span><span class="p">(</span><span class="n">owner</span><span class="p">);</span> <span class="c1">//create the contract. </span><span class="n">myContract</span> <span class="o">=</span> <span class="k">new</span> <span class="n">MyContract</span><span class="p">();</span> </code></pre> </div> <p>And then we use the arbitrary address to invoke the <code>specialThing</code> function which is protected by onlyOwner modifier.As expect the invoke revert because of access control.Here goes the code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="c1">//use arbitrary address invoke specialThing() function. </span><span class="n">vm</span><span class="p">.</span><span class="n">prank</span><span class="p">(</span><span class="n">arbitrary</span><span class="p">);</span> <span class="n">vm</span><span class="p">.</span><span class="n">expectRevert</span><span class="p">(</span><span class="s">"Ownable: caller is not the owner"</span><span class="p">);</span> <span class="n">myContract</span><span class="p">.</span><span class="n">specialThing</span><span class="p">();</span> </code></pre> </div> <p>Finally,we use our owner who master the contract invoke the <code>specialThing</code> function.As you see the owne succeed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="c1">//switch to owner. </span><span class="n">vm</span><span class="p">.</span><span class="n">prank</span><span class="p">(</span><span class="n">owner</span><span class="p">);</span> <span class="n">myContract</span><span class="p">.</span><span class="n">specialThing</span><span class="p">();</span> </code></pre> </div> <p>If you want the whole example codes go for:<a href="https://gist.github.com/coffiasd/84552b5a33845fa567bfc3aa5204d460">https://gist.github.com/coffiasd/84552b5a33845fa567bfc3aa5204d460</a><br> If you have any questions, you can also reach me through the contact information below.</p> <h3> Role-Based Access Control </h3> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="k">pragma</span> <span class="n">solidity</span> <span class="o">^</span><span class="mf">0.8</span><span class="p">.</span><span class="mi">0</span><span class="p">;</span> <span class="k">import</span> <span class="s">"@openzeppelin/contracts/access/AccessControl.sol"</span><span class="p">;</span> <span class="k">import</span> <span class="s">"@openzeppelin/contracts/token/ERC20/ERC20.sol"</span><span class="p">;</span> <span class="k">contract</span> <span class="n">MyToken2</span> <span class="k">is</span> <span class="n">ERC20</span><span class="p">,</span> <span class="n">AccessControl</span> <span class="p">{</span> <span class="c1">// Create a new role identifier for the minter role </span> <span class="kt">bytes32</span> <span class="k">public</span> <span class="k">constant</span> <span class="n">MINTER_ROLE</span> <span class="o">=</span> <span class="nb">keccak256</span><span class="p">(</span><span class="s">"MINTER_ROLE"</span><span class="p">);</span> <span class="k">constructor</span><span class="p">(</span><span class="kt">address</span> <span class="n">minter</span><span class="p">)</span> <span class="n">ERC20</span><span class="p">(</span><span class="s">"MyToken"</span><span class="p">,</span> <span class="s">"TKN"</span><span class="p">)</span> <span class="p">{</span> <span class="n">_grantRole</span><span class="p">(</span><span class="n">DEFAULT_ADMIN_ROLE</span><span class="p">,</span> <span class="n">minter</span><span class="p">);</span> <span class="c1">// Grant the minter role to a specified account </span> <span class="n">_grantRole</span><span class="p">(</span><span class="n">MINTER_ROLE</span><span class="p">,</span> <span class="n">minter</span><span class="p">);</span> <span class="p">}</span> <span class="k">function</span> <span class="n">mint</span><span class="p">(</span><span class="kt">address</span> <span class="n">to</span><span class="p">,</span> <span class="kt">uint256</span> <span class="n">amount</span><span class="p">)</span> <span class="k">public</span> <span class="p">{</span> <span class="c1">// Check that the calling account has the minter role </span> <span class="nb">require</span><span class="p">(</span><span class="n">hasRole</span><span class="p">(</span><span class="n">MINTER_ROLE</span><span class="p">,</span> <span class="n">msg</span><span class="p">.</span><span class="n">sender</span><span class="p">),</span> <span class="s">"Caller is not a minter"</span><span class="p">);</span> <span class="n">_mint</span><span class="p">(</span><span class="n">to</span><span class="p">,</span> <span class="n">amount</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>We can create whatever role we want in Role-Based Access Control (RBAC) contract.Let's say we want create a minter role who can mint some ERC20 token.We can use a special constant <code>bytes32</code> as the name of the role like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="c1">// Create a new role identifier for the minter role </span><span class="kt">bytes32</span> <span class="k">public</span> <span class="k">constant</span> <span class="n">MINTER_ROLE</span> <span class="o">=</span> <span class="nb">keccak256</span><span class="p">(</span><span class="s">"MINTER_ROLE"</span><span class="p">);</span> </code></pre> </div> <p>Firstly,we use <code>owner</code> address as our minter to create our access control contract.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code> <span class="n">myToken</span> <span class="o">=</span> <span class="k">new</span> <span class="n">MyToken2</span><span class="p">(</span><span class="n">owner</span><span class="p">);</span> </code></pre> </div> <p>And then we use the arbitrary user to mint some ERC20 token:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="c1">//use arbitrary address invoke mint() function. </span><span class="n">vm</span><span class="p">.</span><span class="n">prank</span><span class="p">(</span><span class="n">arbitrary</span><span class="p">);</span> <span class="n">vm</span><span class="p">.</span><span class="n">expectRevert</span><span class="p">(</span><span class="s">"Caller is not a minter"</span><span class="p">);</span> <span class="n">myToken</span><span class="p">.</span><span class="n">mint</span><span class="p">(</span><span class="kt">address</span><span class="p">(</span><span class="nb">this</span><span class="p">),</span> <span class="mi">1</span><span class="p">);</span> </code></pre> </div> <p>the above invoke would be revert because of arbitrary don't hold the minter role.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="c1">//switch to owner. </span><span class="n">vm</span><span class="p">.</span><span class="n">prank</span><span class="p">(</span><span class="n">owner</span><span class="p">);</span> <span class="n">myToken</span><span class="p">.</span><span class="n">mint</span><span class="p">(</span><span class="kt">address</span><span class="p">(</span><span class="nb">this</span><span class="p">),</span> <span class="mi">1</span><span class="p">);</span> </code></pre> </div> <p>If we switch msg.sender to owner the call would successed.</p> <p>What's more? we can use owner address to grant a <code>minter</code> role whoever we want.Let's say we grant the <code>minter</code> role to the arbitrary address:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="n">vm</span><span class="p">.</span><span class="n">prank</span><span class="p">(</span><span class="n">owner</span><span class="p">);</span> <span class="n">myToken</span><span class="p">.</span><span class="n">grantRole</span><span class="p">(</span><span class="nb">keccak256</span><span class="p">(</span><span class="s">"MINTER_ROLE"</span><span class="p">),</span> <span class="n">arbitrary</span><span class="p">);</span> <span class="n">vm</span><span class="p">.</span><span class="n">prank</span><span class="p">(</span><span class="n">arbitrary</span><span class="p">);</span> <span class="n">myToken</span><span class="p">.</span><span class="n">mint</span><span class="p">(</span><span class="kt">address</span><span class="p">(</span><span class="nb">this</span><span class="p">),</span> <span class="mi">1</span><span class="p">);</span> </code></pre> </div> <p>After invoke the grantRole function the arbitrary has the right to mint token.</p> <p>At the same time,arbitrary address don't has the right to grant role to another address:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="n">vm</span><span class="p">.</span><span class="n">prank</span><span class="p">(</span><span class="n">arbitrary</span><span class="p">);</span> <span class="n">vm</span><span class="p">.