release/v1 #150

artur-abliazimov · 2024-07-31T09:00:35Z

Summary by CodeRabbit

New Features
- Introduced a comprehensive environment configuration for asset management, including parameters for multiple cryptocurrencies.
- Added a new releaseInit function to initialize pool components with dynamic configurations.
Bug Fixes
- Updated validation methods in smart contracts for improved readability and consistency with best practices.
Changes
- Transitioned command references from "soroban" to "stellar" across deployment scripts and contract interactions for better framework alignment.
Documentation
- Enhanced clarity in environment variable declarations for better understanding and management of financial operations.
Chores
- Standardized naming conventions in configuration files for better consistency.

coderabbitai · 2024-07-31T09:00:49Z

Warning

Rate limit exceeded

@artur-abliazimov has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 1 minutes and 13 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Commits

Files that changed from the base of the PR and between 64689fa and 8ddc77c.

Walkthrough

The project has undergone significant enhancements, featuring updates to dependency versions, standardization of configuration section names, and a shift in contract interaction scripts from soroban to stellar. Additionally, new environment files expand asset management capabilities and refine contract initialization processes. These collective improvements enhance the project's functionality, maintainability, and compliance with Rust conventions.

Changes

Files	Change Summary
`Cargo.toml` (multiple paths)	Updated dependency versions for `soroban-sdk`, `soroban-token-sdk`, and `soroban-fixed-point-math`. Renamed `[dev_dependencies]` to `[dev-dependencies]` for consistency across various modules.
`src/lib.rs` (multiple paths)	Improved validation logic in `initialize` functions using `is_empty()`, enhancing readability while preserving panic conditions.
`deploy/scripts/*.sh`	Transitioned from `soroban` to `stellar` command in deployment scripts, indicating a framework shift.
`deploy/scripts/.mainnet.env`	Introduced environment variables for asset parameters, fee structures, and liquidity configurations essential for blockchain operations.
`deploy/scripts/.testnet.env`	Added configuration variables for asset management and financial protocol enhancements in a test environment.
`integration-tests/tests/*.ts`	Modified asset management logic in tests, updating references to align with new structure and functionalities.
`mocks/price-feed-mock/Cargo.toml`	Renamed `[dev_dependencies]` section to `[dev-dependencies]` for consistency.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant StellarAPI
    participant Contract

    User->>StellarAPI: Deploy Contract
    StellarAPI->>Contract: Deploy using stellar command
    Contract-->>StellarAPI: Confirmation
    StellarAPI-->>User: Deployment Success

🐇 In a world of code, so bright and new,
🐰 We hop along, with changes in view!
From soroban to stellar we dash,
With updates and fixes, we'll make a splash!
So here’s to the scripts, the tests, and the flow,
A happy little dance, let our functions glow! 🎉

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>.
- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit testing code for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai generate interesting stats about this repository and render them as a table.
- @coderabbitai show all the console.log statements in this repository.
- @coderabbitai read src/utils.ts and generate unit testing code.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 13

Outside diff range, codebase verification and nitpick comments (1)

deploy/scripts/.testnet.env (1)

Line range hint 1-7:
Sensitive information exposure: Secrets and public keys.

The file contains sensitive information such as secrets and public keys. Consider using environment variables or a secure vault to manage these secrets.

Tools

Gitleaks

11-12: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 2ae196f and 9de3bc0.

Files ignored due to path filters (13)

Cargo.lock is excluded by !**/*.lock
contracts/pool/src/tests/snapshots/budget_utilization.snap is excluded by !**/*.snap
deploy/artifacts/flash_loan_receiver_mock.wasm is excluded by !**/*.wasm
deploy/artifacts/pool.wasm is excluded by !**/*.wasm
deploy/artifacts/price_feed_mock.wasm is excluded by !**/*.wasm
deploy/testnet/artifacts/contract-bindings.zip is excluded by !**/*.zip
deploy/testnet/artifacts/debt_token.wasm is excluded by !**/*.wasm
deploy/testnet/artifacts/deployer.wasm is excluded by !**/*.wasm
deploy/testnet/artifacts/flash_loan_receiver_mock.wasm is excluded by !**/*.wasm
deploy/testnet/artifacts/pool.wasm is excluded by !**/*.wasm
deploy/testnet/artifacts/price_feed_mock.wasm is excluded by !**/*.wasm
deploy/testnet/artifacts/s_token.wasm is excluded by !**/*.wasm
deploy/testnet/artifacts/token.wasm is excluded by !**/*.wasm

