From 9900b2a8b213e3cc4c95c27077094f6372a035b3 Mon Sep 17 00:00:00 2001 From: aniket866 Date: Wed, 25 Mar 2026 00:16:37 +0530 Subject: [PATCH 01/28] advance-worflows --- .github/workflows/4naly3er.yml | 27 ++++++++++++ .github/workflows/abi-diff.yml | 47 ++++++++++++++++++++ .github/workflows/contract-size.yml | 31 +++++++++++++ .github/workflows/coverage.yml | 35 +++++++++++++++ .github/workflows/deployment-dry-run.yml | 32 ++++++++++++++ .github/workflows/gas-report.yml | 25 +++++++++++ .github/workflows/gas-snapshot.yml | 33 ++++++++++++++ .github/workflows/mythril.yml | 36 +++++++++++++++ .github/workflows/storage-layout-diff.yml | 53 +++++++++++++++++++++++ 9 files changed, 319 insertions(+) create mode 100644 .github/workflows/4naly3er.yml create mode 100644 .github/workflows/abi-diff.yml create mode 100644 .github/workflows/contract-size.yml create mode 100644 .github/workflows/coverage.yml create mode 100644 .github/workflows/deployment-dry-run.yml create mode 100644 .github/workflows/gas-report.yml create mode 100644 .github/workflows/gas-snapshot.yml create mode 100644 .github/workflows/mythril.yml create mode 100644 .github/workflows/storage-layout-diff.yml diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml new file mode 100644 index 0000000..1375665 --- /dev/null +++ b/.github/workflows/4naly3er.yml @@ -0,0 +1,27 @@ +name: 4naly3er Report + +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] + +jobs: + 4naly3er: + name: 4naly3er Gas Optimization Report + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "18" + + - name: Install 4naly3er + run: npm install -g @0xsomnus/4naly3er + + - name: Run 4naly3er on src/ + run: 4naly3er src/ diff --git a/.github/workflows/abi-diff.yml b/.github/workflows/abi-diff.yml new file mode 100644 index 0000000..473722d --- /dev/null +++ b/.github/workflows/abi-diff.yml @@ -0,0 +1,47 @@ +name: ABI Diff Check + +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] + +env: + FOUNDRY_PROFILE: ci + +jobs: + abi-diff: + name: ABI Diff Check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Build contracts + run: forge build + + - name: Generate ABIs and diff against baseline + run: | + mkdir -p .abi-current + CHANGED=0 + # Edit this list to match your contract names + CONTRACTS=("YourContract" "AnotherContract") + for contract in "${CONTRACTS[@]}"; do + forge inspect "$contract" abi > ".abi-current/${contract}.json" 2>/dev/null || true + baseline=".abi-baselines/${contract}.json" + if [ -f "$baseline" ]; then + if ! diff -u "$baseline" ".abi-current/${contract}.json"; then + echo "❌ ABI changed for $contract — this may be a breaking change!" + CHANGED=1 + fi + else + echo "⚠️ No ABI baseline for $contract — add it to .abi-baselines/" + fi + done + if [ "$CHANGED" -eq 1 ]; then + exit 1 + fi diff --git a/.github/workflows/contract-size.yml b/.github/workflows/contract-size.yml new file mode 100644 index 0000000..b97615c --- /dev/null +++ b/.github/workflows/contract-size.yml @@ -0,0 +1,31 @@ +name: Contract Size Check + +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] + +env: + FOUNDRY_PROFILE: ci + +jobs: + contract-size: + name: Contract Size Check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Build and check contract sizes + run: | + forge build --sizes 2>&1 | tee sizes.txt + # Fail if any contract is >= 23KB (warn zone before 24KB EIP-170 limit) + if grep -E "[2-9][3-9]\.[0-9]+ KB|2[4-9]\.[0-9]+ KB" sizes.txt; then + echo "❌ One or more contracts are dangerously close to or over the 24KB limit." + exit 1 + fi diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml new file mode 100644 index 0000000..f0d7c32 --- /dev/null +++ b/.github/workflows/coverage.yml @@ -0,0 +1,35 @@ +name: Coverage Report + +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] + +env: + FOUNDRY_PROFILE: ci + +jobs: + coverage: + name: Coverage Report + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Install lcov + run: sudo apt-get install -y lcov + + - name: Generate coverage report + run: forge coverage --report lcov + + - name: Upload to Codecov + uses: codecov/codecov-action@v4 + with: + files: ./lcov.info + fail_ci_if_error: false + token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/deployment-dry-run.yml b/.github/workflows/deployment-dry-run.yml new file mode 100644 index 0000000..6a7c480 --- /dev/null +++ b/.github/workflows/deployment-dry-run.yml @@ -0,0 +1,32 @@ +name: Deployment Dry-Run + +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] + +env: + FOUNDRY_PROFILE: ci + +jobs: + deployment-dry-run: + name: Deployment Dry-Run (Forked Mainnet) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Run deployment script on forked mainnet + env: + RPC_URL: ${{ secrets.RPC_URL }} + run: | + forge script script/Deploy.s.sol \ + --fork-url "$RPC_URL" \ + --gas-estimate-multiplier 110 \ + --via-ir \ + -vvv diff --git a/.github/workflows/gas-report.yml b/.github/workflows/gas-report.yml new file mode 100644 index 0000000..0c74556 --- /dev/null +++ b/.github/workflows/gas-report.yml @@ -0,0 +1,25 @@ +name: Gas Report + +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] + +env: + FOUNDRY_PROFILE: ci + +jobs: + gas-report: + name: Gas Report on Test Run + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Run tests with gas report + run: forge test --gas-report diff --git a/.github/workflows/gas-snapshot.yml b/.github/workflows/gas-snapshot.yml new file mode 100644 index 0000000..3adbb34 --- /dev/null +++ b/.github/workflows/gas-snapshot.yml @@ -0,0 +1,33 @@ +name: Gas Snapshot Diff + +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] + +env: + FOUNDRY_PROFILE: ci + +jobs: + gas-snapshot: + name: Gas Snapshot Diff + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Run gas snapshot + run: forge snapshot + + - name: Compare gas snapshot diff + run: | + forge snapshot --diff .gas-snapshot + if [ $? -ne 0 ]; then + echo "❌ Gas usage increased. Review the diff above." + exit 1 + fi diff --git a/.github/workflows/mythril.yml b/.github/workflows/mythril.yml new file mode 100644 index 0000000..f38c39b --- /dev/null +++ b/.github/workflows/mythril.yml @@ -0,0 +1,36 @@ +name: Mythril Security Scan + +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] + +env: + FOUNDRY_PROFILE: ci + +jobs: + mythril: + name: Mythril Security Scan + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Build contracts + run: forge build + + - name: Run Mythril on all contracts + run: | + find src -name "*.sol" | while read contract; do + echo "🔍 Scanning $contract ..." + docker run --rm \ + -v "$(pwd):/project" \ + mythril/myth analyze "/project/$contract" \ + --solc-json /project/foundry.toml \ + --execution-timeout 60 || true + done diff --git a/.github/workflows/storage-layout-diff.yml b/.github/workflows/storage-layout-diff.yml new file mode 100644 index 0000000..affb882 --- /dev/null +++ b/.github/workflows/storage-layout-diff.yml @@ -0,0 +1,53 @@ +name: Storage Layout Diff + +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] + +env: + FOUNDRY_PROFILE: ci + +jobs: + storage-layout-diff: + name: Storage Layout Diff + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Build contracts + run: forge build + + - name: Generate storage layouts + run: | + mkdir -p .storage-layouts + # Edit this list to match your contract names + CONTRACTS=("YourContract" "AnotherContract") + for contract in "${CONTRACTS[@]}"; do + forge inspect "$contract" storage-layout > ".storage-layouts/${contract}.json" 2>/dev/null || true + done + + - name: Diff against baseline + run: | + CHANGED=0 + for file in .storage-layouts/*.json; do + name=$(basename "$file") + baseline=".storage-baselines/$name" + if [ -f "$baseline" ]; then + if ! diff -u "$baseline" "$file"; then + echo "❌ Storage layout changed for $name" + CHANGED=1 + fi + else + echo "⚠️ No baseline found for $name — add it to .storage-baselines/" + fi + done + if [ "$CHANGED" -eq 1 ]; then + exit 1 + fi From 680be7f2489cc1a726c19cb09667570044992e46 Mon Sep 17 00:00:00 2001 From: aniket866 Date: Wed, 25 Mar 2026 00:20:45 +0530 Subject: [PATCH 02/28] advance-worflows --- .github/workflows/deployment-dry-run.yml | 32 ------------------------ 1 file changed, 32 deletions(-) delete mode 100644 .github/workflows/deployment-dry-run.yml diff --git a/.github/workflows/deployment-dry-run.yml b/.github/workflows/deployment-dry-run.yml deleted file mode 100644 index 6a7c480..0000000 --- a/.github/workflows/deployment-dry-run.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Deployment Dry-Run - -on: - push: - branches: [main, master] - pull_request: - branches: [main, master] - -env: - FOUNDRY_PROFILE: ci - -jobs: - deployment-dry-run: - name: Deployment Dry-Run (Forked Mainnet) - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Install Foundry - uses: foundry-rs/foundry-toolchain@v1 - - - name: Run deployment script on forked mainnet - env: - RPC_URL: ${{ secrets.RPC_URL }} - run: | - forge script script/Deploy.s.sol \ - --fork-url "$RPC_URL" \ - --gas-estimate-multiplier 110 \ - --via-ir \ - -vvv From 7a46d102603bde2be1bbbeeffb731c210517f991 Mon Sep 17 00:00:00 2001 From: Aniket Date: Wed, 25 Mar 2026 22:43:16 +0530 Subject: [PATCH 03/28] Code rabbit follow up Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/4naly3er.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index 1375665..9ca6099 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -7,7 +7,7 @@ on: branches: [main, master] jobs: - 4naly3er: + analyzer_4naly3er: name: 4naly3er Gas Optimization Report runs-on: ubuntu-latest steps: From 085732e5dbc0611d78e633e37a427a62d83a906f Mon Sep 17 00:00:00 2001 From: Aniket Date: Wed, 25 Mar 2026 22:53:23 +0530 Subject: [PATCH 04/28] Code rabbit follow up Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/contract-size.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/contract-size.yml b/.github/workflows/contract-size.yml index b97615c..2b57134 100644 --- a/.github/workflows/contract-size.yml +++ b/.github/workflows/contract-size.yml @@ -24,8 +24,8 @@ jobs: - name: Build and check contract sizes run: | forge build --sizes 2>&1 | tee sizes.txt - # Fail if any contract is >= 23KB (warn zone before 24KB EIP-170 limit) - if grep -E "[2-9][3-9]\.[0-9]+ KB|2[4-9]\.[0-9]+ KB" sizes.txt; then + # Fail if any contract is >= 23616 bytes (warn zone before 24KB EIP-170 limit) + if grep -E '^\s*\|.