</span><span class="n">expectRevert</span><span class="p">();</span> <span class="n">myToken</span><span class="p">.</span><span class="n">grantRole</span><span class="p">(</span><span class="nb">keccak256</span><span class="p">(</span><span class="s">"MINTER_ROLE"</span><span class="p">),</span> <span class="kt">address</span><span class="p">(</span><span class="mh">0x1001</span><span class="p">));</span> </code></pre> </div> <p>As the owner we also have the right to revoke role we grant before:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="n">vm</span><span class="p">.</span><span class="n">prank</span><span class="p">(</span><span class="n">owner</span><span class="p">);</span> <span class="n">myToken</span><span class="p">.</span><span class="n">revokeRole</span><span class="p">(</span><span class="nb">keccak256</span><span class="p">(</span><span class="s">"MINTER_ROLE"</span><span class="p">),</span> <span class="n">arbitrary</span><span class="p">);</span> <span class="n">vm</span><span class="p">.</span><span class="n">prank</span><span class="p">(</span><span class="n">arbitrary</span><span class="p">);</span> <span class="n">vm</span><span class="p">.</span><span class="n">expectRevert</span><span class="p">(</span><span class="s">"Caller is not a minter"</span><span class="p">);</span> <span class="n">myToken</span><span class="p">.</span><span class="n">mint</span><span class="p">(</span><span class="kt">address</span><span class="p">(</span><span class="nb">this</span><span class="p">),</span> <span class="mi">1</span><span class="p">);</span> </code></pre> </div> <p>After we invoke role of arbitrary,he can't mint ERC20 token anymore.</p> <p>If you want the whole example codes go for:<a href="https://gist.github.com/coffiasd/340241d63980dc9d423e4ece2f9b20db">https://gist.github.com/coffiasd/340241d63980dc9d423e4ece2f9b20db</a><br> If you have any questions, you can also reach me through the contact information below.</p> <p>Origin:<a href="https://blog.coffiasd.cn/03-07-26.html">https://blog.coffiasd.cn/03-07-26.html</a></p> <h2> let's connect </h2> <p>Twitter:<a href="https://twitter.com/coffiasse">https://twitter.com/coffiasse</a><br> Github:<a href="https://github.com/coffiasd">https://github.com/coffiasd</a><br> TG:<a class="mentioned-user" href="https://dev.to/coffiasd">@coffiasd</a></p> How to use solidity CREATE and CREATE2 Ayden Thu, 27 Jul 2023 04:55:33 +0000 https://dev.to/coffiasd/how-to-use-solidity-create-and-create2-25hb https://dev.to/coffiasd/how-to-use-solidity-create-and-create2-25hb <h2> Overview </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--fG9W-NMS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/i04z0gzhvaekjmlcr8vd.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--fG9W-NMS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/i04z0gzhvaekjmlcr8vd.png" alt="Image description" width="800" height="420"></a></p> <p>There are 2 major ways to deploy smart contract <code>CREATE</code> and <code>CREATE2</code>. They look quite similar, but there are still some differences.CREATE2 and CREATE are one of solidity opcode which give us the ability to predict the address where a contract will be deployed before we deploy a smart contract.You might be curious about what opcode is.Opcodes are the fundamental building blocks of EVM bytecode, and each opcode represents a specific operation that the EVM can perform. For example, there are opcodes for arithmetic operations, logical operations, storage access, memory manipulation, conditional branching, and more.</p> <h2> What is CREATE </h2> <p>Smart contracts can be created both by other contracts and regular EOA.They both compute the new address the same way:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>new_address <span class="o">=</span> keccak256<span class="o">(</span>sender, nonce<span class="o">)</span> </code></pre> </div> <p>So each created address is associated with a nonce value.Nonce increased on every transaction.It is related to the number of transactions we make and is unpredictable. That's why we need CREATE2.</p> <h2> What is CREATE2 ? </h2> <p>The whole idea behind this opcode is to make the resulting address independent of future events. Regardless of what may happen on the blockchain, it will always be possible to deploy the contract at the precomputed address.There are four parameters in CREATE2 function:</p> <ul> <li>0xFF</li> <li>the address of sender</li> <li>A salt (random value from sender)</li> <li>bytecode (the code of the new contract) </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>new_address <span class="o">=</span> keccak256<span class="o">(</span>0xFF, sender, salt, bytecode<span class="o">)</span> </code></pre> </div> <h2> Why we need CREATE2 ? </h2> <p>Imagine a scenario where you need to deploy a contract to multiple networks, and precisely at that moment, you need to store the addresses of the yet-to-be-deployed contracts as storage parameters within the currently deployed contract. In such cases, you would require knowing the future addresses of the contracts to be deployed in advance.</p> <h2> How to use it </h2> <h3> Use hash function to calculate address. </h3> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code> <span class="kt">uint256</span> <span class="n">_salt</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="kt">bytes32</span> <span class="n">hash</span> <span class="o">=</span> <span class="nb">keccak256</span><span class="p">(</span> <span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span> <span class="kt">bytes1</span><span class="p">(</span><span class="mh">0xff</span><span class="p">),</span> <span class="kt">address</span><span class="p">(</span><span class="nb">this</span><span class="p">),</span> <span class="n">_salt</span><span class="p">,</span> <span class="nb">keccak256</span><span class="p">(</span><span class="k">type</span><span class="p">(</span><span class="n">TokenTemplate</span><span class="p">).</span><span class="n">creationCode</span><span class="p">)</span> <span class="p">)</span> <span class="p">);</span> </code></pre> </div> <h3> Use deploy to get the deployed address. </h3> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code> <span class="k">function</span> <span class="n">deploy</span><span class="p">(</span> <span class="kt">bytes</span> <span class="k">memory</span> <span class="n">bytecode</span><span class="p">,</span> <span class="kt">uint</span> <span class="n">_salt</span> <span class="p">)</span> <span class="k">public</span> <span class="k">payable</span> <span class="k">returns</span> <span class="p">(</span><span class="kt">address</span><span class="p">)</span> <span class="p">{</span> <span class="kt">address</span> <span class="n">addr</span><span class="p">;</span> <span class="k">assembly</span> <span class="p">{</span> <span class="n">addr</span> <span class="o">:=</span> <span class="n">create2</span><span class="p">(</span> <span class="n">callvalue</span><span class="p">(),</span> <span class="c1">// wei sent with current call </span> <span class="c1">// Actual code starts after skipping the first 32 bytes </span> <span class="n">add</span><span class="p">(</span><span class="n">bytecode</span><span class="p">,</span> <span class="mh">0x20</span><span class="p">),</span> <span class="n">mload</span><span class="p">(</span><span class="n">bytecode</span><span class="p">),</span> <span class="c1">// Load the size of code contained in the first 32 bytes </span> <span class="n">_salt</span> <span class="c1">// Salt from function arguments </span> <span class="p">)</span> <span class="k">if</span> <span class="n">iszero</span><span class="p">(</span><span class="n">extcodesize</span><span class="p">(</span><span class="n">addr</span><span class="p">))</span> <span class="p">{</span> <span class="nb">revert</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="n">addr</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>you can find the whole code on github:<br> <a href="https://gist.github.com/coffiasd/c2ff1a2d718d286b9064873be2fe079a">https://gist.github.com/coffiasd/c2ff1a2d718d286b9064873be2fe079a</a></p> <p>Origin: <a href="https://blog.coffiasd.cn/03-07-24.html">https://blog.coffiasd.cn/03-07-24.html</a><br> Follow my twitter:<a href="https://twitter.com/coffiasse">https://twitter.com/coffiasse</a><br> TG:<a class="mentioned-user" href="https://dev.to/coffiasd">@coffiasd</a></p> Merkle树的逻辑和证明 Ayden Mon, 17 Jul 2023 05:29:43 +0000 https://dev.to/coffiasd/merkleshu-de-luo-ji-he-zheng-ming-4an https://dev.to/coffiasd/merkleshu-de-luo-ji-he-zheng-ming-4an <h2> 什么是Merkle树 </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--EPc3zPZm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9onfwb5psfxgpgvmki52.