Files selected for processing (20)

Cargo.toml (1 hunks)
contracts/debt-token/Cargo.toml (1 hunks)
contracts/debt-token/src/lib.rs (1 hunks)
contracts/deployer/Cargo.toml (1 hunks)
contracts/pool/Cargo.toml (1 hunks)
contracts/s-token/Cargo.toml (1 hunks)
contracts/s-token/src/lib.rs (1 hunks)
deploy/scripts/.mainnet.env (1 hunks)
deploy/scripts/.testnet.env (1 hunks)
deploy/scripts/borrow.sh (3 hunks)
deploy/scripts/create-bindings.sh (1 hunks)
deploy/scripts/deploy.sh (3 hunks)
deploy/scripts/deposit.sh (3 hunks)
deploy/scripts/faucet.sh (2 hunks)
deploy/scripts/upgrade.sh (2 hunks)
deploy/testnet/artifacts/.contracts (1 hunks)
integration-tests/tests/pool.sut.ts (12 hunks)
integration-tests/tests/pool/1.borrower.spec.ts (2 hunks)
integration-tests/tests/release.ts (1 hunks)
mocks/price-feed-mock/Cargo.toml (1 hunks)

Files skipped from review due to trivial changes (10)

contracts/debt-token/Cargo.toml
contracts/debt-token/src/lib.rs
contracts/deployer/Cargo.toml
contracts/pool/Cargo.toml
contracts/s-token/Cargo.toml
contracts/s-token/src/lib.rs
deploy/scripts/borrow.sh
deploy/scripts/deposit.sh
integration-tests/tests/pool/1.borrower.spec.ts
mocks/price-feed-mock/Cargo.toml

Additional context used

Shellcheck

deploy/scripts/upgrade.sh

[warning] 14-14: Declare and assign separately to avoid masking return values.

(SC2155)

[warning] 25-25: Declare and assign separately to avoid masking return values.

(SC2155)

deploy/scripts/deploy.sh

[warning] 11-11: Declare and assign separately to avoid masking return values.

(SC2155)

[warning] 20-20: Declare and assign separately to avoid masking return values.

(SC2155)

Gitleaks

deploy/testnet/artifacts/.contracts

1-2: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2-3: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

3-4: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

4-5: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

5-6: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

6-7: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

14-15: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

15-16: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

16-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

17-18: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

18-19: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

19-20: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

deploy/scripts/deploy.sh

46-46: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

49-49: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

52-52: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

85-85: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Additional comments not posted (20)

deploy/scripts/faucet.sh (2)

15-15: Ensure compatibility with the stellar command.

The command has been changed from soroban contract invoke to stellar contract invoke. Verify that the stellar command is correctly installed and configured in the environment.

3-3: Ensure compatibility with the stellar command.

The command has been changed from soroban contract invoke to stellar contract invoke. Verify that the stellar command is correctly installed and configured in the environment.

Cargo.toml (3)

38-38: Verify compatibility of soroban-token-sdk version 21.0.1-preview.3.

Ensure that the new version of soroban-token-sdk is compatible with the rest of the project and does not introduce breaking changes.

41-41: Verify compatibility of soroban-fixed-point-math version 1.1.1.

Ensure that the new version of soroban-fixed-point-math is compatible with the rest of the project and does not introduce breaking changes.

35-35: Verify compatibility of soroban-sdk version 21.0.1-preview.3.

Ensure that the new version of soroban-sdk is compatible with the rest of the project and does not introduce breaking changes.

deploy/scripts/create-bindings.sh (4)

9-13: LGTM!

The command has been correctly updated to use stellar instead of soroban.

15-19: LGTM!

The command has been correctly updated to use stellar instead of soroban.

21-25: LGTM!

The command has been correctly updated to use stellar instead of soroban.

Line range hint 27-31:
LGTM!

The command has been correctly updated to use stellar instead of soroban.

Tools

Shellcheck

[warning] 7-7: ShellCheck can't follow non-constant source. Use a directive to specify location.

(SC1090)

deploy/scripts/.mainnet.env (7)

1-7: LGTM!

