From 792656949e4bd3836b992a6d034188c8e28088f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Bl=C3=A4cker?= Date: Thu, 16 Jan 2025 10:32:02 +0700 Subject: [PATCH] remove unused workflow files --- .github/workflows/protectAuditLabels.yml | 1 - .../enforceTestCoverage.yml | 141 -------------- .../ensureSCCoreDevApproval.yml | 123 ------------ .../protectAuditCompletedLabel.yml | 78 -------- audit/auditLog.json | 178 +++++++++++++----- src/Facets/AcrossFacet.sol | 4 +- 6 files changed, 134 insertions(+), 391 deletions(-) delete mode 100644 .github/workflows_deactivated/enforceTestCoverage.yml delete mode 100644 .github/workflows_deactivated/ensureSCCoreDevApproval.yml delete mode 100644 .github/workflows_deactivated/protectAuditCompletedLabel.yml diff --git a/.github/workflows/protectAuditLabels.yml b/.github/workflows/protectAuditLabels.yml index b33faa182..d7e78d3ff 100644 --- a/.github/workflows/protectAuditLabels.yml +++ b/.github/workflows/protectAuditLabels.yml @@ -48,7 +48,6 @@ jobs: echo "CONTINUE=false" >> $GITHUB_ENV exit 0 fi - echo "CONTINUE=true" >> $GITHUB_ENV echo "This action was triggered by: ${{ github.actor }}" - name: Protect Audit Labels diff --git a/.github/workflows_deactivated/enforceTestCoverage.yml b/.github/workflows_deactivated/enforceTestCoverage.yml deleted file mode 100644 index 1fff0d78e..000000000 --- a/.github/workflows_deactivated/enforceTestCoverage.yml +++ /dev/null @@ -1,141 +0,0 @@ -name: Enforce Min Test Coverage - -# - will make sure that (Foundry) unit test coverage is above min threshold -# - we start with 75%, planning to increase to 100% until EOY 2024 -# - Only the 'lines' coverage counts as 'branch' coverage is not reliable - -on: - pull_request: - types: [opened, synchronize, reopened] - -jobs: - enforce-min-test-coverage: - runs-on: ubuntu-latest - # will only run once the PR is in "Ready for Review" state - if: ${{ github.event.pull_request.draft == false }} - - permissions: - pull-requests: write - contents: read - env: - ETH_NODE_URI_MAINNET: ${{ secrets.ETH_NODE_URI_MAINNET }} - ETH_NODE_URI_POLYGON: ${{ secrets.ETH_NODE_URI_POLYGON }} - ETH_NODE_URI_GOERLI: ${{ secrets.ETH_NODE_URI_GOERLI }} - ETH_NODE_URI_ARBITRUM: ${{ secrets.ETH_NODE_URI_ARBITRUM }} - ETH_NODE_URI_BSC: ${{ secrets.ETH_NODE_URI_BSC }} - ETH_NODE_URI_GNOSIS: ${{ secrets.ETH_NODE_URI_GNOSIS }} - GIT_TOKEN: ${{ secrets.GIT_TOKEN }} - MIN_TEST_COVERAGE: 75 # 75 percent for now, will be increased to 100% gradually until the end of 2024 - steps: - - uses: actions/checkout@v4.1.7 - - - name: Set up Node.js - uses: actions/setup-node@v4.1.0 - with: - node-version: '20' - - - name: Install dev dependencies - run: yarn install - - - name: Install Foundry - uses: foundry-rs/foundry-toolchain@v1.2.0 - with: - version: nightly - - - name: Install Dependencies - run: forge install - - - name: Install Git Submodules - run: | - git config --global url."https://github.com/".insteadOf "git@github.com:" - git submodule update --init --recursive - - - name: Generate Coverage Report - run: | - forge coverage --report lcov --force - echo "Filtering coverage report to only contain coverage info about src/ folder now" - npx ts-node