From 87387c363e1d0dcf5227d95029b9f98b0ee8e754 Mon Sep 17 00:00:00 2001 From: Valentin Madrid <94240868+valentinmadrid@users.noreply.github.com> Date: Fri, 22 Sep 2023 14:39:10 +0200 Subject: [PATCH 1/3] Update README.md --- README.md | 54 ++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 48 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 4262f701..e175d610 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,57 @@ -# Squads Multisig Program V4 +# Squads V4 program -## Build Verification +The Squads V4 program is the latest release of the Squads multisig protocol. This program was designed to be used as a solution for on-chain treasury and smart contract management on Solana, as well as for a variety of Fintech applications that require strong security fundamentals. -You can use [Solana Verify CLI](https://github.com/Ellipsis-Labs/solana-verifiable-build) to verify that the program deployed at `SQDS4ep65T869zMMBKyuUq6aD6EgTu8psMjkvj52pCf` matches the code in this repository. After installing the CLI, run: +## Content +This repository contains: + + - The Squads Protocol V4 Solana program. + - The `@sqds/multisig` Typescript SDK to interact with the Squads V4 program. + - The `squads-multisig` crate to interact with the Squads V4 program in Solana programs as well as Rust client applications. + +## Smart contract Adresses + +The Squads Protocol V4 program is deployed to: + + - Solana Mainnet-beta: `SQDS4ep65T869zMMBKyuUq6aD6EgTu8psMjkvj52pCf` + - Solana Devnet: `SQDS4ep65T869zMMBKyuUq6aD6EgTu8psMjkvj52pCf` + +Both deployments can be verified using the [Ellipsis Labs verifiable build](https://github.com/Ellipsis-Labs/solana-verifiable-build) tool. + +### Verifying the code +First, compile the programs code from the `Squads-Protocol/v4` Github repository to get its bytecode. +``` +git clone https://github.com/Squads-Protocol/v4.git +``` ``` -solana-verify verify-from-repo --current-dir -um --library-name multisig --program-id SQDS4ep65T869zMMBKyuUq6aD6EgTu8psMjkvj52pCf https://github.com/Squads-Protocol/v4 +anchor build ``` +Now, install the [Ellipsis Labs verifiable build](https://crates.io/crates/solana-verify) crate. +``` +cargo install solana-verify +``` +Get the executable hash of the bytecode from the Squads program that was compiled. +``` +solana-verify get-executable-hash target/deploy/multisig.so +``` +Get the hash from the bytecode of the on-chain Squads program you want to verify. +``` +solana-verify get-program-hash -u SQDS4ep65T869zMMBKyuUq6aD6EgTu8psMjkvj52pCf +``` +If the hash outputs of those two commands match, the code in the repository matches the on-chain programs code. + +## Usage +Instructions on how to interact with the Squads V4 program can be found in [the Squads developer portal](https://developers.squads.so). + +## Security +The Squads protocol has undergone various independent audits by leading cybersecurity and blockchain smart contract auditing firms. -This may take a while as it builds the program inside Docker, then verifies that the build hash matches the deployed program hash. The verification process is much faster on a non-ARM machine. +Here is a list of the reports: + - Trails of Bits: + - Neodyme + - XYZ ## License @@ -18,4 +60,4 @@ The primary license for Squads Multisig Program V4 is the Business Source Licens - The file is derived from code released under the [Apache 2.0 license](https://github.com/coral-xyz/anchor/blob/master/LICENSE) at . - The file is derived from code released under both the [Apache 2.0 license](https://github.com/near/borsh-rs/blob/master/LICENSE-APACHE) and the [MIT license](https://github.com/near/borsh-rs/blob/master/LICENSE-MIT) at and . -To the extent that each such file incorporates code from another source, such code is licensed under its respective open source license as provided above, and the original open source code is copyrighted by its respective owner as provided above. \ No newline at end of file +To the extent that each such file incorporates code from another source, such code is licensed under its respective open source license as provided above, and the original open source code is copyrighted by its respective owner as provided above. From 4b0dc243e084f8bdfacceeca005dc011af9c1973 Mon Sep 17 00:00:00 2001 From: Valentin Madrid <94240868+valentinmadrid@users.noreply.github.com> Date: Mon, 25 Sep 2023 17:23:47 +0200 Subject: [PATCH 2/3] Update README.md --- README.md | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e175d610..b32a10c4 100644 --- a/README.md +++ b/README.md @@ -19,11 +19,37 @@ The Squads Protocol V4 program is deployed to: Both deployments can be verified using the [Ellipsis Labs verifiable build](https://github.com/Ellipsis-Labs/solana-verifiable-build) tool. +### Compiling and testing + +You can compile the code with Anchor. +``` +anchor build +``` +If you do not have the Solana Anchor framework CLI installed, you can do so by following [this guide](https://www.anchor-lang.com/docs/installation). + +To deploy the program on a local validator instance for testing or development purposes, you can create a local instance by running this command from the [Solana CLI](https://docs.solana.com/cli/install-solana-cli-tools). +``` +solana-test-validator +``` +To run the tests, first install the node modules for the repository. +``` +yarn +``` +or +``` +npm install +``` +And run these tests with this command: +``` +yarn test +``` + ### Verifying the code First, compile the programs code from the `Squads-Protocol/v4` Github repository to get its bytecode. ``` git clone https://github.com/Squads-Protocol/v4.git ``` + ``` anchor build ``` @@ -41,6 +67,7 @@ solana-verify get-program-hash -u SQDS4ep65T869zMMBKyuUq6aD6EgTu8p ``` If the hash outputs of those two commands match, the code in the repository matches the on-chain programs code. + ## Usage Instructions on how to interact with the Squads V4 program can be found in [the Squads developer portal](https://developers.squads.so). @@ -49,7 +76,8 @@ The Squads protocol has undergone various independent audits by leading cybersec Here is a list of the reports: - - Trails of Bits: +TO DO!! + - Trail of Bits: - Neodyme - XYZ From 76dee56e3e2d4a28b6a58faeba151ef1b99e7925 Mon Sep 17 00:00:00 2001 From: slg Date: Mon, 25 Sep 2023 14:05:37 -0400 Subject: [PATCH 3/3] Update README.md --- README.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/README.md b/README.md index b32a10c4..7701ace9 100644 --- a/README.md +++ b/README.md @@ -74,12 +74,6 @@ Instructions on how to interact with the Squads V4 program can be found in [the ## Security The Squads protocol has undergone various independent audits by leading cybersecurity and blockchain smart contract auditing firms. -Here is a list of the reports: - -TO DO!! - - Trail of Bits: - - Neodyme - - XYZ ## License