The configuration settings for ADMIN_SECRET and base asset parameters are correctly defined.

8-12: LGTM!

The configuration settings for interest rates are correctly defined.

13-16: LGTM!

The configuration settings for minimum amounts and timestamp window are correctly defined.

18-21: LGTM!

The configuration settings for XLM are correctly defined.

23-26: LGTM!

The configuration settings for XRP are correctly defined.

28-31: LGTM!

The configuration settings for USDC are correctly defined.

33-64: LGTM!

The configuration settings for feeds are correctly defined.
integration-tests/tests/pool.sut.ts (3)
43-43: LGTM!

The addition of feed_asset_type enhances the granularity of asset information.

Line range hint 831-858:
LGTM! But verify the function usage in the codebase.

The code changes are approved.

However, ensure that all function calls to initPool match the new signature.

Verification successful

All function calls to initPool match the new signature.

The verification confirms that the changes have been correctly applied throughout the codebase.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify all function calls to `initPool` match the new signature.

# Test: Search for the function usage. Expect: Only occurrences of the new signature.
rg --type ts -A 5 $'initPool'
Length of output: 6321
83-83: LGTM! But verify the function usage in the codebase.

The code changes are approved.

However, ensure that all function calls to initPool match the new signature.

Verification successful

All initPool function calls match the new signature.

The verification confirms that the initPool function is consistently used with the new signature across the codebase.

integration-tests/tests/pool.sut.ts
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify all function calls to `initPool` match the new signature.

# Test: Search for the function usage. Expect: Only occurrences of the new signature.
rg --type ts -A 5 $'initPool'
Length of output: 6321
deploy/scripts/.testnet.env (1)

13-72: Configuration variables for asset management and protocol parameters.

The configuration variables enhance the functionality of the environment configuration by providing detailed settings for multiple assets. The changes are approved.

coderabbitai · 2024-07-31T09:13:57Z

integration-tests/tests/release.ts

+export async function main() {
+  const client = new SorobanClient();
+
+  process.env.NODE_ENV = 'mainnet';
+
+  await cleanSlenderEnvKeys();
+  await deploy();
+  await releaseInit(client)
+}


Consider adding error handling for async operations.

The async operations (cleanSlenderEnvKeys, deploy, and releaseInit) do not have error handling, which could lead to unhandled promise rejections.

export async function main() { const client = new SorobanClient(); process.env.NODE_ENV = 'mainnet'; - await cleanSlenderEnvKeys(); - await deploy(); - await releaseInit(client); + try { + await cleanSlenderEnvKeys(); + await deploy(); + await releaseInit(client); + } catch (error) { + console.error('Error during initialization:', error); + process.exit(1); + } }

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

export async function main() {

const client = new SorobanClient();

process.env.NODE_ENV = 'mainnet';

await cleanSlenderEnvKeys();

await deploy();

await releaseInit(client)

}

export async function main() {

const client = new SorobanClient();

process.env.NODE_ENV = 'mainnet';

try {

await cleanSlenderEnvKeys();

await deploy();

await releaseInit(client);

} catch (error) {

console.error('Error during initialization:', error);

process.exit(1);

}

}

coderabbitai · 2024-07-31T09:13:58Z

deploy/scripts/upgrade.sh

@@ -22,7 +22,7 @@ invoke() {
 }

 install() {
-    local hash=$(soroban contract install \
+    local hash=$(stellar contract install \


Fix Shellcheck warning SC2155.

Declare and assign separately to avoid masking return values.

- local hash=$(stellar contract install \ + local hash + hash=$(stellar contract install \

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

local hash=$(stellar contract install \

local hash

hash=$(stellar contract install \

Tools

Shellcheck

[warning] 25-25: Declare and assign separately to avoid masking return values.

(SC2155)

coderabbitai · 2024-07-31T09:13:58Z

deploy/scripts/upgrade.sh

@@ -11,7 +11,7 @@
 source $BASEDIR/.$1.env

 invoke() {
-    local result=$(soroban --verbose contract invoke \
+    local result=$(stellar --verbose contract invoke \


Fix Shellcheck warning SC2155.

Declare and assign separately to avoid masking return values.