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--EPc3zPZm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9onfwb5psfxgpgvmki52.png" alt="Image description" width="800" height="420"></a></p> <h3> 定义 </h3> <p><code>Merkle Tree</code>,也叫默克尔树或哈希树,是区块链的底层加密技术,被比特币和以太坊区块链广泛采用。Merkle Tree是一种自下而上构建的加密树,每个叶子是对应数据的哈希,而每个非叶子为它的2个子节点的哈希。</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Vk1cCy5S--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/b3h5d2gsr82lqbj9qbs9.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Vk1cCy5S--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/b3h5d2gsr82lqbj9qbs9.png" alt="Image description" width="800" height="625"></a></p> <h3> 如何生成Merkle树的数据 </h3> <p>在solidity中我们通过keccak256算法计算hash值:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="nb">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span><span class="n">toHashValue</span><span class="p">)</span> <span class="n">e</span><span class="p">.</span><span class="n">g</span><span class="p">.</span><span class="o">:</span> <span class="n">hash</span><span class="err">前</span> <span class="mh">0xAb8483F64d9C6d1EcF9b849Ae677dD3315835cb2</span> <span class="n">hash</span><span class="err">后</span> <span class="mh">0x999bf57501565dbd2fdcea36efa2b9aef8340a8901e3459f4a4c926275d36cdb</span> </code></pre> </div> <p>在对叶子节点的值进行hash运算之后,再把相邻的节点再进行hash运算,直到只剩下一个根节点。<br> 假设存在两个相邻的节点A和B,那么在进行hash运算的时候到地址是hash(A+B)呢?还是hash(B+A)呢?其实这是由A和B的大小决定的,在openzeppelin对应的merkle代码中我们可以找到这么一段代码:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code> <span class="k">function</span> <span class="n">_hashPair</span><span class="p">(</span><span class="kt">bytes32</span> <span class="n">a</span><span class="p">,</span> <span class="kt">bytes32</span> <span class="n">b</span><span class="p">)</span> <span class="k">private</span> <span class="k">pure</span> <span class="k">returns</span> <span class="p">(</span><span class="kt">bytes32</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">a</span> <span class="o">&lt;</span> <span class="n">b</span> <span class="o">?</span> <span class="n">_efficientHash</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">)</span> <span class="o">:</span> <span class="n">_efficientHash</span><span class="p">(</span><span class="n">b</span><span class="p">,</span> <span class="n">a</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>总结来说就是把相对小的数值放到前面去这么来排序计算hash值。这个地方在自己动手实际运算的时候可能会有些许困惑。<br> 在实际的项目中一般只需要把计算的最后结果的根hash值存储到合约中,如果大量的地址都需要存到合约中的话会消耗大量的gas费。经过merkle树计算之后,大大的减少了需要存储的数据。<br> 通过一段foundry的setUp演示下如何计算和存储root hash值:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code> <span class="kt">bytes32</span> <span class="k">public</span> <span class="n">root</span><span class="p">;</span> <span class="kt">bytes32</span><span class="p">[]</span> <span class="k">public</span> <span class="n">leafs</span><span class="p">;</span> <span class="kt">bytes32</span><span class="p">[]</span> <span class="k">public</span> <span class="n">l2</span><span class="p">;</span> <span class="k">function</span> <span class="n">setUp</span><span class="p">()</span> <span class="k">public</span> <span class="p">{</span> <span class="kt">address</span><span class="p">[]</span> <span class="k">memory</span> <span class="n">addrss</span> <span class="o">=</span> <span class="k">new</span> <span class="kt">address</span><span class="p">[](</span><span class="mi">4</span><span class="p">);</span> <span class="n">addrss</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="mh">0xAb8483F64d9C6d1EcF9b849Ae677dD3315835cb2</span><span class="p">;</span> <span class="n">addrss</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="o">=</span> <span class="mh">0x2d886570A0dA04885bfD6eb48eD8b8ff01A0eb7e</span><span class="p">;</span> <span class="n">addrss</span><span class="p">[</span><span class="mi">2</span><span class="p">]</span> <span class="o">=</span> <span class="mh">0xed857ac80A9cc7ca07a1C213e79683A1883df07B</span><span class="p">;</span> <span class="n">addrss</span><span class="p">[</span><span class="mi">3</span><span class="p">]</span> <span class="o">=</span> <span class="mh">0x690B9A9E9aa1C9dB991C7721a92d351Db4FaC990</span><span class="p">;</span> <span class="c1">//通过地址列表计算叶子节点的hash值 </span> <span class="n">leafs</span><span class="p">.</span><span class="n">push</span><span class="p">(</span><span class="nb">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span><span class="n">addrss</span><span class="p">[</span><span class="mi">0</span><span class="p">])));</span> <span class="n">leafs</span><span class="p">.</span><span class="n">push</span><span class="p">(</span><span class="nb">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span><span class="n">addrss</span><span class="p">[</span><span class="mi">1</span><span class="p">])));</span> <span class="n">leafs</span><span class="p">.</span><span class="n">push</span><span class="p">(</span><span class="nb">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span><span class="n">addrss</span><span class="p">[</span><span class="mi">2</span><span class="p">])));</span> <span class="n">leafs</span><span class="p">.</span><span class="n">push</span><span class="p">(</span><span class="nb">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span><span class="n">addrss</span><span class="p">[</span><span class="mi">3</span><span class="p">])));</span> <span class="c1">//计算第二层的hash值 </span> <span class="n">l2</span><span class="p">.</span><span class="n">push</span><span class="p">(</span><span class="nb">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span><span class="n">leafs</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="n">leafs</span><span class="p">[</span><span class="mi">1</span><span class="p">])));</span> <span class="n">l2</span><span class="p">.</span><span class="n">push</span><span class="p">(</span><span class="nb">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span><span class="n">leafs</span><span class="p">[</span><span class="mi">2</span><span class="p">],</span> <span class="n">leafs</span><span class="p">[</span><span class="mi">3</span><span class="p">])));</span> <span class="c1">//计算根的hash值 </span> <span class="n">root</span> <span class="o">=</span> <span class="nb">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span><span class="n">l2</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="n">l2</span><span class="p">[</span><span class="mi">0</span><span class="p">]));</span> <span class="p">}</span> </code></pre> </div> <p>为了演示方便我们值写了4个地址,实际项目中可能地址数量非常大。</p> <h2> 如何来验证Merkle树 </h2> <p>在合约中存储到root hash值之后我们如何去验证由客户端发过来的地址是否是有效地址或者说在白名单中的地址呢?<br> 首先我们需要将地址进行hash运算,作为第三个参数,然后将地址相邻的hash值作为proof传到验证函数中。<br> proof列表对应下面图片中的红色标记区域</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--gTcWvoy---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ie841nie2fo1qt4e8ana.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--gTcWvoy---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ie841nie2fo1qt4e8ana.png" alt="Image description" width="800" height="625"></a></p> <p>测试的验证方法:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code> <span class="k">function</span> <span class="n">testVerify</span><span class="p">()</span> <span class="k">public</span> <span class="p">{</span> <span class="kt">address</span> <span class="n">proofAddress</span> <span class="o">=</span> <span class="mh">0xAb8483F64d9C6d1EcF9b849Ae677dD3315835cb2</span><span class="p">;</span> <span class="kt">bytes32</span><span class="p">[]</span> <span class="k">memory</span> <span class="n">proof</span> <span class="o">=</span> <span class="k">new</span> <span class="kt">bytes32</span><span class="p">[](</span><span class="mi">2</span><span class="p">);</span> <span class="n">proof</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="n">leafs</span><span class="p">[</span><span class="mi">1</span><span class="p">];</span> <span class="n">proof</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="o">=</span> <span class="n">l2</span><span class="p">[</span><span class="mi">1</span><span class="p">];</span> <span class="nb">assert</span><span class="p">(</span> <span class="n">MerkleProof</span><span class="p">.