Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: production release (missing tests) #21

Merged
merged 14 commits into from
Oct 9, 2024
Merged

chore: production release (missing tests) #21

merged 14 commits into from
Oct 9, 2024

Conversation

wei3erHase
Copy link
Member

No description provided.

0xGorilla and others added 13 commits October 2, 2024 15:47
@0xGorilla
feat: canary and release workflows (#14)
d247ea4
@0xGorilla
fix: npm workflows (#15)
22b19d4
@wei3erHase
feat: improving JS package (#12)
175303f
@wei3erHase
fix: cargo fmt (#18)
8dbf3fc
@wei3erHase
fix: validated lock time deltas (3mth,6,9,12) (#19)
d4f9644 
separating #13 into different PRs/commits
fixing the time-deltas to be the updated (shorter) ones: 3, 6, 9, 12
months
@wei3erHase
fix: validate system accounts (#20)
7e7cde4 
Fixes HAL-003

> ## Description
> In order to participate in a token locking process, a user needs to
first invoke the process_init entry point.
> 
> This entry point will create an account with the necessary size to
store the information provided in the next step of the process,
process_create .
> 
> The current version of this program is not checking that the provided
System Program and Rent Sysvar accounts corresponds to the correct
accounts, provided by the Solana Rust SDK.
> 
> Although there was not risk identified due to this lack of
restrictions, it is a good practice to implement this validations to
prevent any unexpected attack vector that might appear later.
@wei3erHase
feat: adding mint address validation at create (#17)
a0e0289 
Fixes HAL-002

> ## Description
> After the user invokes the process_init entry point, they need to
invoke the process_create entry point to store the necessary information
to participate in the token locking process.
> 
> A piece of information that the user has to provide is the source
token account, where the tokens will be subtracted to participate.
> 
> The mentioned token account is not validated to be a token account
corresponding to the L3 token, which is expected to be the token used.
> 
> As a result, any user can create a vesting_account that does with any
token different than L3 token.
> 
> The L3 team mentioned that this situation does not represent a risk,
since the information on chain will be used on an off-chain process.
> 
> However, it is considered a good practice to restrict the
functionalities of a program used in production to narrow down the
attack surface in order to prevent unexpected behaviors.
@wei3erHase
fix: remove total amounts (#22)
d520202
@wei3erHase
fix: rm mint address input param (#23)
f8b51b3
@wei3erHase
Merge branch 'main' into dev
c5ca462
@wei3erHase
fix: adding validation in process unlock (#24)
6c0fd6d
@wei3erHase
chore: production deployment (#25)
8420c98
@wei3erHase
fix: replace mainnet token (#26)
37c5f80
@wei3erHase wei3erHase changed the title chore: changes since RC chore: production release Oct 9, 2024
@wei3erHase wei3erHase changed the title chore: production release chore: production release (missing tests) Oct 9, 2024
@wei3erHase wei3erHase merged commit 17f922a into main Oct 9, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xGorilla 0xGorilla 0xGorilla approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wei3erHase @0xGorilla