- local result=$(stellar --verbose contract invoke \ + local result + result=$(stellar --verbose contract invoke \

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

local result=$(stellar --verbose contract invoke \

local result

result=$(stellar --verbose contract invoke \

Tools

Shellcheck

[warning] 14-14: Declare and assign separately to avoid masking return values.

(SC2155)

coderabbitai · 2024-07-31T09:13:58Z

deploy/testnet/artifacts/.contracts

+SLENDER_TOKEN_XLM=CDLZFC3SYJYDZT7K67VZ75HPJVIEUVNIXF47ZG2FB2RMQQVU2HHGCYSC
+SLENDER_TOKEN_XRP=CAOODR344VWG6LIL3J72IQ5CSJDAIQMBEO4DPRZMV3AYD36VCL47Y5OH
+SLENDER_TOKEN_USDC=CDTDX7KSIDDAXYPCHOEVMAH5UYGUEZW3PB7PAQKAIPBBTJ4NVNYNDN4Q
+SLENDER_TOKEN_RWA=CCA6W7VFNVWQHU5FQIZ6OHXABYZLNZ7MOL5CK2B2NFFN75OSRXCXINXK
+SLENDER_S_TOKEN_HASH=d14e8cf2e2c07ac4237e4804a50d02c717333ab2a1a4ed63cc63228e265b0a0d
+SLENDER_DEBT_TOKEN_HASH=aab6f670caa14f0e428bb592487e3bdfb10cc906967bb3139111409715d46b80


Sensitive information exposure: Token addresses and hashes.

The file contains sensitive information such as token addresses and hashes. Consider using environment variables or a secure vault to manage these secrets.

Tools

Gitleaks

1-2: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2-3: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

3-4: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

4-5: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

5-6: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T09:13:58Z

deploy/testnet/artifacts/.contracts

+SLENDER_S_TOKEN_XRP=CBXJI2JT3LXDDW3LE2S4XGFWMNGJX7RZ5667KH6IXRAZ4LMR365JJLPM
+SLENDER_S_TOKEN_USDC=CC54UFYIGACHNJ5YUWCA4QV7BRFXTCKXURLU2LFIFRMBU5WXN2LV7EDG
+SLENDER_S_TOKEN_XLM=CBQ2YPEPMH2JB5IX53NZVKJXPT3VGLOKME3XSX7MPXRPLVMHF5W4RYTR
+SLENDER_DEBT_TOKEN_XLM=CD6LOPW3CY57SSTTBLTEWCVVK4ZIRNTNKFE6COULDA3ZSK2OBERF6C6R
+SLENDER_DEBT_TOKEN_XRP=CBXNRH3LODCXPTSW4YDB2CNWMGQ6JTGG4TEW27OVG7C5DVMTGQVPXFX4
+SLENDER_DEBT_TOKEN_USDC=CBKPLSRWIWULHSJ3QW6WQSXM3N2TDEHLKFECS7HP2XGQFA5V2FYOTVFE


Sensitive information exposure: Token addresses and hashes.

The file contains sensitive information such as token addresses and hashes. Consider using environment variables or a secure vault to manage these secrets.

Tools

Gitleaks

14-15: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

15-16: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

16-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

17-18: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

18-19: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T09:13:58Z

deploy/scripts/deploy.sh


-echo "Admin's account has been funded"
+    TOKEN_XRP="CAAV3AE3VKD2P4TY7LWTQMMJHIJ4WOCZ5ANCIJPC3NRSERKVXNHBU2W7"


Sensitive information exposure: Hardcoded contract address.

The file contains hardcoded contract addresses. Consider using environment variables or a secure vault to manage these addresses.

Tools

Gitleaks

49-49: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T09:13:58Z

deploy/scripts/deploy.sh

-TOKEN_XLM=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)
-# TOKEN_XLM="CDLZFC3SYJYDZT7K67VZ75HPJVIEUVNIXF47ZG2FB2RMQQVU2HHGCYSC"
-echo "  XLM contract address: $TOKEN_XLM"
+    TOKEN_USDC="CCW67TSZV3SSS2HXMBQ5JFGCKJNXKZM7UQUWUZPUTHXSTZLEO7SJMI75"


Sensitive information exposure: Hardcoded contract address.

The file contains hardcoded contract addresses. Consider using environment variables or a secure vault to manage these addresses.