</span><span class="n">verify</span><span class="p">(</span> <span class="n">proof</span><span class="p">,</span> <span class="n">root</span><span class="p">,</span> <span class="nb">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encodePacked</span><span class="p">(</span><span class="n">proofAddress</span><span class="p">))</span> <span class="p">)</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>完整的foundry测试代码:<a href="https://gist.github.com/coffiasd/96022abd7f9a8a2189bda14bf9e755dc">https://gist.github.com/coffiasd/96022abd7f9a8a2189bda14bf9e755dc</a></p> <h2> 在实际项目中的应用场景 </h2> <ul> <li>发放空投</li> <li>NFT的白名单</li> </ul> <h2> 在合约审计中的常见漏洞 </h2> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="k">function</span> <span class="n">parentHash</span><span class="p">(</span><span class="kt">bytes32</span> <span class="n">a</span><span class="p">,</span> <span class="kt">bytes32</span> <span class="n">b</span><span class="p">)</span> <span class="k">public</span> <span class="k">pure</span> <span class="k">returns</span> <span class="p">(</span><span class="kt">bytes32</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">a</span> <span class="o">&lt;</span> <span class="n">b</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encode</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">));</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">keccak256</span><span class="p">(</span><span class="n">abi</span><span class="p">.</span><span class="n">encode</span><span class="p">(</span><span class="n">b</span><span class="p">,</span> <span class="n">a</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>abi.encode(address, uint)将会输出64字节。由于abi.encode(bytes32, bytes32)也是64字节,因此在叶子节点和父节点之间可能会发生哈希碰撞。</p> <p>Follow我的推进行交流学习:<a href="https://twitter.com/nifty12111">https://twitter.com/nifty12111</a><br> TG:<a class="mentioned-user" href="https://dev.to/coffiasd">@coffiasd</a></p> Solidity Assembly的基础用法 Ayden Sat, 15 Jul 2023 02:23:06 +0000 https://dev.to/coffiasd/solidity-assemblyde-ji-chu-yong-fa-499k https://dev.to/coffiasd/solidity-assemblyde-ji-chu-yong-fa-499k <h2> 什么是Assembly </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--VD7-NbM_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/h97shde4euu7d9nrpbaj.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VD7-NbM_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/h97shde4euu7d9nrpbaj.png" alt="Image description" width="800" height="420"></a><br> 在编写Solidity代码时,我们可以使用<code>assembly{}</code>关键字开始编写Yul代码,它是一种简化且扩展了的汇编语言。通过使用assembly,我们可以直接访问堆栈,并优化代码以提高内存效率,从而减少执行交易所需的燃气量。这最终降低了用户的交易成本。</p> <p>然而,在可读性方面存在一些妥协。许多前端开发人员可以阅读Solidity智能合约并理解正在执行的功能以及如何将其应用到他们的web3查询中。相比之下,汇编可能会让人感到有些困惑,如果你不熟悉低级编程,可能很难理解其逻辑和流程。</p> <h2> 操作码列表 </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>操作码</th> <th>描述</th> </tr> </thead> <tbody> <tr> <td>add(x, y)</td> <td>将栈中的前两个值相加,并用结果替换它们</td> </tr> <tr> <td>sub(x, y)</td> <td>减法操作</td> </tr> <tr> <td>mul(x, y)</td> <td>乘法操作</td> </tr> <tr> <td>div(x, y)</td> <td>除法操作</td> </tr> <tr> <td>mod(x, y)</td> <td>取模操作</td> </tr> <tr> <td>lt(x, y)</td> <td>小于。如果 x 小于 y,则返回 1</td> </tr> <tr> <td>gt(x, y)</td> <td>大于</td> </tr> <tr> <td>eq(x, y)</td> <td>等于。如果 x 等于 y,则返回 1</td> </tr> <tr> <td>not(x)</td> <td>按位取反 (1010 &gt; 0101)</td> </tr> <tr> <td>and(x, y)</td> <td>按位与 (1000 AND 1100 &gt; 1000)</td> </tr> <tr> <td>or(x, y)</td> <td>按位或 (1000 AND 1100 &gt; 1100)</td> </tr> <tr> <td>xor(x, y)</td> <td>按位异或 (1000 XOR 1100 &gt; 0100)</td> </tr> <tr> <td>byte(n, x)</td> <td>X 的第 N 个字节</td> </tr> <tr> <td>keccak256(pos, n)</td> <td>本地哈希算法</td> </tr> <tr> <td>pop(x)</td> <td>从栈中弹出 X</td> </tr> <tr> <td>mload(pos)</td> <td>加载存储在位置 pos 的内存数据</td> </tr> <tr> <td>mstore(pos, value)</td> <td>在位置 pos 的memory中存储值 value</td> </tr> <tr> <td>sload(pos)</td> <td>加载存储在位置 pos 的存储数据</td> </tr> <tr> <td>sstore(pos, value)</td> <td>在位置 pos 的storage中存储值 value</td> </tr> <tr> <td>balance(address)</td> <td>以 wei 为单位返回地址的以太币余额</td> </tr> <tr> <td>call(gas, address, value, in, insize, out, outsize)</td> <td>调用外部合约,也可用于发送资金,成功时返回 1</td> </tr> <tr> <td>delegatecall(gas, address, value, in, insize, out, outsize)</td> <td>与上述相同,但由用户而不是合约进行调用</td> </tr> <tr> <td>revert(p, s)</td> <td>撤销事务和任何状态更改</td> </tr> <tr> <td>return(p, s)</td> <td>结束执行并返回数据</td> </tr> </tbody> </table></div> <p>这里需要注意的是<code>mstore</code>和<code>sstore</code>的区别,主要存储的位置的不一致,一种是存储在memory中,另一种是存储在storage中。</p> <h2> 使用案例 </h2> <h3> 读写 </h3> <p>下面我们通过一个例子展示下如何使用<code>Assembly</code>把数据存储到storage中,然后通过函数读取的方式读出来。<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code> <span class="k">function</span> <span class="n">testAssembly</span><span class="p">()</span> <span class="k">public</span> <span class="p">{</span> <span class="c1">//定义一个存储的值方便测试. </span> <span class="kt">uint256</span> <span class="n">x</span> <span class="o">=</span> <span class="mi">123</span><span class="p">;</span> <span class="kt">bool</span> <span class="n">res</span><span class="p">;</span> <span class="c1">//将x存储到storage中。 </span> <span class="k">assembly</span> <span class="p">{</span> <span class="n">sstore</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">x</span><span class="p">)</span> <span class="p">}</span> <span class="c1">//在storage中读取x的值,其中0是pos </span> <span class="k">assembly</span> <span class="p">{</span> <span class="kr">let</span> <span class="n">readX</span> <span class="o">:=</span> <span class="n">sload</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span> <span class="c1">//将readX的值存储到memory,pos == 0x80的位置。 </span> <span class="n">mstore</span><span class="p">(</span><span class="mh">0x80</span><span class="p">,</span> <span class="n">readX</span><span class="p">)</span> <span class="p">}</span> <span class="c1">//将0x80中的值取出来. </span> <span class="k">assembly</span> <span class="p">{</span> <span class="kr">let</span> <span class="n">v</span> <span class="o">:=</span> <span class="n">mload</span><span class="p">(</span><span class="mh">0x80</span><span class="p">)</span> <span class="k">if</span> <span class="n">eq</span><span class="p">(</span><span class="n">v</span><span class="p">,</span> <span class="n">x</span><span class="p">)</span> <span class="p">{</span> <span class="n">res</span> <span class="o">:=</span> <span class="nb">true</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">//判断最终取出来的v == x? </span> <span class="nb">assert</span><span class="p">(</span><span class="n">res</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>上诉的例子在实际项目中不太可能出现,只是为了展示读写的过程。</p> <h3> 基础运算 </h3> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code> <span class="k">function</span> <span class="n">testAssembly</span><span class="p">()</span> <span class="k">public</span> <span class="p">{</span> <span class="c1">//定义一个存储的值方便测试. </span> <span class="kt">uint256</span> <span class="n">x</span> <span class="o">=</span> <span class="mi">123</span><span class="p">;</span> <span class="kt">uint256</span> <span class="n">r</span> <span class="o">=</span> <span class="mi">345</span><span class="p">;</span> <span class="c1">//将x存储到storage中。 </span> <span class="k">assembly</span> <span class="p">{</span> <span class="n">x</span> <span class="o">:=</span> <span class="n">add</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="mi">300</span><span class="p">)</span> <span class="n">x</span> <span class="o">:=</span> <span class="n">sub</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="mi">78</span><span class="p">)</span> <span class="p">}</span> <span class="c1">//判断最终取出来的r == x? </span> <span class="nb">assert</span><span class="p">(</span><span class="n">r</span> <span class="o">==</span> <span class="n">x</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Follow我的推进行交流学习:<a href="https://twitter.com/nifty12111">https://twitter.com/nifty12111</a><br> TG:<a class="mentioned-user" href="https://dev.to/coffiasd">@coffiasd</a></p> 手摸手教你如何使用foundry进行测试脚本编写 Ayden Fri, 14 Jul 2023 01:53:47 +0000 https://dev.to/coffiasd/shou-mo-shou-jiao-ni-ru-he-shi-yong-foundryjin-xing-ce-shi-jiao-ben-bian-xie-1c4j https://dev.to/coffiasd/shou-mo-shou-jiao-ni-ru-he-shi-yong-foundryjin-xing-ce-shi-jiao-ben-bian-xie-1c4j <h2> 什么是foundry? </h2> <p>foundry是一个solidity智能合约开发工具。可以帮你管理依赖包,编译项目,运行测试脚本,还可以让你通过命令行工具或者script脚本和链上合约进行交互。和hardhat不同的地方是,hardhat我们还是主要用来开发大型的合约项目,但是foundry用来进行编写测试脚本我认为是非常方便的。主要的特点是可以直接使用solidity编写合约测试脚本,无需在JavaScript和solidity之间进行切换。虽然在hardhat也可以编写测试脚本,但是有时候需要切换语言或者对类型进行转换相对会比较麻烦。</p> <h2> 安装和配置 </h2> <p>Foundryup是foundry的安装器。