script/utils/filter_lcov.ts lcov.info lcov-filtered.info 'test/' 'script/' - echo "Coverage report filtered" - - - name: Generate Coverage Summary - run: | - # Path to the lcov info file - LCOV_FILE="lcov-filtered.info" - - # Initialize counters - TOTAL_LINES_FOUND=0 - TOTAL_LINES_HIT=0 - TOTAL_FUNCTIONS_FOUND=0 - TOTAL_FUNCTIONS_HIT=0 - TOTAL_BRANCHES_FOUND=0 - TOTAL_BRANCHES_HIT=0 - - # Read through the lcov file - while IFS= read -r line; do - case $line in - LF:*) - TOTAL_LINES_FOUND=$((TOTAL_LINES_FOUND + ${line#LF:})) - ;; - LH:*) - TOTAL_LINES_HIT=$((TOTAL_LINES_HIT + ${line#LH:})) - ;; - FNF:*) - TOTAL_FUNCTIONS_FOUND=$((TOTAL_FUNCTIONS_FOUND + ${line#FNF:})) - ;; - FNH:*) - TOTAL_FUNCTIONS_HIT=$((TOTAL_FUNCTIONS_HIT + ${line#FNH:})) - ;; - BRF:*) - TOTAL_BRANCHES_FOUND=$((TOTAL_BRANCHES_FOUND + ${line#BRF:})) - ;; - BRH:*) - TOTAL_BRANCHES_HIT=$((TOTAL_BRANCHES_HIT + ${line#BRH:})) - ;; - esac - done < "$LCOV_FILE" - - # Calculate percentages with high precision - LINE_COVERAGE_PERCENTAGE=$(echo "scale=4; $TOTAL_LINES_HIT / $TOTAL_LINES_FOUND * 100" | bc) - FUNCTION_COVERAGE_PERCENTAGE=$(echo "scale=4; $TOTAL_FUNCTIONS_HIT / $TOTAL_FUNCTIONS_FOUND * 100" | bc) - BRANCH_COVERAGE_PERCENTAGE=$(echo "scale=4; $TOTAL_BRANCHES_HIT / $TOTAL_BRANCHES_FOUND * 100" | bc) - - # Format results with two decimal places and alignment - LINE_COVERAGE_PERCENTAGE=$(printf "%.2f" "$LINE_COVERAGE_PERCENTAGE") - FUNCTION_COVERAGE_PERCENTAGE=$(printf "%.2f" "$FUNCTION_COVERAGE_PERCENTAGE") - BRANCH_COVERAGE_PERCENTAGE=$(printf "%.2f" "$BRANCH_COVERAGE_PERCENTAGE") - - # Prepare aligned output - LINE_COVERAGE_REPORT=$(printf "Line Coverage: %6s%% (%4d / %4d lines)" "$LINE_COVERAGE_PERCENTAGE" "$TOTAL_LINES_HIT" "$TOTAL_LINES_FOUND") - FUNCTION_COVERAGE_REPORT=$(printf "Function Coverage: %6s%% (%4d / %4d functions)" "$FUNCTION_COVERAGE_PERCENTAGE" "$TOTAL_FUNCTIONS_HIT" "$TOTAL_FUNCTIONS_FOUND") - BRANCH_COVERAGE_REPORT=$(printf "Branch Coverage: %6s%% (%4d / %4d branches)" "$BRANCH_COVERAGE_PERCENTAGE" "$TOTAL_BRANCHES_HIT" "$TOTAL_BRANCHES_FOUND") - - # Check against minimum threshold - if (( $(echo "$LINE_COVERAGE_PERCENTAGE >= $MIN_TEST_COVERAGE" | bc -l) )); then - RESULT_COVERAGE_REPORT="Test coverage ($LINE_COVERAGE_PERCENTAGE%) is above min threshold ($MIN_TEST_COVERAGE%). Check passed." - else - RESULT_COVERAGE_REPORT="Test coverage ($LINE_COVERAGE_PERCENTAGE%) is below min threshold ($MIN_TEST_COVERAGE%). Check failed." - echo $RESULT_COVERAGE_REPORT - exit 1 - fi - - # Output result_COVERAGE_REPORTs - echo "$LINE_COVERAGE_REPORT" - echo "$FUNCTION_COVERAGE_REPORT" - echo "$BRANCH_COVERAGE_REPORT" - echo "$RESULT_COVERAGE_REPORT" - - # Store in GitHub environment variables - echo "LINE_COVERAGE_REPORT=$LINE_COVERAGE_REPORT" >> $GITHUB_ENV - echo "FUNCTION_COVERAGE_REPORT=$FUNCTION_COVERAGE_REPORT" >> $GITHUB_ENV - echo "BRANCH_COVERAGE_REPORT=$BRANCH_COVERAGE_REPORT" >> $GITHUB_ENV - echo "RESULT_COVERAGE_REPORT=$RESULT_COVERAGE_REPORT" >> $GITHUB_ENV - - - name: Comment with Coverage Summary in PR - uses: mshick/add-pr-comment@v2 - with: - message: | - ## Test Coverage Report - ${{ env.LINE_COVERAGE_REPORT }} - ${{ env.FUNCTION_COVERAGE_REPORT }} - ${{ env.BRANCH_COVERAGE_REPORT }} - ${{ env.RESULT_COVERAGE_REPORT }} diff --git a/.github/workflows_deactivated/ensureSCCoreDevApproval.yml b/.github/workflows_deactivated/ensureSCCoreDevApproval.yml deleted file mode 100644 index 0902a7bd3..000000000 --- a/.github/workflows_deactivated/ensureSCCoreDevApproval.yml +++ /dev/null @@ -1,123 +0,0 @@ -# - Smart Contract Core Dev Approval checker -# - makes sure that every pull_request is at least reviewed by one Smart Contract Core Dev -# (member of group https://github.com/orgs/lifinance/teams/smart-contract-core) - -name: SC Core Dev Approval Check - -on: - pull_request: - types: [opened, synchronize, reopened] - pull_request_review: - types: [submitted] - -jobs: - core-dev-approval: - if: ${{ github.event.pull_request.draft == false }} # will only run once the PR is in "Ready for Review" state - runs-on: ubuntu-latest - env: - CONTINUE: false # makes sure that variable is correctly initialized in all cases - steps: - - name: Get smart-contract-core Team Members - env: - GH_PAT: ${{ secrets.GIT_TOKEN }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - - ##### unset the default git token (does not have sufficient rights to get team members) - unset GITHUB_TOKEN - ##### use the Personal Access Token to log into git CLI - echo $GH_PAT | gh auth login --with-token - - ##### Function that uses github's REST API via CLI to get team members - getTeamMembers() { - local org=$1 - local team=$2 - gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - "/orgs/$org/teams/$team/members" | jq -r '.[].login' - } - - ORG_NAME="lifinance" - TEAM_SLUG="smart-contract-core" - - # Get members of each group - echo "Fetching members of $TEAM_SLUG..." - MEMBERS=$(getTeamMembers $ORG_NAME $TEAM_SLUG) - - #### check if any members were returned - if [[ -z $MEMBERS ]]; then - echo -e "\033[31mERROR: Could not retrieve team members of group $TEAM_SLUG\033[0m" - echo "CONTINUE=false" >> "$GITHUB_ENV" - exit 1 - fi - - echo "The following Github users are members of team smart-contract-core: " - echo "$MEMBERS" - - echo -e "$MEMBERS" > sc_core_dev_members.txt - echo "CONTINUE=true" >> "$GITHUB_ENV" - - - name: Check if PR is approved by at least one SC core dev - id: check-core-dev-approval - if: env.CONTINUE == 'true' - uses: actions/github-script@v7 - env: - PR_NUMBER: ${{ github.event.number }} - with: - script: | - const fs = require('fs'); - // ANSI escape codes for colors (used for colored output in Git action console) - const colors = { - reset: "\033[0m", - red: "\033[31m", - green: "\033[32m", - }; - - const coreDevsFile = 'sc_core_dev_members.txt'; - // Read handles from file - const coreDevs = fs.readFileSync(coreDevsFile, 'utf-8').split(/\r?\n/).filter(Boolean); - - // get all reviewers that have approved this PR - const { data: reviews } = await github.rest.pulls.listReviews({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: process.env.PR_NUMBER, - }); - - // make sure that reviews are available - if(!reviews || reviews.length === 0) { - console.log(`${colors.red}Could not get reviewers of this PR from Github. Are there any reviews yet?${colors.reset}`); - console.log(`${colors.red}Check failed.