Tools

Gitleaks

52-52: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T09:13:58Z

deploy/scripts/deploy.sh

+    echo "Admin's account has been funded"
+
+    TOKEN_XLM=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)
+    # TOKEN_XLM="CDLZFC3SYJYDZT7K67VZ75HPJVIEUVNIXF47ZG2FB2RMQQVU2HHGCYSC"


Sensitive information exposure: Hardcoded contract address.

The file contains hardcoded contract addresses. Consider using environment variables or a secure vault to manage these addresses.

Tools

Gitleaks

85-85: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T09:13:58Z

deploy/scripts/deploy.sh

@@ -17,7 +17,7 @@
 }

 install() {
-    local hash=$(soroban contract install \
+    local hash=$(stellar contract install \


Shell script best practices: Declare and assign variables separately.

Declaring and assigning variables separately avoids masking return values.

- local hash=$(stellar contract install \ + local hash + hash=$(stellar contract install \

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

local hash=$(stellar contract install \

local hash

hash=$(stellar contract install \

Tools

Shellcheck

[warning] 20-20: Declare and assign separately to avoid masking return values.

(SC2155)

coderabbitai · 2024-07-31T09:13:58Z

deploy/scripts/deploy.sh

@@ -8,7 +8,7 @@
 source $BASEDIR/.$1.env

 deploy() {
-    local address=$(soroban contract deploy \
+    local address=$(stellar contract deploy \


Shell script best practices: Declare and assign variables separately.

Declaring and assigning variables separately avoids masking return values.

- local address=$(stellar contract deploy \ + local address + address=$(stellar contract deploy \

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

local address=$(stellar contract deploy \

local address

address=$(stellar contract deploy \

Tools

Shellcheck

[warning] 11-11: Declare and assign separately to avoid masking return values.

(SC2155)

coderabbitai

Actionable comments posted: 5

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 9de3bc0 and cb39e61.

Files selected for processing (4)

deploy/scripts/.mainnet.env (1 hunks)
deploy/scripts/.testnet.env (1 hunks)
deploy/scripts/deploy.sh (3 hunks)
integration-tests/tests/pool.sut.ts (12 hunks)

Files skipped from review due to trivial changes (1)

deploy/scripts/.mainnet.env

Additional context used

Gitleaks

deploy/scripts/deploy.sh

48-48: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

51-51: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

54-54: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

90-90: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Additional comments not posted (16)

deploy/scripts/.testnet.env (6)

13-14: Ensure correct decimal precision for BASE_ASSET.

The BASE_ASSET is set to USDC with BASE_ASSET_DECIMALS set to 7. Ensure that this precision matches the actual precision used in your system for USDC.

15-25: Review financial parameters for correctness.

The parameters such as FLASH_LOAN_FEE_BPS, GRACE_PERIOD_SEC, INITIAL_HEALTH_BPS, IR_ALPHA, IR_INITIAL_RATE_BPS, IR_MAX_RATE_BPS, IR_SCALING_COEFF_BPS, LIQUIDATION_PROTOCOL_FEE_BPS, MIN_COLLAT_AMOUNT_IN_BASE, MIN_DEBT_AMOUNT_IN_BASE, and TIMESTAMP_WINDOW_SEC are critical for financial operations. Ensure these values are correctly set according to your financial model and risk assessments.

26-26: Review USER_ASSET_LIMIT for appropriateness.

The USER_ASSET_LIMIT is set to 3. Ensure this limit aligns with your system's requirements and user expectations.

28-41: Review asset-specific parameters for correctness.

The parameters for XLM, XRP, and USDC such as DISCOUNT_BPS, PENALTY_ORDER, LIQUIDITY_CAP, and UTILIZATION_CAP are crucial for asset management. Ensure these values are correctly set according to your asset management strategy.

43-71: Review price feed configurations for accuracy.

The price feed configurations for XLM, XRP, and USDC such as FEED_ASSET_TYPE, FEED_DECIMALS, PRICE_FEED, PRICE_TWAP_RECORDS, PRICE_TIMESTAMP_PRECISION, DECIMALS, MIN_TIMESTAMP_DELTA, MAX_SANITY_PRICE_IN_BASE, and MIN_SANITY_PRICE_IN_BASE are critical for accurate price feeds. Ensure these values are correctly set according to your price feed provider and system requirements.