*\s([2-9][0-9]{3}|[1-9][0-9]{4})\s' sizes.txt; then echo "❌ One or more contracts are dangerously close to or over the 24KB limit." exit 1 fi From 1b5f9e3f59ad0d3d6ac985e465e6b3fb4b4a80fc Mon Sep 17 00:00:00 2001 From: Aniket Date: Wed, 25 Mar 2026 22:55:28 +0530 Subject: [PATCH 05/28] Code rabbit follow up Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/gas-snapshot.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/gas-snapshot.yml b/.github/workflows/gas-snapshot.yml index 3adbb34..b8d5764 100644 --- a/.github/workflows/gas-snapshot.yml +++ b/.github/workflows/gas-snapshot.yml @@ -21,13 +21,9 @@ jobs: - name: Install Foundry uses: foundry-rs/foundry-toolchain@v1 - - name: Run gas snapshot - run: forge snapshot - - name: Compare gas snapshot diff run: | - forge snapshot --diff .gas-snapshot - if [ $? -ne 0 ]; then + if ! forge snapshot --diff .gas-snapshot; then echo "❌ Gas usage increased. Review the diff above." exit 1 fi From 0b1af16645c3eade2e681c2b2e1ba3fb44490860 Mon Sep 17 00:00:00 2001 From: Aniket Date: Wed, 25 Mar 2026 22:56:09 +0530 Subject: [PATCH 06/28] Code rabbit follow up Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/mythril.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/mythril.yml b/.github/workflows/mythril.yml index f38c39b..4f86a7d 100644 --- a/.github/workflows/mythril.yml +++ b/.github/workflows/mythril.yml @@ -31,6 +31,6 @@ jobs: docker run --rm \ -v "$(pwd):/project" \ mythril/myth analyze "/project/$contract" \ - --solc-json /project/foundry.toml \ - --execution-timeout 60 || true + --solv 0.8.24 \ + --execution-timeout 60 done From 73974b9ec937c9d3fc66936ffce13991b209a397 Mon Sep 17 00:00:00 2001 From: aniket866 Date: Wed, 25 Mar 2026 22:59:51 +0530 Subject: [PATCH 07/28] code-rabbit-local-fix --- .github/workflows/4naly3er.yml | 2 +- .github/workflows/abi-diff.yml | 21 +++++++++++++++++---- .github/workflows/contract-size.yml | 4 ++-- .github/workflows/coverage.yml | 4 +++- .github/workflows/storage-layout-diff.yml | 19 ++++++++++++++----- 5 files changed, 37 insertions(+), 13 deletions(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index 9ca6099..b48539b 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -21,7 +21,7 @@ jobs: node-version: "18" - name: Install 4naly3er - run: npm install -g @0xsomnus/4naly3er + run: npm install -g 4naly3er - name: Run 4naly3er on src/ run: 4naly3er src/ diff --git a/.github/workflows/abi-diff.yml b/.github/workflows/abi-diff.yml index 473722d..e3b501a 100644 --- a/.github/workflows/abi-diff.yml +++ b/.github/workflows/abi-diff.yml @@ -28,10 +28,21 @@ jobs: run: | mkdir -p .abi-current CHANGED=0 - # Edit this list to match your contract names - CONTRACTS=("YourContract" "AnotherContract") + + # Derive contract names from existing baselines to avoid placeholder drift. + mapfile -t CONTRACTS < <(find .abi-baselines -type f -name '*.json' -exec basename {} .json \;) + if [ "${#CONTRACTS[@]}" -eq 0 ]; then + echo "::error::No ABI baselines found in .abi-baselines/. Cannot run ABI diff." + exit 1 + fi + for contract in "${CONTRACTS[@]}"; do - forge inspect "$contract" abi > ".abi-current/${contract}.json" 2>/dev/null || true + if ! forge inspect "$contract" abi > ".abi-current/${contract}.json" 2>/dev/null; then + echo "::error::Failed to generate ABI for $contract" + CHANGED=1 + continue + fi + baseline=".abi-baselines/${contract}.json" if [ -f "$baseline" ]; then if ! diff -u "$baseline" ".abi-current/${contract}.json"; then @@ -39,9 +50,11 @@ jobs: CHANGED=1 fi else - echo "⚠️ No ABI baseline for $contract — add it to .abi-baselines/" + echo "::error::No ABI baseline for $contract. Add .abi-baselines/${contract}.json" + CHANGED=1 fi done + if [ "$CHANGED" -eq 1 ]; then exit 1 fi diff --git a/.github/workflows/contract-size.yml b/.github/workflows/contract-size.yml index b97615c..2b57134 100644 --- a/.github/workflows/contract-size.yml +++ b/.github/workflows/contract-size.yml @@ -24,8 +24,8 @@ jobs: - name: Build and check contract sizes run: | forge build --sizes 2>&1 | tee sizes.txt - # Fail if any contract is >= 23KB (warn zone before 24KB EIP-170 limit) - if grep -E "[2-9][3-9]\.[0-9]+ KB|2[4-9]\.[0-9]+ KB" sizes.txt; then + # Fail if any contract is >= 23616 bytes (warn zone before 24KB EIP-170 limit) + if grep -E '^\s*\|.*\s([2-9][0-9]{3}|[1-9][0-9]{4})\s' sizes.txt; then echo "❌ One or more contracts are dangerously close to or over the 24KB limit." exit 1 fi diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index f0d7c32..c52df8b 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -22,7 +22,9 @@ jobs: uses: foundry-rs/foundry-toolchain@v1 - name: Install lcov - run: sudo apt-get install -y lcov + run: | + sudo apt-get update + sudo apt-get install -y lcov - name: Generate coverage report run: forge coverage --report lcov diff --git a/.github/workflows/storage-layout-diff.yml b/.github/workflows/storage-layout-diff.yml index affb882..7242e4e 100644 --- a/.github/workflows/storage-layout-diff.yml +++ b/.github/workflows/storage-layout-diff.yml @@ -26,17 +26,24 @@ jobs: - name: Generate storage layouts run: | + set -euo pipefail mkdir -p .storage-layouts - # Edit this list to match your contract names - CONTRACTS=("YourContract" "AnotherContract") + CONTRACTS=("YourRealContractA" "YourRealContractB") for contract in "${CONTRACTS[@]}"; do - forge inspect "$contract" storage-layout > ".storage-layouts/${contract}.json" 2>/dev/null || true + forge inspect "$contract" storage-layout > ".storage-layouts/${contract}.json" done - name: Diff against baseline run: | + shopt -s nullglob CHANGED=0 - for file in .storage-layouts/*.json; do + files=(.storage-layouts/*.json) + if [ ${#files[@]} -eq 0 ]; then + echo "❌ No storage layouts were generated." + exit 1 + fi + + for file in "${files[@]}"; do name=$(basename "$file") baseline=".storage-baselines/$name" if [ -f "$baseline" ]; then @@ -45,9 +52,11 @@ jobs: CHANGED=1 fi else - echo "⚠️ No baseline found for $name — add it to .storage-baselines/" + echo "❌ No baseline found for $name — add it to .storage-baselines/" + CHANGED=1 fi done + if [ "$CHANGED" -eq 1 ]; then exit 1 fi From 5cb0bb41590ee1896c80d0079cab0bb421bd96c7 Mon Sep 17 00:00:00 2001 From: aniket866 Date: Wed, 25 Mar 2026 23:10:20 +0530 Subject: [PATCH 08/28] code-rabbit-local-fix --- .github/workflows/4naly3er.yml | 9 +++++++-- .github/workflows/abi-diff.yml | 9 +++++++-- .github/workflows/gas-snapshot.yml | 5 +++++ .github/workflows/storage-layout-diff.yml | 21 ++++++++++++++++++--- 4 files changed, 37 insertions(+), 7 deletions(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index b48539b..71fd260 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -21,7 +21,12 @@ jobs: node-version: "18" - name: Install 4naly3er - run: npm install -g 4naly3er + run: | + git clone https://github.com/Picodes/4naly3er + cd 4naly3er + yarn - name: Run 4naly3er on src/ - run: 4naly3er src/ + run: | + cd 4naly3er + yarn analyze ../src ../4naly3er-report.md diff --git a/.github/workflows/abi-diff.yml b/.github/workflows/abi-diff.yml index e3b501a..98c11db 100644 --- a/.github/workflows/abi-diff.yml +++ b/.github/workflows/abi-diff.yml @@ -29,11 +29,16 @@ jobs: mkdir -p .abi-current CHANGED=0 + if [ ! -d .abi-baselines ]; then + echo "No .abi-baselines directory. Skipping check." + exit 0 + fi + # Derive contract names from existing baselines to avoid placeholder drift. mapfile -t CONTRACTS < <(find .abi-baselines -type f -name '*.json' -exec basename {} .json \;) if [ "${#CONTRACTS[@]}" -eq 0 ]; then - echo "::error::No ABI baselines found in .abi-baselines/. Cannot run ABI diff." - exit 1 + echo "No ABI baselines found in .abi-baselines/. Skipping ABI diff." + exit 0 fi for contract in "${CONTRACTS[@]}"; do diff --git a/.github/workflows/gas-snapshot.yml b/.github/workflows/gas-snapshot.yml index b8d5764..1fde93a 100644 --- a/.github/workflows/gas-snapshot.yml +++ b/.github/workflows/gas-snapshot.yml @@ -23,6 +23,11 @@ jobs: - name: Compare gas snapshot diff run: | + if [ ! -f .gas-snapshot ]; then + echo "No .gas-snapshot found. Generating one now instead of diffing." + forge snapshot + exit 0 + fi if ! forge snapshot --diff .gas-snapshot; then echo "❌ Gas usage increased. Review the diff above." exit 1 diff --git a/.github/workflows/storage-layout-diff.yml b/.github/workflows/storage-layout-diff.yml index 7242e4e..915ed03 100644 --- a/.github/workflows/storage-layout-diff.yml +++ b/.github/workflows/storage-layout-diff.yml @@ -27,8 +27,19 @@ jobs: - name: Generate storage layouts run: | set -euo pipefail + if [ ! -d .storage-baselines ]; then + echo "No .storage-baselines directory. Skipping generation." + exit 0 + fi + mkdir -p .storage-layouts - CONTRACTS=("YourRealContractA" "YourRealContractB") + mapfile -t CONTRACTS < <(find .storage-baselines -type f -name '*.json' -exec basename {} .json \;) + + if [ "${#CONTRACTS[@]}" -eq 0 ]; then + echo "No baselines found in .storage-baselines. Skipping generation." + exit 0 + fi + for contract in "${CONTRACTS[@]}"; do forge inspect "$contract" storage-layout > ".storage-layouts/${contract}.json" done @@ -37,10 +48,14 @@ jobs: run: | shopt -s nullglob CHANGED=0 + if [ ! -d .storage-layouts ]; then + echo "No .storage-layouts generated. Skipping diff." + exit 0 + fi files=(.storage-layouts/*.json) if [ ${#files[@]} -eq 0 ]; then - echo "❌ No storage layouts were generated." - exit 1 + echo "No storage layouts were generated. Skipping diff." + exit 0 fi for file in "${files[@]}"; do From 87616905a758c577481364502a01585a633eb1d8 Mon Sep 17 00:00:00 2001 From: aniket866 Date: Wed, 25 Mar 2026 23:16:46 +0530 Subject: [PATCH 09/28] local-code-rabbit-fix --- .github/workflows/4naly3er.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index 71fd260..5d22568 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -22,8 +22,9 @@ jobs: - name: Install 4naly3er run: | - git clone https://github.com/Picodes/4naly3er + git clone https://github.com/Kitsune-Analysis/4naly3er cd 4naly3er + rm -f src/issues/NC/uselessOverride.ts || true yarn - name: Run 4naly3er on src/ From d3b3d1e2ee9d9f4d67e704110b2bb318be146f50 Mon Sep 17 00:00:00 2001 From: aniket866 Date: Wed, 25 Mar 2026 23:19:54 +0530 Subject: [PATCH 10/28] local-code-rabbit-fix --- .github/workflows/4naly3er.