我们可以直接通过终端命令行进行安装:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-L</span> https://foundry.paradigm.xyz | bash </code></pre> </div> <p>或者要是你喜欢也可以通过源码的方式进行编译安装<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># clone the repository</span> git clone https://github.com/foundry-rs/foundry.git <span class="nb">cd </span>foundry <span class="c"># install Forge + Cast</span> cargo <span class="nb">install</span> <span class="nt">--path</span> ./cli <span class="nt">--profile</span> <span class="nb">local</span> <span class="nt">--bins</span> <span class="nt">--force</span> <span class="c"># install Anvil</span> cargo <span class="nb">install</span> <span class="nt">--path</span> ./anvil <span class="nt">--profile</span> <span class="nb">local</span> <span class="nt">--force</span> <span class="c"># install Chisel</span> cargo <span class="nb">install</span> <span class="nt">--path</span> ./chisel <span class="nt">--profile</span> <span class="nb">local</span> <span class="nt">--force</span> </code></pre> </div> <h2> 初始化 </h2> <p>我们可以通过forge命令行直接初始化新项目<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>forge init helle_foundry </code></pre> </div> <p>初始化之后的大概是这么个目录结构:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">cd </span>hello_foundry <span class="nv">$ </span>tree <span class="nb">.</span> <span class="nt">-d</span> <span class="nt">-L</span> 1 <span class="nb">.</span> ├── lib 依赖的包文件目录 ├── script 自定义的脚本目录 ├── src 合约源码目录 └── <span class="nb">test </span>测试脚本目录 </code></pre> </div> <h2> 特性和使用 </h2> <h3> 编写测试脚本 </h3> <p>测试脚本的基本代码结构:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="k">pragma</span> <span class="n">solidity</span> <span class="mf">0.8</span><span class="p">.</span><span class="mi">10</span><span class="p">;</span> <span class="k">import</span> <span class="s">"forge-std/Test.sol"</span><span class="p">;</span> <span class="k">contract</span> <span class="n">ContractBTest</span> <span class="k">is</span> <span class="n">Test</span> <span class="p">{</span> <span class="kt">uint256</span> <span class="n">testNumber</span><span class="p">;</span> <span class="k">function</span> <span class="n">setUp</span><span class="p">()</span> <span class="k">public</span> <span class="p">{</span> <span class="n">testNumber</span> <span class="o">=</span> <span class="mi">42</span><span class="p">;</span> <span class="p">}</span> <span class="k">function</span> <span class="n">test_NumberIs42</span><span class="p">()</span> <span class="k">public</span> <span class="p">{</span> <span class="n">assertEq</span><span class="p">(</span><span class="n">testNumber</span><span class="p">,</span> <span class="mi">42</span><span class="p">);</span> <span class="p">}</span> <span class="k">function</span> <span class="n">testFail_Subtract43</span><span class="p">()</span> <span class="k">public</span> <span class="p">{</span> <span class="n">testNumber</span> <span class="o">-=</span> <span class="mi">43</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>在上面的例子中每个test函数都是相互独立的,setUp函数类似于我们的构造函数,会首先进行调用setUp函数进行初始化。在我们实际的操作中,可以直接导入需要测试的合约,然后在setUp中对合约进行初始化。我们只需要一个变量就能调用目标合约中的函数进行测试。</p> <p>运行测试脚本的命令:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>forge <span class="nb">test</span> <span class="nt">--match-contract</span> <span class="s2">"ContractBTest(合约名称)"</span> <span class="nt">-vvv</span> </code></pre> </div> <h3> debug </h3> <p>我们可以通过<code>-vvv</code> 和 <code>-vvvv</code>进行数据跟踪。在打印出来的日志中,我们通过颜色来区分不同的错误类型(如果你的终端支持颜色显示的话):</p> <ul> <li>绿色 : 正常的调用</li> <li>红色 : 回滚的调用</li> <li>蓝色 : 作弊码的调用</li> <li>青色 : 日志</li> <li>黄色 : 合约部署 </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="o">[</span>24661] OwnerUpOnlyTest::testIncrementAsOwner<span class="o">()</span> ├─ <span class="o">[</span>2262] OwnerUpOnly::count<span class="o">()</span> │ └─ ← 0 ├─ <span class="o">[</span>20398] OwnerUpOnly::increment<span class="o">()</span> │ └─ ← <span class="o">()</span> ├─ <span class="o">[</span>262] OwnerUpOnly::count<span class="o">()</span> │ └─ ← 1 └─ ← <span class="o">()</span> </code></pre> </div> <h3> fuzz测试 </h3> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="k">contract</span> <span class="n">SafeTest</span> <span class="k">is</span> <span class="n">Test</span> <span class="p">{</span> <span class="k">function</span> <span class="n">testFuzz_Withdraw</span><span class="p">(</span><span class="kt">uint256</span> <span class="n">amount</span><span class="p">)</span> <span class="k">public</span> <span class="p">{</span> <span class="k">payable</span><span class="p">(</span><span class="kt">address</span><span class="p">(</span><span class="n">safe</span><span class="p">)).</span><span class="nb">transfer</span><span class="p">(</span><span class="n">amount</span><span class="p">);</span> <span class="kt">uint256</span> <span class="n">preBalance</span> <span class="o">=</span> <span class="kt">address</span><span class="p">(</span><span class="nb">this</span><span class="p">).</span><span class="nb">balance</span><span class="p">;</span> <span class="n">safe</span><span class="p">.</span><span class="n">withdraw</span><span class="p">();</span> <span class="kt">uint256</span> <span class="n">postBalance</span> <span class="o">=</span> <span class="kt">address</span><span class="p">(</span><span class="nb">this</span><span class="p">).</span><span class="nb">balance</span><span class="p">;</span> <span class="n">assertEq</span><span class="p">(</span><span class="n">preBalance</span> <span class="o">+</span> <span class="n">amount</span><span class="p">,</span> <span class="n">postBalance</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>比如上面的提款测试,普通的test测试函数需要自定义一个固定的amount金额,但是这个指定的amount不能覆盖到所有的情景,另一个选择就是使用testFuzz.fuzz测试的函数名和普通测试对比只是多了fuzz,需要注意的是所有的测试函数需要用<code>test</code>或者<code>testFuzz</code>开头否则是不会被认为是一个测试函数的。</p> <h3> console.log日志打印 </h3> <p>在solidity中打印日志需要提前对日志内容的类型进行定义。foundry支持下面的一些数据类型进行日志打印,可以帮助我们进行debug:</p> <ul> <li>console.logInt(int i)</li> <li>console.logUint(uint i)</li> <li>console.logString(string memory s)</li> <li>console.logBool(bool b)</li> <li>console.logAddress(address a)</li> <li>console.logBytes(bytes memory b)</li> <li>console.logBytes1(bytes1 b)</li> <li>console.logBytes2(bytes2 b)</li> <li>console.logBytes32(bytes32 b) 对于一些更加复杂的数据结构,比如我们的目标合约中返回了一个struct类型的数据。我们可以直接使用targetContract.StructName对数据进行定义。</li> </ul> <h3> assert </h3> <p>foundry中主要有3种类型的assert</p> <ul> <li>assert(conditon) 判断一个bool值</li> <li>assertEq(a,b) 判断a,b两个值是否相等</li> <li>assertTrue(condition,"reason") </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="k">function</span> <span class="n">testGetTotalShares</span><span class="p">()</span> <span class="k">public</span> <span class="p">{</span> <span class="n">assertEq</span><span class="p">(</span><span class="n">prizePool</span><span class="p">.</span><span class="n">getTotalShares</span><span class="p">(),</span> <span class="mi">220</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h3> 时间和区块进行改变 </h3> <p>某些合约中可能有时间间隔,比如一个stake asset操作之后,可能需要一个月的时间间隔之后才能进行下一次操作,这个时候我们可以直接去修改evm中的时间<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>vm.warp<span class="o">(</span>block.timstamp + 30 days<span class="o">)</span><span class="p">;</span> </code></pre> </div> <p>或者我们也可以对区块进行增加<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>vm.roll<span class="o">(</span>block.number + 1<span class="o">)</span><span class="p">;</span> </code></pre> </div> <h3> vm.expectRevert </h3> <p>在某些测试中,对于条件不满足的情况下,合约逻辑中可能会存在一些revert的情况,我们需要对这些revert进行捕捉的时候可以用到<code>vm.expertRevert</code></p> <ul> <li>expectRevert() </li> <li>expectRevert(bytes4 message)</li> <li>expectRevert(bytes calldata message) </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight solidity"><code><span class="k">function</span> <span class="n">testLowLevelCallRevert</span><span class="p">()</span> <span class="k">public</span> <span class="p">{</span> <span class="n">vm</span><span class="p">.</span><span class="n">expectRevert</span><span class="p">(</span><span class="kt">bytes</span><span class="p">(</span><span class="s">"error message"</span><span class="p">));</span> <span class="p">(</span><span class="kt">bool</span> <span class="n">revertsAsExpected</span><span class="p">,</span> <span class="p">)</span> <span class="o">=</span> <span class="kt">address</span><span class="p">(</span><span class="n">myContract</span><span class="p">).</span><span class="nb">call</span><span class="p">(</span><span class="n">myCalldata</span><span class="p">);</span> <span class="n">assertTrue</span><span class="p">(</span><span class="n">revertsAsExpected</span><span class="p">,</span> <span class="s">"expectRevert: call did not revert"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>有些合约对一些多次出现的错误可能把它定义为一个error类型,这个时候我们可以通过<code>CustomError.selector</code>对错误进行捕捉。