72-74: Verify SOROBAN URLs for correctness.

The SOROBAN_RPC_URL and FRIENDBOT_URL are set to specific endpoints. Ensure these URLs are correct and accessible.
deploy/scripts/deploy.sh (5)
36-46: Ensure correct handling of WASM files for mainnet.

The script copies and optimizes WASM files for the mainnet environment. Ensure the paths and commands are correct and that the optimization process is necessary and correctly implemented.

72-117: Ensure correct handling of WASM files for testnet.

The script copies and optimizes WASM files for the testnet environment. Ensure the paths and commands are correct and that the optimization process is necessary and correctly implemented.

Tools

Gitleaks

90-90: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

105-112: Ensure correct initialization of contracts.

The script initializes various contracts such as SToken, DebtToken, and Pool. Ensure the initialization process is correct and that the contracts are correctly deployed and configured.

117-117: Sensitive information exposure: Hardcoded contract addresses.

The file contains hardcoded contract addresses. Consider using environment variables or a secure vault to manage these addresses.
-    echo "  XLM contract address: $TOKEN_XLM"
-    echo "  XRP contract address: $TOKEN_XRP"
-    echo "  USDC contract address: $TOKEN_USDC"
-    echo "  RWA contract address: $TOKEN_RWA"
+    echo "  XLM contract address: $TOKEN_XLM"
+    echo "  XRP contract address: $TOKEN_XRP"
+    echo "  USDC contract address: $TOKEN_USDC"
+    echo "  RWA contract address: $TOKEN_RWA"
Likely invalid or redundant comment.

19-22: Adhere to shell script best practices: Declare and assign variables separately.

Declaring and assigning variables separately avoids masking return values.
-    local hash
-    hash=$(stellar contract install \
+    local hash
+    hash=$(stellar contract install \
        --wasm $1 \
        --source $2 \
        --rpc-url "$SOROBAN_RPC_URL" \
        --network-passphrase "$PASSPHRASE")
Likely invalid or redundant comment.
integration-tests/tests/pool.sut.ts (5)

43-43: Ensure consistency with feed_asset_type property.

The PriceFeed interface now includes a feed_asset_type property. Ensure this property is consistently used throughout the codebase and that it aligns with the expected data types and values.

83-83: Ensure correct initialization of the pool.

The init function has been modified to remove the base_asset parameter from the initPool function call. Ensure that the base_asset is correctly derived from environment variables or other sources.

211-257: Ensure correct configuration of price feeds.

The initPoolPriceFeed function call has been updated to include the feed_asset_type property. Ensure that the price feed configurations are correctly set and that the values are accurate and consistent with the rest of the system.

Line range hint 831-858:
Ensure correct initialization of the pool.

The initPool function has been modified to remove the base_asset parameter. Ensure that the base_asset is correctly derived from environment variables or other sources.

899-902: Ensure correct configuration of collateral.

The initPoolCollateral function call has been updated to include environment variables for asset-specific configurations. Ensure that the collateral configurations are correctly set and that the values are accurate and consistent with the rest of the system.

coderabbitai · 2024-07-31T09:43:09Z

deploy/scripts/deploy.sh

+    local address
+    address=$(stellar contract deploy \
        --wasm $1 \
        --source $2 \


Adhere to shell script best practices: Declare and assign variables separately.

Declaring and assigning variables separately avoids masking return values.

- local address - address=$(stellar contract deploy \ + local address + address=$(stellar contract deploy \ --wasm $1 \ --source $2 \ --rpc-url "$SOROBAN_RPC_URL" \ --network-passphrase "$PASSPHRASE")

Committable suggestion was skipped due to low confidence.

coderabbitai · 2024-07-31T09:43:10Z

deploy/scripts/deploy.sh

+    TOKEN_XLM=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)
+    # TOKEN_XLM="CDLZFC3SYJYDZT7K67VZ75HPJVIEUVNIXF47ZG2FB2RMQQVU2HHGCYSC"
+    echo "  XLM contract address: $TOKEN_XLM"
+
+    TOKEN_XRP=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)
+    echo "  XRP contract address: $TOKEN_XRP"
+
+    TOKEN_USDC=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)
+    echo "  USDC contract address: $TOKEN_USDC"
+
+    TOKEN_RWA=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)
+    echo "  RWA contract address: $TOKEN_RWA"
+


Sensitive information exposure: Hardcoded contract addresses.