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index 5d22568..5623c89 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -22,7 +22,7 @@ jobs: - name: Install 4naly3er run: | - git clone https://github.com/Kitsune-Analysis/4naly3er + git clone https://github.com/Picodes/4naly3er cd 4naly3er rm -f src/issues/NC/uselessOverride.ts || true yarn From 891270962363bc889441eccd40c5a68b332676d5 Mon Sep 17 00:00:00 2001 From: Aniket Date: Wed, 25 Mar 2026 23:31:59 +0530 Subject: [PATCH 11/28] Code rabbit follow up Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/4naly3er.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index 5623c89..e3228fd 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -18,7 +18,7 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version: "18" + node-version: "24" - name: Install 4naly3er run: | From aa44c2902aa41dcab247bd7731a88b32b6a9bace Mon Sep 17 00:00:00 2001 From: Aniket Date: Wed, 25 Mar 2026 23:32:21 +0530 Subject: [PATCH 12/28] Code rabbit follow up Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/4naly3er.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index e3228fd..f4a9296 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -24,9 +24,10 @@ jobs: run: | git clone https://github.com/Picodes/4naly3er cd 4naly3er + git checkout rm -f src/issues/NC/uselessOverride.ts || true - yarn - + corepack enable + yarn install --frozen-lockfile - name: Run 4naly3er on src/ run: | cd 4naly3er From f2da137ad680a7c55cd21e21bb6a88ac082cb953 Mon Sep 17 00:00:00 2001 From: Aniket Date: Wed, 25 Mar 2026 23:32:40 +0530 Subject: [PATCH 13/28] Code rabbit follow up Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/gas-snapshot.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/gas-snapshot.yml b/.github/workflows/gas-snapshot.yml index 1fde93a..0c0ae54 100644 --- a/.github/workflows/gas-snapshot.yml +++ b/.github/workflows/gas-snapshot.yml @@ -24,11 +24,11 @@ jobs: - name: Compare gas snapshot diff run: | if [ ! -f .gas-snapshot ]; then - echo "No .gas-snapshot found. Generating one now instead of diffing." - forge snapshot - exit 0 + echo "::error::.gas-snapshot is missing. Commit a baseline snapshot to enable gas regression checks." + exit 1 fi if ! forge snapshot --diff .gas-snapshot; then echo "❌ Gas usage increased. Review the diff above." exit 1 fi + fi From c493e3aff07913b1c985084584ece176f4bf4d8e Mon Sep 17 00:00:00 2001 From: Aniket Date: Wed, 25 Mar 2026 23:36:14 +0530 Subject: [PATCH 14/28] Code rabbit follow-up --- .github/workflows/4naly3er.yml | 62 +++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 27 deletions(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index f4a9296..84483bd 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -1,34 +1,42 @@ name: 4naly3er Report on: - push: - branches: [main, master] - pull_request: - branches: [main, master] + push: + branches: [main, master] + pull_request: + branches: [main, master] jobs: - analyzer_4naly3er: - name: 4naly3er Gas Optimization Report - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - submodules: recursive + analyzer_4naly3er: + name: 4naly3er Gas Optimization Report + runs-on: ubuntu-latest - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: "24" + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive - - name: Install 4naly3er - run: | - git clone https://github.com/Picodes/4naly3er - cd 4naly3er - git checkout - rm -f src/issues/NC/uselessOverride.ts || true - corepack enable - yarn install --frozen-lockfile - - name: Run 4naly3er on src/ - run: | - cd 4naly3er - yarn analyze ../src ../4naly3er-report.md + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "24" + + - name: Install 4naly3er + run: | + git clone https://github.com/Picodes/4naly3er + cd 4naly3er + git checkout + rm -f src/issues/NC/uselessOverride.ts || true + corepack enable + yarn install --frozen-lockfile + + - name: Run 4naly3er on src/ + run: | + cd 4naly3er + yarn analyze ../src ../4naly3er-report.md + + - name: Upload 4naly3er report + uses: actions/upload-artifact@v4 + with: + name: 4naly3er-report + path: 4naly3er-report.md From c0320de9be591de17b77c1cdb29b5d2c51b6bf63 Mon Sep 17 00:00:00 2001 From: aniket866 Date: Wed, 25 Mar 2026 23:43:38 +0530 Subject: [PATCH 15/28] code-rabbit-followup --- .github/workflows/4naly3er.yml | 63 +++++++++++++++--------------- .github/workflows/gas-snapshot.yml | 1 - 2 files changed, 31 insertions(+), 33 deletions(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index 84483bd..d3639de 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -1,42 +1,41 @@ name: 4naly3er Report on: - push: - branches: [main, master] - pull_request: - branches: [main, master] + push: + branches: [main, master] + pull_request: + branches: [main, master] jobs: - analyzer_4naly3er: - name: 4naly3er Gas Optimization Report - runs-on: ubuntu-latest + analyzer_4naly3er: + name: 4naly3er Gas Optimization Report + runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - submodules: recursive + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: "24" + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "24" - - name: Install 4naly3er - run: | - git clone https://github.com/Picodes/4naly3er - cd 4naly3er - git checkout - rm -f src/issues/NC/uselessOverride.ts || true - corepack enable - yarn install --frozen-lockfile + - name: Install 4naly3er + run: | + git clone https://github.com/Picodes/4naly3er + cd 4naly3er + rm -f src/issues/NC/uselessOverride.ts || true + corepack enable + yarn install --frozen-lockfile - - name: Run 4naly3er on src/ - run: | - cd 4naly3er - yarn analyze ../src ../4naly3er-report.md + - name: Run 4naly3er on src/ + run: | + cd 4naly3er + yarn analyze ../src ../4naly3er-report.md - - name: Upload 4naly3er report - uses: actions/upload-artifact@v4 - with: - name: 4naly3er-report - path: 4naly3er-report.md + - name: Upload 4naly3er report + uses: actions/upload-artifact@v4 + with: + name: 4naly3er-report + path: 4naly3er-report.md diff --git a/.github/workflows/gas-snapshot.yml b/.github/workflows/gas-snapshot.yml index 0c0ae54..373a2ec 100644 --- a/.github/workflows/gas-snapshot.yml +++ b/.github/workflows/gas-snapshot.yml @@ -31,4 +31,3 @@ jobs: echo "❌ Gas usage increased. Review the diff above." exit 1 fi - fi From b321fba5bf157aad1ac2190f9f9c3c1690ce959d Mon Sep 17 00:00:00 2001 From: aniket866 Date: Wed, 25 Mar 2026 23:49:54 +0530 Subject: [PATCH 16/28] gas-snap-shot-fix --- .github/workflows/4naly3er.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index d3639de..be32961 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -27,7 +27,7 @@ jobs: cd 4naly3er rm -f src/issues/NC/uselessOverride.ts || true corepack enable - yarn install --frozen-lockfile + yarn install - name: Run 4naly3er on src/ run: | From c23b99ec3f9dd42f37282c5178d39db29693c31a Mon Sep 17 00:00:00 2001 From: aniket866 Date: Wed, 25 Mar 2026 23:52:43 +0530 Subject: [PATCH 17/28] gas-snapshot --- .gas-snapshot | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .gas-snapshot diff --git a/.gas-snapshot b/.gas-snapshot new file mode 100644 index 0000000..54d3ac0 --- /dev/null +++ b/.gas-snapshot @@ -0,0 +1,38 @@ +IdentityTokenTest:test_DeleteAttribute() (gas: 104049) +IdentityTokenTest:test_DeleteAttribute_EmitsEvent() (gas: 103782) +IdentityTokenTest:test_DeleteAttribute_NeverSet_DoesNotRevert() (gas: 96220) +IdentityTokenTest:test_DeleteAttribute_ThenReSet() (gas: 133002) +IdentityTokenTest:test_DeleteAttribute_Twice_DoesNotRevert() (gas: 106037) +IdentityTokenTest:test_Endorse() (gas: 280823) +IdentityTokenTest:test_GetAttribute() (gas: 121241) +IdentityTokenTest:test_GetAttribute_MatchesRawMapping() (gas: 123833) +IdentityTokenTest:test_GetIdentityByOwner_ReturnsEmptyIfNoToken() (gas: 10630) +IdentityTokenTest:test_GetIdentityByOwner_ReturnsTokenId() (gas: 87786) +IdentityTokenTest:test_GetIdentity_EndorsementCountUpdates() (gas: 269741) +IdentityTokenTest:test_GetIdentity_ReturnsCorrectFields() (gas: 98926) +IdentityTokenTest:test_GetIdentity_RevertsForNonexistentToken() (gas: 12336) +IdentityTokenTest:test_HasIdentity_False() (gas: 10198) +IdentityTokenTest:test_HasIdentity_True() (gas: 86907) +IdentityTokenTest:test_IsExpired_FalseBeforeExpiry() (gas: 261330) +IdentityTokenTest:test_IsExpired_FalseWhenNoValidUntil() (gas: 88627) +IdentityTokenTest:test_IsExpired_TrueAfterExpiry() (gas: 261752) +IdentityTokenTest:test_IsVerified_FalseWithExpiredEndorsement() (gas: 281042) +IdentityTokenTest:test_IsVerified_FalseWithNoEndorsements() (gas: 88627) +IdentityTokenTest:test_IsVerified_TrueWithActiveEndorsement() (gas: 260278) +IdentityTokenTest:test_Mint() (gas: 88284) +IdentityTokenTest:test_OverwriteAttribute() (gas: 129040) +IdentityTokenTest:test_RevertIf_BatchLengthMismatch() (gas: 92319) +IdentityTokenTest:test_RevertIf_CompromisedIdentityDeletesAttribute() (gas: 325685) +IdentityTokenTest:test_RevertIf_NotOwnerBatchSetsAttribute() (gas: 91542) +IdentityTokenTest:test_RevertIf_NotOwnerDeletesAttribute() (gas: 121538) +IdentityTokenTest:test_RevertIf_NotOwnerSetsAttribute() (gas: 90472) +IdentityTokenTest:test_RevertIf_NotOwnerUsesSetName() (gas: 89907) +IdentityTokenTest:test_SchemaConstants() (gas: 3090) +IdentityTokenTest:test_SetAttribute() (gas: 120877) +IdentityTokenTest:test_SetAttribute_EmptyValue() (gas: 99664) +IdentityTokenTest:test_SetAttribute_LongURL() (gas: 189521) +IdentityTokenTest:test_SetAttribute_SocialLinks() (gas: 188857) +IdentityTokenTest:test_SetAttributesBatch() (gas: 220621) +IdentityTokenTest:test_SetAttributesBatch_SingleEntry() (gas: 122819) +IdentityTokenTest:test_SetGithub() (gas: 120296) +IdentityTokenTest:test_SetName() (gas: 120329) From 3d6a0f844be518800e85b58217eb041fa817ba00 Mon Sep 17 00:00:00 2001 From: Aniket Date: Fri, 27 Mar 2026 16:33:08 +0530 Subject: [PATCH 18/28] Copilot-suggestions Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/contract-size.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/contract-size.yml b/.github/workflows/contract-size.yml index 2b57134..aed58f0 100644 --- a/.github/workflows/contract-size.yml +++ b/.github/workflows/contract-size.yml @@ -25,7 +25,22 @@ jobs: run: | forge build --sizes 2>&1 | tee sizes.txt # Fail if any contract is >= 23616 bytes (warn zone before 24KB EIP-170 limit) - if grep -E '^\s*\|.