<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>vm.expectRevert<span class="o">(</span>CustomError.selector<span class="o">)</span><span class="p">;</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>vm.expectRevert<span class="o">(</span> abi.encodeWithSelector<span class="o">(</span>CustomError.selector, 1, 2<span class="o">)</span> <span class="o">)</span><span class="p">;</span> </code></pre> </div> <p>对于那些直接revert并没有定义错误的情况下:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> vm.expectRevert<span class="o">(</span>bytes<span class="o">(</span><span class="s2">""</span><span class="o">))</span><span class="p">;</span> </code></pre> </div> <p>follow我的推进行交流学习:<a href="https://twitter.com/nifty12111">https://twitter.com/nifty12111</a><br> TG:<a class="mentioned-user" href="https://dev.to/coffiasd">@coffiasd</a></p> How do i win 3 hackathon in one month Ayden Sat, 25 Feb 2023 12:39:11 +0000 https://dev.to/coffiasd/how-do-i-win-3-hackathon-in-one-month-36j5 https://dev.to/coffiasd/how-do-i-win-3-hackathon-in-one-month-36j5 <h1> overview </h1> <p>If you are interested in competing in a Web3 hackathon, it is important to understand that a hackathon is a challenging event that requires a lot of work, dedication, and creativity. However, with the right mindset and approach, you can increase your chances of winning. Here are some tips to help you win a Web3 hackathon:</p> <h2> Understand the Theme and Criteria </h2> <p>The first step to winning a Web3 hackathon is to understand the theme and criteria of the hackathon. Make sure you read the rules and guidelines carefully, so that you can create a project that meets the requirements and stands out from the competition.</p> <h2> Research and Brainstorm </h2> <p>Once you know the theme and criteria of the hackathon, start researching and brainstorming ideas for your project. Consider what problems you can solve using Web3 technologies and how your project can add value to the Web3 ecosystem.</p> <h2> Focus on User Experience </h2> <p>User experience is an important factor in creating a successful Web3 project. Consider how your project can make the user's experience smoother, more efficient, and more enjoyable.</p> <h2> Build a Minimum Viable Product (MVP) </h2> <p>A minimum viable product (MVP) is a basic version of your project that has enough features to demonstrate its value. Building an MVP is important because it allows you to get feedback from users and judges, and make improvements before the final presentation.</p> <h2> Implement Web3 Technologies </h2> <p>Web3 technologies are the backbone of the Web3 ecosystem. To win a Web3 hackathon, it is important to implement Web3 technologies in your project. Some examples of Web3 technologies include blockchain, decentralized storage, and smart contracts.</p> <h2> Create a Clear and Concise Pitch </h2> <p>Your pitch is the key to winning a Web3 hackathon. Make sure your pitch is clear, concise, and compelling. Focus on the most important features of your project and explain how your project solves a real-world problem.</p> <h2> Practice and Refine Your Presentation </h2> <p>Practice makes perfect. Before the final presentation, practice your pitch and make sure it is well-rehearsed. Also, consider getting feedback from others to refine your presentation.</p> <h2> Network and Collaborate with Others </h2> <p>Networking and collaboration are important in a Web3 hackathon. Attend workshops, meetups, and other events to meet other participants and potential collaborators. Collaborating with others can help you create a stronger project and increase your chances of winning.<br> In conclusion, winning a Web3 hackathon requires hard work, dedication, and creativity. By following these tips, you can increase your chances of winning and make your mark on the Web3 ecosystem. Good luck!</p> <p>contact me in social media:<br> <a href="https://twitter.com/coffiasse">twitter</a></p> web3 gitcoin solidity hackatho How to quick start web3.storage Ayden Tue, 01 Nov 2022 02:45:43 +0000 https://dev.to/coffiasd/how-to-quick-start-web3storage-274 https://dev.to/coffiasd/how-to-quick-start-web3storage-274 <h2> register an account </h2> <ul> <li>Email</li> <li>Github (recommand)</li> </ul> <h2> install the client </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>javascript npm install web3.storage golang go get github.com/web3-storage/go-w3s-client </code></pre> </div> <h2> create a client instance </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>//get the access token function getAccessToken(){ return process.env.TOKEN } //creata an instance function makeStorageClient(){ return new Web3storage({token:getAccessToken()}) } </code></pre> </div> <h2> preparing files for uploading </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>function getFiles(){ const fileInput = document.querySelector('input[type="file"]') return fileInput.files } </code></pre> </div> <h2> upload files to web3.storage </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>//async upload process async function storageFiles(files){ const client = makeStorageClient() const cid = await client.put(files) return cid } </code></pre> </div> <h2> directory wrapping </h2> <p>after uploading you'll get a cid of the directory and then the entire link gonna be ipfs:///<br> to make a gateway link :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>https://&lt;cid&gt;.ipfs.&lt;gateway-host&gt;/&lt;filename&gt; https://&lt;gateway-host&gt;/ipfs/&lt;cid&gt;/&lt;filename&gt; </code></pre> </div> <h2> storing ipfs content archives? </h2> <p>if you already have some files you can use putCar client function.I don't want to jump into this here.</p> <h2> how to access data we uploaded above ? </h2> <ul> <li>using an IPFS http gateway</li> <li>using client library</li> <li>ipfs command line</li> <li>system command line</li> </ul> <h2> how to query web3.storage </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>async function checkStatus(cid){ const client = xxxx const status = await client.status(cid) } </code></pre> </div> <p>return data structure</p> <ul> <li>cid</li> <li>created</li> <li>dagSize</li> <li>pins</li> <li>deals</li> </ul> <h2> how to list files uploaded to web3.storage </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const client = xxxx for await (const upload of client.list(){ console.log(upload.name,upload.cid,upload.dagSize) }) </code></pre> </div> <h2> listing the content of an IPFS directory </h2> All you need to know for writing a reserve protocol collateral plugins quick start Ayden Sun, 30 Oct 2022 15:21:34 +0000 https://dev.to/coffiasd/all-you-need-to-know-for-writing-a-reserve-protocol-collateral-plugins-quick-start-16pj https://dev.to/coffiasd/all-you-need-to-know-for-writing-a-reserve-protocol-collateral-plugins-quick-start-16pj <p>core plugin depends on two plugin types:</p> <ul> <li>Assets / Collateral (contracts/plugins/assets)</li> <li>Trading (contract/plugins/trading) not discussed here</li> </ul> <h3> Collateral is erc20 token + below: </h3> <ul> <li>if ERC20 back ?</li> <li>refresh()</li> <li>status() SOUND/IFFY/DISABLED</li> <li>rate exchange</li> </ul> <h3> Monetary units </h3> <ul> <li>Unit of Account</li> <li>Target unit RToken maintaining stability or appreciation against its target unit</li> <li>Reference unit</li> </ul> <h3> e.g. of 3 different tokens </h3> <ul> <li>Collateral : cUSDC</li> <li>Refence : USDC</li> <li>Target : USD</li> </ul> <h3> Units definition </h3> <ul> <li>{UoA} unit of account recommand USD here</li> <li>{tok} whole token</li> <li>{ref} whole reference token</li> <li>{target} whole target unit</li> <li>{ref/tok} refPerTok()</li> <li>{target/ref} targetPerRef()</li> <li>{UoA/target} pricePerTarget()</li> </ul> <h3> Basket definition </h3> <ul> <li>Prime basket this is set by governance , on changes through successful governance proposals. it consists of an array of triples e.g. : </li> <li>Reference basket e.g. : </li> <li>Collateral bascket e.g.: </li> </ul> <h3> IAsset interface </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--1K9-5wgb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9ue1xotlv5s5z36ue1na.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--1K9-5wgb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9ue1xotlv5s5z36ue1na.jpg" alt="Image description" width="880" height="740"></a></p> <h3> Accounting units </h3> <p>before we create a collateral plugin we have to choose 3 accounting units</p> <h3> Collateral unit </h3> <p>its just erc20 token</p> <h3> Reference unit </h3> <p>to be ask , what's a unit that this collateral token will always be worth the same value or more of .