${colors.reset}`); - core.setFailed("Required approval is missing"); - return - } - - // Filter to only include reviews that have "APPROVED" status - const approvedReviews = reviews.filter(review => review.state === 'APPROVED'); - - if(!approvedReviews.length === 0) { - console.log(`${colors.red}Could not find any reviews with approval.${colors.reset}`); - console.log(`${colors.red}Cannot continue. Check failed.${colors.reset}`); - core.setFailed("Required approval is missing"); - return - } - - // extract the git login handles of all reviewers that approved this PR - const reviewerHandles = approvedReviews.map(review => review.user.login); - - if(approvedReviews.length === 0) - console.log(`${colors.red}This PR has no approvals${colors.reset}`); - else - console.log(`This PR has been approved by the following git members: ${reviewerHandles}`); - - // check if at least one of these reviewers is member in smart-contract-core group - if (reviewerHandles.some((handle) => coreDevs.includes(handle))) { - console.log(`${colors.green}The current PR is approved by a member of the smart-contract-core group.${colors.reset}`); - console.log(`${colors.green}Check passed.${colors.reset}`); - core.setOutput('approved', 'true'); - } else { - console.log(`${colors.red}The PR requires a missing approval by a member of the smart-contract-core group (https://github.com/orgs/lifinance/teams/smart-contract-core).${colors.reset}`); - console.log(`${colors.red}Check failed.${colors.reset}`); - core.setFailed("Required approval is missing"); - } diff --git a/.github/workflows_deactivated/protectAuditCompletedLabel.yml b/.github/workflows_deactivated/protectAuditCompletedLabel.yml deleted file mode 100644 index 8a2b8e477..000000000 --- a/.github/workflows_deactivated/protectAuditCompletedLabel.yml +++ /dev/null @@ -1,78 +0,0 @@ -# - Protect "AuditCompleted" Label -# - makes sure that the label "AuditCompleted" can only be assigned by a Github action and not by a human actor -# - will undo any unauthorized change of this label -# - will fail if it runs into an error, otherwise pass - -name: Protect "AuditCompleted" Label - -on: - pull_request_target: #### << needs to be changed to 'pull_request' to activate it - types: [labeled, unlabeled] - -jobs: - protect_audit_label: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Log Event Payload - run: | - if [[ "${{ github.actor }}" == "github-actions" ]]; then - echo "This action was triggered by another GitHub Action." - else - echo "This action was triggered by a user: ${{ github.actor }}." - fi - echo "${{ github.event }}" - - - name: Check if "AuditCompleted" label was modified - env: - GITHUB_TOKEN: ${{ secrets.LIFI_GIT_ACTIONS_TOKEN }} - GH_PAT: ${{ secrets.LIFI_GIT_ACTIONS_TOKEN }} - run: | - # The label being monitored - TARGET_LABEL="AuditCompleted" - - # Check if the event was triggered by any other github action - if [[ "${{ github.actor }}" != "lifiGitActions" ]]; then #### TODO: REPLACE WITH GITHUB_ACTIONS_PAT and USERNAME <<<<<----------- - echo "This event was triggered by ${{ github.actor }}. Checking label..." - - # Determine if the label was added or removed - ACTION_TYPE="none" - if [[ "${{ github.event.action }}" == "labeled" && "${{ github.event.label.name }}" == "$TARGET_LABEL" ]]; then - ACTION_TYPE="added" - elif [[ "${{ github.event.action }}" == "unlabeled" && "${{ github.event.label.name }}" == "$TARGET_LABEL" ]]; then - ACTION_TYPE="removed" - fi - - # Revert the label change if necessary - if [[ "$ACTION_TYPE" != "none" ]]; then - echo -e "\033[31mUnauthorized modification of '$TARGET_LABEL' by ${{ github.actor }}. Reverting change...