Merge pull request #3 from firstbatchxyz/caglacelik/audit-fixes

Audit fixes

.env.example

@@ -8,6 +8,6 @@ BASE_MAIN_RPC_URL=
 # Testnet
 BASE_TEST_RPC_URL=https://sepolia.base.org
 
-# Blockscout API Key
+# Blockscout API Key (RQUIRED FOR CONTRACT VERIFICATION)
 # Foundry expects the API key to be defined as ETHERSCAN_API_KEY
 ETHERSCAN_API_KEY=

.gitignore

@@ -2,7 +2,7 @@
 cache/
 out/
 
-# coverage
+# Coverage
 coverage/
 
 # Ignores development broadcast logs
@@ -11,24 +11,13 @@ coverage/
 /broadcast/*/84532/
 /broadcast/**/dry-run/
 
-# Docs
-docs/
-
-# Dotenv file
-.env
-
 # Forge files
 cache/
 out/
 storage/
 
-# gas snapshot
+# Gas snapshot
 .gas-snapshot/
 
-# Ignores development broadcast logs
-!/broadcast
-/broadcast/*/31337/
-/broadcast/**/dry-run/
-
 # Dotenv file
 .env

Makefile

@@ -1,9 +1,11 @@
 -include .env
 
-.PHONY: build test local-key base-sepolia-key deploy anvil install update doc
+.PHONY: build test local-key base-sepolia-key deploy update
 
 # Capture the network name
 network := $(word 2, $(MAKECMDGOALS))
+contractAddress := $(word 3, $(MAKECMDGOALS))
+contractName := $(word 4, $(MAKECMDGOALS))
 
 # Default to forked base-sepolia network
 KEY_NAME := local-key
@@ -18,17 +20,25 @@ endif
 install:
 	forge install foundry-rs/forge-std --no-commit && forge install firstbatchxyz/dria-oracle-contracts --no-commit && forge install OpenZeppelin/openzeppelin-contracts --no-commit && forge install OpenZeppelin/openzeppelin-foundry-upgrades --no-commit && forge install OpenZeppelin/openzeppelin-contracts-upgradeable --no-commit
 
+# Update modules
+update:
+	forge update
+
 # Build the contracts
 build:
-	forge clean && forge build
+	forge build
 
-# Generate gas snapshot under snapshots directory
+# Generate gas snapshot
 snapshot:
 	forge snapshot
 
-# Test the contracts on forked base-sepolia network
+# Test the contracts forked base-sepolia network with 4 parallel jobs
 test:
-	forge clean && forge test --fork-url $(BASE_TEST_RPC_URL)
+	forge test --fork-url $(BASE_TEST_RPC_URL) --no-match-contract "InvariantTest" --jobs 4
+
+# Run invariant tests on local network with 4 parallel jobs
+test-inv:
+	forge test --match-contract "InvariantTest" --jobs 4
 
 anvil:
 	anvil --fork-url $(BASE_TEST_RPC_URL)
@@ -45,7 +55,19 @@ deploy:
 doc:
 	forge doc
 
-# TODO: forge-verify
+# Format code
+fmt:
+	forge fmt
+
+# Coverage
+cov:
+	forge coverage --no-match-coverage "(test|mock|script)" --jobs 4
+
+# Verify contract on blockscout
+verify:
+	forge verify-contract $(contractAddress) src/$(contractName).sol:$(contractName) --verifier blockscout --verifier-url https://base-sepolia.blockscout.com/api/
 
-# Prevent make from interpreting the network name as a target
-$(eval $(network):;@:)
+# Prevent make from interpreting params as a target
+$(eval $(network):;@:)
+$(eval $(contractAddress):;@:)
+$(eval $(contractName):;@:)

README.md

@@ -1,10 +1,8 @@
 # Swan Protocol
+Swan is a **Decentralized Protocol** where AI agents (buyers) dynamically interact with asset creators. Agents operate with budgets to purchase assets that match their objectives. Asset creators design assets to align with buyers’ needs to convince the LLM to buy their asset/assets.
 