</p> <h3> Target unit </h3> <p>target unit has to do with a concept called the target basket. what's prime basket ?<br> A example of linear combination of target units:</p> <ul> <li>1 USD</li> <li>0.5 USD + 0.55 EURO</li> <li>0.5 USD + 0.35 EURO + 0.00001BTC</li> </ul> <h3> Unit of account </h3> <p>we can assume UoA == USD , because for now USD price are king.</p> <h3> Important properties for collateral plugins </h3> <p><strong>Collateral plugins should be permisionless and should be able to used by any number if RTokens</strong><br> <strong>Token balance can't be rebasing</strong></p> <h3> refresh() should never be revert </h3> <p>refresh is been called before any transactions , it return exchange rates.<br> if occur an important error , refresh should change the state to <strong>DISABLED</strong></p> <h3> strictPrice() price(bool) status() </h3> <h3> the IFFY status should be temporary </h3> <h3> Collateral must default if refPerTok() falls </h3> <h3> Defaulted Collateral must stay defaulted </h3> <p>if status() ever returns disabled , then it must always return disabled in the nearly future</p> <h3> Token rewards should be claimable </h3> <ul> <li>rewardERC20()</li> <li>getClaimCalldata()</li> </ul> <h3> Smaller Constraints </h3> <p>The value of the following methods should never change:</p> <ul> <li>isColleteral()</li> <li>targetName()</li> <li>erc20()</li> <li>rewardERC20()</li> <li>erc20Deciamls()</li> </ul> <h3> Function-by-function walkthrough </h3> <ul> <li>strictPrice() {UoA/tok}</li> <li>price(bool) {UoA/tok} if revert depends on the bool value true or false</li> <li>refPerTok() {ref/tok}</li> <li>targetPerRef() {target/ref}</li> <li>pricePerTarget(){UoA/tartget}</li> </ul> Analyze stolen NFTs that been marked by opensea Ayden Fri, 07 Oct 2022 12:31:38 +0000 https://dev.to/coffiasd/analyze-stolen-nfts-that-been-marked-by-opensea-4j0e https://dev.to/coffiasd/analyze-stolen-nfts-that-been-marked-by-opensea-4j0e <h2> Overview </h2> <p>This is a hackathon data analytics project. I analyze the top 2300 nfts sort by volume。 You can find the detail list from my GitHub repo. Or you can click here。<br> <a href="https://github.com/coffiasd/hackathon-data-analytics/blob/main/data/RankNFTS.csv">https://github.com/coffiasd/hackathon-data-analytics/blob/main/data/RankNFTS.csv</a></p> <h2> CSV Data </h2> <p>Below is all csv file that i collect.RankNFTs.csv is the top 2300 NFTs list. tokenIds/{contract}.csv is stolen NFTs tokenID list.lastSalePrice/{contract}.csv is the last sale price of each tokenId.</p> <ul> <li>RankNFTs.csv</li> <li>tokenIds/{contract}.csv</li> <li>lastSalePrice/{contract}.csv</li> </ul> <h2> Python script </h2> <p>You can get the all scripts my github repo above.</p> <ul> <li>getNFTsRankTopVolume.py(get top volume NFTs &amp;&amp; stolen NFTs list)</li> <li>getNFTsDetail.py(get NFT’s last sale price)</li> <li>caculateStolen.py(caculate Result) </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">getNftsRankTopVolume</span><span class="p">(</span><span class="n">page</span><span class="p">):</span> <span class="n">url</span> <span class="o">=</span> <span class="s">"https://api.traitsniper.com/v1/collections?page="</span> <span class="o">+</span> \ <span class="nb">str</span><span class="p">(</span><span class="n">page</span><span class="p">)</span><span class="o">+</span><span class="s">"&amp;limit=100&amp;sort_total_volume=desc"</span> <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span> <span class="s">"accept"</span><span class="p">:</span> <span class="s">"application/json"</span><span class="p">,</span> <span class="s">"x-ts-api-key"</span><span class="p">:</span> <span class="n">TraitsniperApiKey</span> <span class="p">}</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">)</span> <span class="n">resp_dict</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="n">loads</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="k">def</span> <span class="nf">caculateContractItem</span><span class="p">(</span><span class="n">contractAddress</span><span class="p">,</span> <span class="n">table</span><span class="p">):</span> <span class="c1"># get collection detail </span> <span class="n">item</span> <span class="o">=</span> <span class="n">getCollectionDetail</span><span class="p">(</span><span class="n">contractAddress</span><span class="p">)</span> <span class="c1"># read stolen nfts list </span> <span class="n">data</span> <span class="o">=</span> <span class="n">pd</span><span class="p">.</span><span class="n">read_csv</span><span class="p">(</span><span class="s">"../data/stolen/lastSalePrice/"</span> <span class="o">+</span> <span class="n">contractAddress</span><span class="o">+</span><span class="s">".csv"</span><span class="p">,</span> <span class="n">header</span><span class="o">=</span><span class="bp">None</span><span class="p">)</span> <span class="c1"># caculate items </span> <span class="n">num</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="n">count</span><span class="p">()</span> <span class="nb">sum</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">for</span> <span class="n">index</span><span class="p">,</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">data</span><span class="p">.</span><span class="n">iterrows</span><span class="p">():</span> <span class="k">if</span> <span class="n">row</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="o">&gt;</span> <span class="n">item</span><span class="p">[</span><span class="s">"floor_price"</span><span class="p">]:</span> <span class="nb">sum</span> <span class="o">+=</span> <span class="n">row</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="k">else</span><span class="p">:</span> <span class="nb">sum</span> <span class="o">+=</span> <span class="n">item</span><span class="p">[</span><span class="s">"floor_price"</span><span class="p">]</span> <span class="n">table</span><span class="p">.</span><span class="n">rows</span><span class="p">.</span><span class="n">append</span><span class="p">([</span><span class="n">item</span><span class="p">[</span><span class="s">"nft_name"</span><span class="p">],</span> <span class="n">contractAddress</span><span class="p">,</span> <span class="n">item</span><span class="p">[</span><span class="s">"total_volume"</span><span class="p">],</span> <span class="nb">sum</span><span class="p">,</span> <span class="nb">sum</span><span class="o">/</span><span class="n">item</span><span class="p">[</span><span class="s">"total_volume"</span><span class="p">],</span> <span class="n">num</span><span class="p">[</span><span class="mi">0</span><span class="p">]])</span> </code></pre> </div> <h2> Fetch Collections </h2> <p>First and foremost we need to get the list of each collection and then get the list of stolen nfts.</p> <p>How to calculate the price of each stolen nft?</p> <ul> <li>If this item has a history price &amp;&amp; the latest_price&gt;floor_price take the latest_price as worth.</li> <li>If latest_price&lt;floor_price take the floor_price as worth.</li> <li>If this item does’t has a history price then take the current floor price as worth. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># worth # latest_history_price # floor_price </span><span class="n">var</span> <span class="n">worth</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">if</span><span class="p">(</span><span class="n">item_has</span><span class="p">(</span><span class="s">"latest_history_price"</span><span class="p">)){</span> <span class="k">if</span><span class="p">(</span><span class="n">latest_history_price</span><span class="o">&gt;</span> <span class="n">floor_price</span><span class="p">){</span> <span class="n">worth</span> <span class="o">=</span> <span class="n">latest_history_price</span> <span class="p">}</span><span class="k">else</span><span class="p">{</span> <span class="n">worth</span> <span class="o">=</span> <span class="n">floor_price</span> <span class="p">}</span> <span class="p">}</span><span class="k">else</span><span class="p">{</span> <span class="n">worth</span> <span class="o">=</span> <span class="n">floor_price</span> <span class="p">}</span> </code></pre> </div> <h2> Calculate </h2> <p>I analyze each marked as stolen contract to find out the stolen volume and the numbers of stolen NFTs.Below is the output after i run caculateStolen.py you can get source code from my github repo above.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--tO0a4ZW0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/48uwa7uk7a9n45sck07i.