The file contains hardcoded contract addresses. Consider using environment variables or a secure vault to manage these addresses.

- TOKEN_XLM=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET) - TOKEN_XRP=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET) - TOKEN_USDC=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET) - TOKEN_RWA=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET) + TOKEN_XLM=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET) + TOKEN_XRP=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET) + TOKEN_USDC=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET) + TOKEN_RWA=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)

Committable suggestion was skipped due to low confidence.

Tools

Gitleaks

90-90: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T09:43:10Z

deploy/scripts/deploy.sh

+    PRICE_FEED=$(deploy "$ARTIFACTS/price_feed_mock.wasm" $ADMIN_SECRET)
+    PRICE_FEED=$(addressFromResult $PRICE_FEED)
+    echo "  Price Feed contract address: $PRICE_FEED"
+fi


Sensitive information exposure: Hardcoded contract addresses.

The file contains hardcoded contract addresses. Consider using environment variables or a secure vault to manage these addresses.

- echo "SLENDER_TOKEN_XLM=$TOKEN_XLM" - echo "SLENDER_TOKEN_XRP=$TOKEN_XRP" - echo "SLENDER_TOKEN_USDC=$TOKEN_USDC" - echo "SLENDER_TOKEN_RWA=$TOKEN_RWA" + echo "SLENDER_TOKEN_XLM=$TOKEN_XLM" + echo "SLENDER_TOKEN_XRP=$TOKEN_XRP" + echo "SLENDER_TOKEN_USDC=$TOKEN_USDC" + echo "SLENDER_TOKEN_RWA=$TOKEN_RWA"

Committable suggestion was skipped due to low confidence.

coderabbitai · 2024-07-31T09:43:10Z

deploy/scripts/deploy.sh

+    TOKEN_XLM="CAS3J7GYLGXMF6TDJBBYYSE3HQ6BBSMLNUQ34T6TZMYMW2EVH34XOWMA"
+    echo "  XLM contract address: $TOKEN_XLM"

-echo "Admin's account has been funded"
+    TOKEN_XRP="CAAV3AE3VKD2P4TY7LWTQMMJHIJ4WOCZ5ANCIJPC3NRSERKVXNHBU2W7"
+    echo "  XRP contract address: $TOKEN_XRP"

-TOKEN_XLM=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)
-# TOKEN_XLM="CDLZFC3SYJYDZT7K67VZ75HPJVIEUVNIXF47ZG2FB2RMQQVU2HHGCYSC"
-echo "  XLM contract address: $TOKEN_XLM"
+    TOKEN_USDC="CCW67TSZV3SSS2HXMBQ5JFGCKJNXKZM7UQUWUZPUTHXSTZLEO7SJMI75"
+    echo "  USDC contract address: $TOKEN_USDC"

-TOKEN_XRP=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)
-echo "  XRP contract address: $TOKEN_XRP"
+    DEPLOYER=$(deploy "$ARTIFACTS/deployer.wasm" $ADMIN_SECRET)
+    echo "  Deployer contract address: $DEPLOYER"

-TOKEN_USDC=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)
-echo "  USDC contract address: $TOKEN_USDC"
+    S_TOKEN_HASH=$(install "$ARTIFACTS/s_token.wasm" $ADMIN_SECRET)
+    echo "  SToken wasm hash: $S_TOKEN_HASH"

-TOKEN_RWA=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)
-echo "  RWA contract address: $TOKEN_RWA"
+    DEBT_TOKEN_HASH=$(install "$ARTIFACTS/debt_token.wasm" $ADMIN_SECRET)
+    echo "  DebtToken wasm hash: $DEBT_TOKEN_HASH"

-DEPLOYER=$(deploy "$ARTIFACTS/deployer.wasm" $ADMIN_SECRET)
-echo "  Deployer contract address: $DEPLOYER"
+    PRICE_FEED="CALI2BYU2JE6WVRUFYTS6MSBNEHGJ35P4AVCZYF3B6QOE3QKOB2PLE6M"
+    echo "  Price Feed contract address: $PRICE_FEED"


Sensitive information exposure: Hardcoded contract addresses.