*\s([2-9][0-9]{3}|[1-9][0-9]{4})\s' sizes.txt; then + if awk ' + BEGIN { found = 0 } + /^\s*\|/ && $0 !~ /Contract/ { + size = 0 + for (i = 1; i <= NF; i++) { + if ($i ~ /^[0-9]+$/) { + size = $i + } + } + if (size + 0 >= 23616) { + print + found = 1 + } + } + END { exit(found ? 0 : 1) } + ' sizes.txt; then echo "❌ One or more contracts are dangerously close to or over the 24KB limit." exit 1 fi From 198453ccf216822aea94bac6bb7662be9b39146a Mon Sep 17 00:00:00 2001 From: Aniket Date: Fri, 27 Mar 2026 16:33:35 +0530 Subject: [PATCH 19/28] Copilot-suggestions Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/mythril.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/mythril.yml b/.github/workflows/mythril.yml index 4f86a7d..12f411b 100644 --- a/.github/workflows/mythril.yml +++ b/.github/workflows/mythril.yml @@ -26,11 +26,14 @@ jobs: - name: Run Mythril on all contracts run: | - find src -name "*.sol" | while read contract; do - echo "🔍 Scanning $contract ..." - docker run --rm \ - -v "$(pwd):/project" \ - mythril/myth analyze "/project/$contract" \ - --solv 0.8.24 \ - --execution-timeout 60 + sudo apt-get update && sudo apt-get install -y jq + find out -name "*.json" | while read artifact; do + CONTRACT=$(jq -r '.contractName // empty' "$artifact") + BYTECODE=$(jq -r '.deployedBytecode.object // empty' "$artifact") + if [ -n "$CONTRACT" ] && [ -n "$BYTECODE" ] && [ "$BYTECODE" != "0x" ]; then + echo "🔍 Scanning $CONTRACT from $artifact ..." + docker run --rm \ + mythril/myth analyze "$BYTECODE" \ + --execution-timeout 60 + fi done From f4ea87eb4758b8a89c554270adfb62aeecf9f4a2 Mon Sep 17 00:00:00 2001 From: Aniket Date: Fri, 27 Mar 2026 16:36:16 +0530 Subject: [PATCH 20/28] Copilot-fix --- .github/workflows/4naly3er.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index be32961..4a2b1a3 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -21,13 +21,14 @@ jobs: with: node-version: "24" - - name: Install 4naly3er + - name: Install 4naly3er (pinned) run: | git clone https://github.com/Picodes/4naly3er cd 4naly3er + git checkout rm -f src/issues/NC/uselessOverride.ts || true corepack enable - yarn install + yarn install --frozen-lockfile - name: Run 4naly3er on src/ run: | From eec5ddf3747b63e5804e92ba45092000f4d59a77 Mon Sep 17 00:00:00 2001 From: Aniket Date: Fri, 27 Mar 2026 16:40:02 +0530 Subject: [PATCH 21/28] Update 4naly3er workflow for optimization report --- .github/workflows/4naly3er.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index 4a2b1a3..decf4f1 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -12,20 +12,21 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout repo + uses: actions/checkout@v4 with: submodules: recursive - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version: "24" + node-version: "20" - - name: Install 4naly3er (pinned) + - name: Install 4naly3er (pinned version) run: | git clone https://github.com/Picodes/4naly3er cd 4naly3er - git checkout + git checkout 7b2c1f6a9c3d4e5f8a1b2c3d4e5f6a7b8c9d0e1f rm -f src/issues/NC/uselessOverride.ts || true corepack enable yarn install --frozen-lockfile From cafd272f7c1834b5c5b62faefe86cd394a58b967 Mon Sep 17 00:00:00 2001 From: Aniket Date: Fri, 27 Mar 2026 16:48:59 +0530 Subject: [PATCH 22/28] Update .github/workflows/contract-size.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/contract-size.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/workflows/contract-size.yml b/.github/workflows/contract-size.yml index aed58f0..483ef3f 100644 --- a/.github/workflows/contract-size.yml +++ b/.github/workflows/contract-size.yml @@ -25,21 +25,18 @@ jobs: run: | forge build --sizes 2>&1 | tee sizes.txt # Fail if any contract is >= 23616 bytes (warn zone before 24KB EIP-170 limit) - if awk ' + if awk -F '[│|]' ' BEGIN { found = 0 } - /^\s*\|/ && $0 !~ /Contract/ { - size = 0 - for (i = 1; i <= NF; i++) { - if ($i ~ /^[0-9]+$/) { - size = $i - } - } - if (size + 0 >= 23616) { + /^\s*[│|]/ && $0 !~ /Contract/ { + deployed = $3 + gsub(/[,[:space:]]/, "", deployed) + if (deployed ~ /^[0-9]+$/ && deployed + 0 >= 23616) { print found = 1 } } END { exit(found ? 0 : 1) } + ' sizes.txt; then ' sizes.txt; then echo "❌ One or more contracts are dangerously close to or over the 24KB limit." exit 1 From 631ca6a961ddb16dfc9d94de7bedda5c86e260a0 Mon Sep 17 00:00:00 2001 From: Aniket Date: Fri, 27 Mar 2026 16:49:13 +0530 Subject: [PATCH 23/28] Update .github/workflows/mythril.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/mythril.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/mythril.yml b/.github/workflows/mythril.yml index 12f411b..dda1749 100644 --- a/.github/workflows/mythril.yml +++ b/.github/workflows/mythril.yml @@ -33,7 +33,9 @@ jobs: if [ -n "$CONTRACT" ] && [ -n "$BYTECODE" ] && [ "$BYTECODE" != "0x" ]; then echo "🔍 Scanning $CONTRACT from $artifact ..." docker run --rm \ - mythril/myth analyze "$BYTECODE" \ + mythril/myth analyze \ + -c "$BYTECODE" \ + --bin-runtime \ --execution-timeout 60 fi done From c1ffe5301690f175451f21af1eeeb5d0abbb39ab Mon Sep 17 00:00:00 2001 From: Aniket Date: Fri, 27 Mar 2026 16:59:15 +0530 Subject: [PATCH 24/28] Update .github/workflows/mythril.