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--tO0a4ZW0--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/48uwa7uk7a9n45sck07i.png" alt="Image description" width="880" height="656"></a></p> Create a cool discord bot for your chat group Ayden Fri, 30 Sep 2022 02:56:31 +0000 https://dev.to/coffiasd/create-a-cool-discord-bot-for-your-chat-group-2f03 https://dev.to/coffiasd/create-a-cool-discord-bot-for-your-chat-group-2f03 <h2> Overview </h2> <p>It's very common to see that some discord groups add a discord bot. What does discord bot can do for us? It can reply to user depends on what they send。 Let's say when our users send some sad words the bot can encourage she/he by sending some words. Furthermore, when a new member joined our group, the bot can welcome the newcomers because the owner maybe not always online. The bot is scalable you can use it to create something awesome.</p> <h2> library </h2> <p>After searching GitHub i found out several discord Api libraries.</p> <ul> <li>Cog-Creators/Red-DiscordBot(python)</li> <li>discordjs/discord.js(javascript)</li> <li>Rapptz/discord.py(python)</li> <li>bwmarrin/discordgo(golang) I choose Rapptz/discord.py in this piece, because i damn love python。</li> </ul> <h2> Install env </h2> <p>First and foremost, we need to install our python env. We need to install python 3.8 or higher version. If you don't wanna to install any local env, that'sthat's ok you can use some cloud env like replit.com or pythonanywhere whatever you want. But for me i installed env using anaconda software. It provides UI and it's quite easy to use。</p> <h2> get a bot token </h2> <p>For sure we need a token。 Then how do we get it? Just click "<a href="https://discord.com/developers/applications">https://discord.com/developers/applications</a>" and then login your discord account. You will see the new application button near your avatar. After creating an application go to bot page and copy your token. You should be very careful not to leak it。</p> <h2> invent bot to our chat group </h2> <p>I hope you have a free discord chat group already。 If not, you can create one for free。Go to our application page again, you will see Oauth2/URL Generator。 Generate an invite link for your application by picking the scopes and permissions it needs to function。 Get the URL and open it in our browser。That's all。</p> <h2> Some awesome python code </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">discord</span> <span class="k">class</span> <span class="nc">MyClient</span><span class="p">(</span><span class="n">discord</span><span class="p">.</span><span class="n">Client</span><span class="p">):</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">on_ready</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> <span class="k">print</span><span class="p">(</span><span class="s">'Logged on as'</span><span class="p">,</span> <span class="bp">self</span><span class="p">.</span><span class="n">user</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">on_message</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">message</span><span class="p">):</span> <span class="c1"># don't respond to ourselves </span> <span class="k">if</span> <span class="n">message</span><span class="p">.</span><span class="n">author</span> <span class="o">==</span> <span class="bp">self</span><span class="p">.</span><span class="n">user</span><span class="p">:</span> <span class="k">return</span> <span class="k">if</span> <span class="n">message</span><span class="p">.</span><span class="n">content</span> <span class="o">==</span> <span class="s">'ping'</span><span class="p">:</span> <span class="k">await</span> <span class="n">message</span><span class="p">.</span><span class="n">channel</span><span class="p">.</span><span class="n">send</span><span class="p">(</span><span class="s">'pong'</span><span class="p">)</span> <span class="n">intents</span> <span class="o">=</span> <span class="n">discord</span><span class="p">.</span><span class="n">Intents</span><span class="p">.</span><span class="n">default</span><span class="p">()</span> <span class="n">intents</span><span class="p">.</span><span class="n">message_content</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">client</span> <span class="o">=</span> <span class="n">MyClient</span><span class="p">(</span><span class="n">intents</span><span class="o">=</span><span class="n">intents</span><span class="p">)</span> <span class="n">client</span><span class="p">.</span><span class="n">run</span><span class="p">(</span><span class="s">'YOUR TOKEN HERE'</span><span class="p">)</span> </code></pre> </div> <p>If you need a proxy you can attach some code like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">client</span> <span class="o">=</span> <span class="n">MyClient</span><span class="p">(</span><span class="n">intents</span><span class="o">=</span><span class="n">intents</span><span class="p">,</span> <span class="n">proxy</span><span class="o">=</span><span class="s">"http://127.0.0.1:10809"</span><span class="p">)</span> </code></pre> </div> <p>This proxy address is my local proxy address. You should replace it with your own address if you wanna use a proxy.</p> <h2> result </h2> <p>After you run python demo.py you will see<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>2022-09-30 10:15:48 INFO discord.client logging <span class="k">in </span>using static token 2022-09-30 10:15:50 INFO discord.gateway Shard ID None has connected to Gateway <span class="o">(</span>Session ID: xxxxxxx<span class="o">)</span><span class="nb">.</span> Logged on as xxxx-demo#4518 </code></pre> </div> <p>After all of above is done you will see your bot is online。<br> If you get any question about discord bot or discord application please feel free to connect me.</p> How to use dune.com to collect some NFTs data Ayden Wed, 14 Sep 2022 13:30:29 +0000 https://dev.to/coffiasd/how-to-use-dunecom-to-collect-some-nfts-data-478m https://dev.to/coffiasd/how-to-use-dunecom-to-collect-some-nfts-data-478m <h2> What is dune ? </h2> <p>Dune is a powerful tool for blockchain research, complete with all the tools you need to discover,explore,and visualize vast amounts of blockchain data. We can get data via a sql query and then present data as</p> <ul> <li>Bar charts</li> <li>Area Charts</li> <li>Scatter Charts</li> <li>Line Charts</li> <li>Pie Charts</li> <li>Counters</li> <li>Tables</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--XRYvAJVs--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dune.com/docs/images/dashboard.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--XRYvAJVs--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dune.com/docs/images/dashboard.png" alt="alt image" width="880" height="490"></a></p> <h2> Sql guides </h2> <p>Before we get into sql. In case you have no background on relational databases like mysql, let's break down what are relational databases.Relational databases contain a set of data tables so that a user can query some combination of tables to get only the subset of data (rows) they need.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jEdk0Du_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://miro.medium.com/max/626/0%2AG2IHSoKltVQryGJM.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jEdk0Du_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://miro.medium.com/max/626/0%2AG2IHSoKltVQryGJM.png" alt="alt image" width="501" height="491"></a></p> <p>Above is an example of a relational database.<br> With sql query we can get the data we need fast and efficiently.</p> <h2> Data sets </h2> <ul> <li>Ethereum</li> <li>Gnosis chain</li> <li>Polygon</li> <li>Optimsm</li> <li>BNB smart chain</li> </ul> <h2> Create an dashboards via sql </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--vObt9w4I--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dune.com/docs/features/queries/images/query-editor.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--vObt9w4I--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dune.com/docs/features/queries/images/query-editor.png" alt="alt image" width="880" height="400"></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>WITH token_names as ( select * from nft."tokens" ) select name, symbol, count(*) as number_of_nfts from erc721."ERC721_evt_Transfer" as scam_transfers join token_names on token_names.contract_address = scam_transfers.contract_address where scam_transfers."to" = '\x3E0DeFb880cd8e163baD68ABe66437f99A7A8A74' AND scam_transfers."from" != '\x0000000000000000000000000000000000000000' group by name, symbol order by 3 desc </code></pre> </div>