-This document provides instructions for swan contracts using Foundry.
-
-## Test
-
-Compile the contracts:
+## Compile
+Compile the contracts with:
 
 ```sh
 make build
@@ -14,32 +12,19 @@ make build
 >
 > Please prepare a valid `.env` according to `.env.example` before running tests.
 
-Run tests on forked base-sepolia:
-
-```sh
-make test
-```
-
-## Coverage
+## Test
 
-Check coverages with:
+Run tests on forked base-sepolia with:
 
 ```sh
-bash coverage.sh
+make test
 ```
 
-You can see coverages under the coverage directory.
-
-## Storage Layout
-
-Get storage layout with:
-
+Run invariant tests on local with:
 ```sh
-bash storage.sh
+make test-inv
 ```
 
-You can see storage layouts under the storage directory.
-
 ## Deployment
 
 **Step 1.**
@@ -97,6 +82,54 @@ make deploy base-sepolia
 
 You can see deployed contract addresses under the `deployment/<chainid>.json`
 
+## Verify Contract
+
+Verify contract manually with:
+
+```sh
+make verify base-sepolia <contractAddress> <contractName>
+```
+## Coverage
+
+Check coverages with:
+
+```sh
+bash coverage.sh
+```
+or to see summarized coverages on terminal:
+
+```sh
+make cov
+```
+
+You can see coverages under the coverage directory.
+
+## Storage Layout
+
+Get storage layout with:
+
+```sh
+bash storage.sh
+```
+
+You can see storage layouts under the storage directory.
+
+## Format
+
+Format code with:
+
+```sh
+make fmt
+```
+
+## Update
+
+Update modules with:
+
+```sh
+make update
+```
+
 ## Gas Snapshot
 
 Take the gas snapshot with:
@@ -109,6 +142,8 @@ You can see the snapshot `.gas-snapshot` file in the current directory.
 
 ## Generate documentation
 
+Generate documentation with:
+
 ```sh
 make doc
 ```

coverage.sh

@@ -7,7 +7,7 @@ set -e
 forge coverage \
     --report lcov \
     --report summary \
-    --no-match-coverage "(test|mock|token)" 
+    --no-match-coverage "(test|mock|script)" 
 
 # Install lcov
 brew install lcov

deployment/31337.json

@@ -1,16 +1,16 @@
 {
   "LLMOracleRegistry": {
-    "proxyAddr": "0x9fe46736679d2d9a65f0992f2272de9f3c7fa6e0",
-    "implAddr": "0xe7f1725e7734ce288f8367e1bb143e90bb3f0512"
+    "proxyAddr": "0x90193c961a926261b756d1e5bb255e67ff9498a1",
+    "implAddr": "0x34a1d3fff3958843c43ad80f30b94c510645c316"
   },
   "LLMOracleCoordinator": {
-    "proxyAddr": "0xdc64a140aa3e981100a9beca4e685f962f0cf6c9",
-    "implAddr": "0xcf7ed3acca5a467e9e704c703e8d87f634fb0fc9"
+    "proxyAddr": "0xbb2180ebd78ce97360503434ed37fcf4a1df61c3",
+    "implAddr": "0xa8452ec99ce0c64f20701db7dd3abdb607c00496"
   },
   "Swan": {
-    "proxyAddr": "0x2279b7a0a67db372996a5fab50d91eaa73d2ebe6",
-    "implAddr": "0xa513e6e4b8f2a923d98304ec87f64353c4d5c853"
+    "proxyAddr": "0xdeb1e9a6be7baf84208bb6e10ac9f9bbe1d70809",
+    "implAddr": "0x62c20aa1e0272312bc100b4e23b4dc1ed96dd7d1"
   },
-  "BuyerAgentFactory": "0x5fc8d32690cc91d4c39d9d3abcbd16989f875707",
-  "SwanAssetFactory": "0x0165878a594ca255338adfa4d48449f69242eb8f"
+  "BuyerAgentFactory": "0xdb8cff278adccf9e9b5da745b44e754fc4ee3c76",
+  "SwanAssetFactory": "0x50eef481cae4250d252ae577a09bf514f224c6c4"
 }

docs/.gitignore

@@ -0,0 +1 @@
+book/

docs/book.css

@@ -0,0 +1,13 @@
+table {
+    margin: 0 auto;
+    border-collapse: collapse;
+    width: 100%;
+}
+
+table td:first-child {
+    width: 15%;
+}
+
+table td:nth-child(2) {
+    width: 25%;
+}

docs/book.toml

@@ -0,0 +1,12 @@
+[book]
+src = "src"
+title = ""
+
+[output.html]
+no-section-label = true