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .github/workflows/mythril.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/mythril.yml b/.github/workflows/mythril.yml index dda1749..b79520c 100644 --- a/.github/workflows/mythril.yml +++ b/.github/workflows/mythril.yml @@ -30,6 +30,8 @@ jobs: find out -name "*.json" | while read artifact; do CONTRACT=$(jq -r '.contractName // empty' "$artifact") BYTECODE=$(jq -r '.deployedBytecode.object // empty' "$artifact") + if [ -n "$CONTRACT" ] && [ -n "$BYTECODE" ] && [ "$BYTECODE" != "0x" ]; then + BYTECODE=$(jq -r '.deployedBytecode.object // empty' "$artifact") if [ -n "$CONTRACT" ] && [ -n "$BYTECODE" ] && [ "$BYTECODE" != "0x" ]; then echo "🔍 Scanning $CONTRACT from $artifact ..." docker run --rm \ From 835e9b4b9b3b9164b11c86d46afccc505c21792e Mon Sep 17 00:00:00 2001 From: Aniket Date: Fri, 27 Mar 2026 23:45:08 +0530 Subject: [PATCH 25/28] Code rabbit follow-up --- .github/workflows/4naly3er.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index decf4f1..7693c95 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -1,41 +1,33 @@ name: 4naly3er Report - on: push: branches: [main, master] pull_request: branches: [main, master] - jobs: analyzer_4naly3er: name: 4naly3er Gas Optimization Report runs-on: ubuntu-latest - steps: - name: Checkout repo uses: actions/checkout@v4 with: submodules: recursive - - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: "20" - - - name: Install 4naly3er (pinned version) + - name: Install 4naly3er run: | git clone https://github.com/Picodes/4naly3er cd 4naly3er - git checkout 7b2c1f6a9c3d4e5f8a1b2c3d4e5f6a7b8c9d0e1f rm -f src/issues/NC/uselessOverride.ts || true corepack enable yarn install --frozen-lockfile - - name: Run 4naly3er on src/ run: | cd 4naly3er yarn analyze ../src ../4naly3er-report.md - - name: Upload 4naly3er report uses: actions/upload-artifact@v4 with: From 4a4121053333ef077e79d7be9b7a28d45eb8c805 Mon Sep 17 00:00:00 2001 From: Aniket Date: Fri, 27 Mar 2026 23:45:30 +0530 Subject: [PATCH 26/28] Code rabbit follow-up --- .github/workflows/contract-size.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/contract-size.yml b/.github/workflows/contract-size.yml index 483ef3f..c20ea63 100644 --- a/.github/workflows/contract-size.yml +++ b/.github/workflows/contract-size.yml @@ -1,14 +1,11 @@ name: Contract Size Check - on: push: branches: [main, master] pull_request: branches: [main, master] - env: FOUNDRY_PROFILE: ci - jobs: contract-size: name: Contract Size Check @@ -17,17 +14,15 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive - - name: Install Foundry uses: foundry-rs/foundry-toolchain@v1 - - name: Build and check contract sizes run: | forge build --sizes 2>&1 | tee sizes.txt # Fail if any contract is >= 23616 bytes (warn zone before 24KB EIP-170 limit) - if awk -F '[│|]' ' + if awk -F '[|]' ' BEGIN { found = 0 } - /^\s*[│|]/ && $0 !~ /Contract/ { + /^\s*[|]/ && $0 !~ /Contract/ { deployed = $3 gsub(/[,[:space:]]/, "", deployed) if (deployed ~ /^[0-9]+$/ && deployed + 0 >= 23616) { @@ -36,7 +31,6 @@ jobs: } } END { exit(found ? 0 : 1) } - ' sizes.txt; then ' sizes.txt; then echo "❌ One or more contracts are dangerously close to or over the 24KB limit." exit 1 From e14020cffd9f7c85fa3fc6835d1395919e383c26 Mon Sep 17 00:00:00 2001 From: Aniket Date: Fri, 27 Mar 2026 23:45:45 +0530 Subject: [PATCH 27/28] Code rabbit follow-up --- .github/workflows/mythril.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/mythril.yml b/.github/workflows/mythril.yml index b79520c..8127b0c 100644 --- a/.github/workflows/mythril.yml +++ b/.github/workflows/mythril.yml @@ -1,14 +1,11 @@ name: Mythril Security Scan - on: push: branches: [main, master] pull_request: branches: [main, master] - env: FOUNDRY_PROFILE: ci - jobs: mythril: name: Mythril Security Scan @@ -17,21 +14,16 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive - - name: Install Foundry uses: foundry-rs/foundry-toolchain@v1 - - name: Build contracts run: forge build - - name: Run Mythril on all contracts run: | sudo apt-get update && sudo apt-get install -y jq find out -name "*.json" | while read artifact; do CONTRACT=$(jq -r '.contractName // empty' "$artifact") BYTECODE=$(jq -r '.deployedBytecode.object // empty' "$artifact") - if [ -n "$CONTRACT" ] && [ -n "$BYTECODE" ] && [ "$BYTECODE" != "0x" ]; then - BYTECODE=$(jq -r '.deployedBytecode.object // empty' "$artifact") if [ -n "$CONTRACT" ] && [ -n "$BYTECODE" ] && [ "$BYTECODE" != "0x" ]; then echo "🔍 Scanning $CONTRACT from $artifact ..." docker run --rm \ From c37c2ed994e064e27721f8732ca3015c372b6d6e Mon Sep 17 00:00:00 2001 From: Aniket Date: Fri, 27 Mar 2026 23:47:46 +0530 Subject: [PATCH 28/28] Fixing-ci-fails --- .github/workflows/4naly3er.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/4naly3er.yml b/.github/workflows/4naly3er.yml index 7693c95..eec8089 100644 --- a/.github/workflows/4naly3er.yml +++ b/.github/workflows/4naly3er.yml @@ -23,7 +23,7 @@ jobs: cd 4naly3er rm -f src/issues/NC/uselessOverride.ts || true corepack enable - yarn install --frozen-lockfile + yarn install - name: Run 4naly3er on src/ run: | cd 4naly3er