\033[0m" - - ##### remove or re-add label, depending on the case - if [[ "$ACTION_TYPE" == "added" ]]; then - # Remove the unauthorized label addition - gh pr edit ${{ github.event.pull_request.number }} --remove-label "$TARGET_LABEL" - elif [[ "$ACTION_TYPE" == "removed" ]]; then - # Re-add the unauthorized label removal - gh pr edit ${{ github.event.pull_request.number }} --add-label "$TARGET_LABEL" - fi - - # make sure that the label change was undone - CURRENT_LABELS=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name') - if [[ "$ACTION_TYPE" == "added" && "$CURRENT_LABELS" == *"$TARGET_LABEL"* ]]; then - echo -e "\033[31Failed to remove the unauthorized 'AuditCompleted' label.\033[0m" - exit 1 - elif [[ "$ACTION_TYPE" == "removed" && "$CURRENT_LABELS" != *"$TARGET_LABEL"* ]]; then - echo -e "\033[31Failed to re-add the 'AuditCompleted' label.\033[0m" - exit 1 - fi - - echo -e "\033[32Unauthorized label modification was successfully prevented and undone.\033[0m" - else - echo -e "\033[32mNo unauthorized modifications detected.\033[0m" - fi - else - echo -e "\033[32mLabel change initiated by GitHub Action. No checks required.\033[0m" - fi diff --git a/audit/auditLog.json b/audit/auditLog.json index efed43665..50e1354a0 100644 --- a/audit/auditLog.json +++ b/audit/auditLog.json @@ -69,7 +69,7 @@ "auditorGitHandle": "sujithsomraaj", "auditReportPath": "./audit/reports/2024.12.03_LiFiDexAggregator.pdf", "auditCommitHash": "8a34562c912b5b19c919bb95338655c944428af5" - } + }, "audit20241205": { "auditCompletedOn": "05.12.2024", "auditedBy": "Sujith Somraaj (individual security researcher)", @@ -129,100 +129,188 @@ }, "auditedContracts": { "AcrossFacetV3": { - "1.0.0": ["audit20241007"], - "1.1.0": ["audit20250106"] + "1.0.0": [ + "audit20241007" + ], + "1.1.0": [ + "audit20250106" + ] }, "AcrossFacetPackedV3": { - "1.0.0": ["audit20241007"], - "1.2.0": ["audit20241206"] + "1.0.0": [ + "audit20241007" + ], + "1.2.0": [ + "audit20241206" + ] }, "CalldataVerificationFacet": { - "1.2.0": ["audit20240902"] + "1.2.0": [ + "audit20240902" + ] }, "DeBridgeDlnFacet": { - "1.0.0": ["audit20241205"] + "1.0.0": [ + "audit20241205" + ] }, "EmergencyPauseFacet": { - "1.0.0": ["audit20240913"], - "1.0.1": ["audit20241105"] + "1.0.0": [ + "audit20240913" + ], + "1.0.1": [ + "audit20241105" + ] }, "ERC20Proxy": { - "1.1.0": ["audit20250109_2"] + "1.1.0": [ + "audit20250109_2" + ] }, "Executor": { - "2.1.0": ["audit20250109_2"] + "2.1.0": [ + "audit20250109_2" + ] }, "FeeCollector": { - "1.0.1": ["audit20250109_3"] + "1.0.1": [ + "audit20250109_3" + ] }, "GasZipFacet": { - "2.0.0": ["audit20241107"], - "2.0.2": ["audit20250110_1"] + "2.0.0": [ + "audit20241107" + ], + "2.0.2": [ + "audit20250110_1" + ] }, "GasZipPeriphery": { - "1.0.0": ["audit20241107"], - "1.0.1": ["audit20250110_1"] + "1.0.0": [ + "audit20241107" + ], + "1.0.1": [ + "audit20250110_1" + ] }, "IAcrossSpokePool": { - "1.0.0": ["audit20250106"] + "1.0.0": [ + "audit20250106" + ] }, "IGasZip": { - "1.0.0": ["audit20241107"] + "1.0.0": [ + "audit20241107" + ] }, "LibAsset": { - "1.0.1": ["audit20241202"], - "1.0.2": ["audit20250110_1"] + "1.0.1": [ + "audit20241202" + ], + "1.0.2": [ + "audit20250110_1" + ] }, "LiFiDEXAggregator": { - "1.5.0": ["audit20241203"], - "1.6.0": ["audit20250109_2"], - "1.5.1": ["audit20250109_3"] + "1.5.0": [ + "audit20241203" + ], + "1.6.0": [ + "audit20250109_2" + ], + "1.5.1": [ + "audit20250109_3" + ] }, "LiFiTimelockController": { - "1.0.0": ["audit20250110_2"] + "1.0.0": [ + "audit20250110_2" + ] }, "LiFuelFeeCollector": { - "1.0.2": ["audit20250109_3"] + "1.0.2": [ + "audit20250109_3" + ] }, "Permit2Proxy": { - "1.0.0": ["audit20241122"], - "1.0.1": ["audit20250110_1"], - "1.0.2": ["audit20250109_3"] + "1.0.0": [ + "audit20241122" + ], + "1.0.1": [ + "audit20250110_1" + ], + "1.0.2": [ + "audit20250109_3" + ] }, "Receiver": { - "2.0.3": ["audit20250109_3"], - "2.1.0": ["audit20250109_2"] + "2.0.3": [ + "audit20250109_3" + ], + "2.1.0": [ + "audit20250109_2" + ] }, "ReceiverAcrossV3": { - "1.0.0": ["audit20241007"], - "1.0.1": ["audit20241206"], - "1.0.2": ["audit20250110_1"], - "1.1.0": ["audit20250109_2"] + "1.0.0": [ + "audit20241007" + ], + "1.0.1": [ + "audit20241206" + ], + "1.0.2": [ + "audit20250110_1" + ], + "1.1.0": [ + "audit20250109_2" + ] }, "ReceiverStargateV2": { - "1.0.1": ["audit20250109_3"], - "1.1.0": ["audit20250109_2"] + "1.0.1": [ + "audit20250109_3" + ], + "1.1.0": [ + "audit20250109_2" + ] }, "RelayerCelerIM": { - "1.0.3": ["audit20250109_3"], - "2.1.0": ["audit20250109_2"], - "2.1.1": ["audit20250109_3"] + "1.0.3": [ + "audit20250109_3" + ], + "2.1.0": [ + "audit20250109_2" + ], + "2.1.1": [ + "audit20250109_3" + ] }, "RelayFacet": { - "1.0.0": ["audit20241202"] + "1.0.0": [ + "audit20241202" + ] }, "StargateFacetV2": { - "1.0.1": ["audit20240814"] + "1.0.1": [ + "audit20240814" + ] }, "ThorSwapFacet": { - "1.2.1": ["audit20250109_1"] + "1.2.1": [ + "audit20250109_1" + ] }, "TokenWrapper": { - "1.0.1": ["audit20250109_3"], - "1.1.0": ["audit20250109_2"] + "1.0.1": [ + "audit20250109_3" + ], + "1.1.0": [ + "audit20250109_2" + ] }, "WithdrawablePeriphery": { - "1.0.0": ["audit20241014"] + "1.0.0": [ + "audit20241014" + ] } } } diff --git a/src/Facets/AcrossFacet.sol b/src/Facets/AcrossFacet.sol index 4736a7cb5..3cb75ca7f 100644 --- a/src/Facets/AcrossFacet.sol +++ b/src/Facets/AcrossFacet.sol @@ -13,7 +13,7 @@ import { Validatable } from "../Helpers/Validatable.sol"; /// @title Across Facet /// @author LI.FI (https://li.fi) /// @notice Provides functionality for bridging through Across Protocol -/// @custom:version 2.1.0 +/// @custom:version 2.0.0 contract AcrossFacet is ILiFi, ReentrancyGuard, SwapperV2, Validatable { /// Storage /// @@ -46,8 +46,6 @@ contract AcrossFacet is ILiFi, ReentrancyGuard, SwapperV2, Validatable { wrappedNative = _wrappedNative; } - function bla() external {} - /// External Methods /// /// @notice Bridges tokens via Across