+additional-js = ["solidity.min.js"]
+additional-css = ["book.css"]
+git-repository-url = "https://github.com/firstbatchxyz/swan-contracts"
+
+[output.html.fold]
+enable = true

docs/solidity.min.js

@@ -0,0 +1,74 @@
+hljs.registerLanguage("solidity",(()=>{"use strict";function e(){try{return!0
+}catch(e){return!1}}
+var a=/-?(\b0[xX]([a-fA-F0-9]_?)*[a-fA-F0-9]|(\b[1-9](_?\d)*(\.((\d_?)*\d)?)?|\.\d(_?\d)*)([eE][-+]?\d(_?\d)*)?|\b0)(?!\w|\$)/
+;e()&&(a=a.source.replace(/\\b/g,"(?<!\\$)\\b"));var s={className:"number",
+begin:a,relevance:0},n={
+keyword:"assembly let function if switch case default for leave break continue u256 jump jumpi stop return revert selfdestruct invalid",
+built_in:"add sub mul div sdiv mod smod exp not lt gt slt sgt eq iszero and or xor byte shl shr sar addmod mulmod signextend keccak256 pc pop dup1 dup2 dup3 dup4 dup5 dup6 dup7 dup8 dup9 dup10 dup11 dup12 dup13 dup14 dup15 dup16 swap1 swap2 swap3 swap4 swap5 swap6 swap7 swap8 swap9 swap10 swap11 swap12 swap13 swap14 swap15 swap16 mload mstore mstore8 sload sstore msize gas address balance selfbalance caller callvalue calldataload calldatasize calldatacopy codesize codecopy extcodesize extcodecopy returndatasize returndatacopy extcodehash create create2 call callcode delegatecall staticcall log0 log1 log2 log3 log4 chainid origin gasprice basefee blockhash coinbase timestamp number difficulty gaslimit",
+literal:"true false"},i={className:"string",
+begin:/\bhex'(([0-9a-fA-F]{2}_?)*[0-9a-fA-F]{2})?'/},t={className:"string",
+begin:/\bhex"(([0-9a-fA-F]{2}_?)*[0-9a-fA-F]{2})?"/};function r(e){
+return e.inherit(e.APOS_STRING_MODE,{begin:/(\bunicode)?'/})}function l(e){
+return e.inherit(e.QUOTE_STRING_MODE,{begin:/(\bunicode)?"/})}var o={
+SOL_ASSEMBLY_KEYWORDS:n,baseAssembly:e=>{
+var a=r(e),o=l(e),c=/[A-Za-z_$][A-Za-z_$0-9.]*/,d=e.inherit(e.TITLE_MODE,{
+begin:/[A-Za-z$_][0-9A-Za-z$_]*/,lexemes:c,keywords:n}),u={className:"params",
+begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,lexemes:c,keywords:n,
+contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,a,o,s]},_={
+className:"operator",begin:/:=|->/};return{keywords:n,lexemes:c,
+contains:[a,o,i,t,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,s,_,{
+className:"function",lexemes:c,beginKeywords:"function",end:"{",excludeEnd:!0,
+contains:[d,u,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,_]}]}},
+solAposStringMode:r,solQuoteStringMode:l,HEX_APOS_STRING_MODE:i,
+HEX_QUOTE_STRING_MODE:t,SOL_NUMBER:s,isNegativeLookbehindAvailable:e}
+;const{baseAssembly:c,solAposStringMode:d,solQuoteStringMode:u,HEX_APOS_STRING_MODE:_,HEX_QUOTE_STRING_MODE:m,SOL_NUMBER:b,isNegativeLookbehindAvailable:E}=o
+;return e=>{for(var a=d(e),s=u(e),n=[],i=0;i<32;i++)n[i]=i+1
+;var t=n.map((e=>8*e)),r=[];for(i=0;i<=80;i++)r[i]=i
+;var l=n.map((e=>"bytes"+e)).join(" ")+" ",o=t.map((e=>"uint"+e)).join(" ")+" ",g=t.map((e=>"int"+e)).join(" ")+" ",M=[].concat.apply([],t.map((e=>r.map((a=>e+"x"+a))))),p={
+keyword:"var bool string int uint "+g+o+"byte bytes "+l+"fixed ufixed "+M.map((e=>"fixed"+e)).join(" ")+" "+M.map((e=>"ufixed"+e)).join(" ")+" enum struct mapping address new delete if else for while continue break return throw emit try catch revert unchecked _ function modifier event constructor fallback receive error virtual override constant immutable anonymous indexed storage memory calldata external public internal payable pure view private returns import from as using pragma contract interface library is abstract type assembly",
+literal:"true false wei gwei szabo finney ether seconds minutes hours days weeks years",
+built_in:"self this super selfdestruct suicide now msg block tx abi blockhash gasleft assert require Error Panic sha3 sha256 keccak256 ripemd160 ecrecover addmod mulmod log0 log1 log2 log3 log4"
+},O={className:"operator",begin:/[+\-!~*\/%<>&^|=]/
+},C=/[A-Za-z_$][A-Za-z_$0-9]*/,N={className:"params",begin:/\(/,end:/\)/,
+excludeBegin:!0,excludeEnd:!0,lexemes:C,keywords:p,
+contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,a,s,b,"self"]},f={
+begin:/\.\s*/,end:/[^A-Za-z0-9$_\.]/,excludeBegin:!0,excludeEnd:!0,keywords:{
+built_in:"gas value selector address length push pop send transfer call callcode delegatecall staticcall balance code codehash wrap unwrap name creationCode runtimeCode interfaceId min max"
+},relevance:2},y=e.inherit(e.TITLE_MODE,{begin:/[A-Za-z$_][0-9A-Za-z$_]*/,
+lexemes:C,keywords:p}),w={className:"built_in",
+begin:(E()?"(?<!\\$)\\b":"\\b")+"(gas|value|salt)(?=:)"};function x(e,a){return{
+begin:(E()?"(?<!\\$)\\b":"\\b")+e+"\\.\\s*",end:/[^A-Za-z0-9$_\.]/,
+excludeBegin:!1,excludeEnd:!0,lexemes:C,keywords:{built_in:e+" "+a},
+contains:[f],relevance:10}}var h=c(e),v=e.inherit(h,{
+contains:h.contains.concat([{begin:/\./,end:/[^A-Za-z0-9$.]/,excludeBegin:!0,
+excludeEnd:!0,keywords:{built_in:"slot offset length address selector"},
+relevance:2},{begin:/_/,end:/[^A-Za-z0-9$.]/,excludeBegin:!0,excludeEnd:!0,
+keywords:{built_in:"slot offset"},relevance:2}])});return{aliases:["sol"],
+keywords:p,lexemes:C,
+contains:[a,s,_,m,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,b,w,O,{
+className:"function",lexemes:C,
+beginKeywords:"function modifier event constructor fallback receive error",
+end:/[{;]/,excludeEnd:!0,
+contains:[y,N,w,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE],illegal:/%/
+},x("msg","gas value data sender sig"),x("block","blockhash coinbase difficulty gaslimit basefee number timestamp chainid"),x("tx","gasprice origin"),x("abi","decode encode encodePacked encodeWithSelector encodeWithSignature encodeCall"),x("bytes","concat"),f,{
+className:"class",lexemes:C,beginKeywords:"contract interface library",end:"{",
+excludeEnd:!0,illegal:/[:"\[\]]/,contains:[{beginKeywords:"is",lexemes:C
+},y,N,w,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{lexemes:C,
+beginKeywords:"struct enum",end:"{",excludeEnd:!0,illegal:/[:"\[\]]/,
+contains:[y,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{
+beginKeywords:"import",end:";",lexemes:C,keywords:"import from as",
+contains:[y,a,s,_,m,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,O]},{
+beginKeywords:"using",end:";",lexemes:C,keywords:"using for",
+contains:[y,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,O]},{className:"meta",
+beginKeywords:"pragma",end:";",lexemes:C,keywords:{
+keyword:"pragma solidity experimental abicoder",
+built_in:"ABIEncoderV2 SMTChecker v1 v2"},
+contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,e.inherit(a,{
+className:"meta-string"}),e.inherit(s,{className:"meta-string"})]},{
+beginKeywords:"assembly",end:/\b\B/,
+contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,e.inherit(v,{begin:"{",
+end:"}",endsParent:!0,contains:v.contains.concat([e.inherit(v,{begin:"{",
+end:"}",contains:v.contains.concat(["self"])})])})]}],illegal:/#/}}})());
+
+// Ugly hack to reload HLJS
+hljs.initHighlightingOnLoad();