The file contains hardcoded contract addresses. Consider using environment variables or a secure vault to manage these addresses.

- TOKEN_XLM="CAS3J7GYLGXMF6TDJBBYYSE3HQ6BBSMLNUQ34T6TZMYMW2EVH34XOWMA" - TOKEN_XRP="CAAV3AE3VKD2P4TY7LWTQMMJHIJ4WOCZ5ANCIJPC3NRSERKVXNHBU2W7" - TOKEN_USDC="CCW67TSZV3SSS2HXMBQ5JFGCKJNXKZM7UQUWUZPUTHXSTZLEO7SJMI75" - PRICE_FEED="CALI2BYU2JE6WVRUFYTS6MSBNEHGJ35P4AVCZYF3B6QOE3QKOB2PLE6M" + TOKEN_XLM=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET) + TOKEN_XRP=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET) + TOKEN_USDC=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET) + PRICE_FEED=$(deploy "$ARTIFACTS/price_feed_mock.wasm" $ADMIN_SECRET)

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

TOKEN_XLM="CAS3J7GYLGXMF6TDJBBYYSE3HQ6BBSMLNUQ34T6TZMYMW2EVH34XOWMA"

echo " XLM contract address: $TOKEN_XLM"

echo "Admin's account has been funded"

TOKEN_XRP="CAAV3AE3VKD2P4TY7LWTQMMJHIJ4WOCZ5ANCIJPC3NRSERKVXNHBU2W7"

echo " XRP contract address: $TOKEN_XRP"

TOKEN_XLM=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)

# TOKEN_XLM="CDLZFC3SYJYDZT7K67VZ75HPJVIEUVNIXF47ZG2FB2RMQQVU2HHGCYSC"

echo " XLM contract address: $TOKEN_XLM"

TOKEN_USDC="CCW67TSZV3SSS2HXMBQ5JFGCKJNXKZM7UQUWUZPUTHXSTZLEO7SJMI75"

echo " USDC contract address: $TOKEN_USDC"

TOKEN_XRP=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)

echo " XRP contract address: $TOKEN_XRP"

DEPLOYER=$(deploy "$ARTIFACTS/deployer.wasm" $ADMIN_SECRET)

echo " Deployer contract address: $DEPLOYER"

TOKEN_USDC=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)

echo " USDC contract address: $TOKEN_USDC"

S_TOKEN_HASH=$(install "$ARTIFACTS/s_token.wasm" $ADMIN_SECRET)

echo " SToken wasm hash: $S_TOKEN_HASH"

TOKEN_RWA=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)

echo " RWA contract address: $TOKEN_RWA"

DEBT_TOKEN_HASH=$(install "$ARTIFACTS/debt_token.wasm" $ADMIN_SECRET)

echo " DebtToken wasm hash: $DEBT_TOKEN_HASH"

DEPLOYER=$(deploy "$ARTIFACTS/deployer.wasm" $ADMIN_SECRET)

echo " Deployer contract address: $DEPLOYER"

PRICE_FEED="CALI2BYU2JE6WVRUFYTS6MSBNEHGJ35P4AVCZYF3B6QOE3QKOB2PLE6M"

echo " Price Feed contract address: $PRICE_FEED"

TOKEN_XLM=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)

echo " XLM contract address: $TOKEN_XLM"

TOKEN_XRP=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)

echo " XRP contract address: $TOKEN_XRP"

TOKEN_USDC=$(deploy "$ARTIFACTS/token.wasm" $ADMIN_SECRET)

echo " USDC contract address: $TOKEN_USDC"

DEPLOYER=$(deploy "$ARTIFACTS/deployer.wasm" $ADMIN_SECRET)

echo " Deployer contract address: $DEPLOYER"

S_TOKEN_HASH=$(install "$ARTIFACTS/s_token.wasm" $ADMIN_SECRET)

echo " SToken wasm hash: $S_TOKEN_HASH"

DEBT_TOKEN_HASH=$(install "$ARTIFACTS/debt_token.wasm" $ADMIN_SECRET)

echo " DebtToken wasm hash: $DEBT_TOKEN_HASH"

PRICE_FEED=$(deploy "$ARTIFACTS/price_feed_mock.wasm" $ADMIN_SECRET)

echo " Price Feed contract address: $PRICE_FEED"

Tools

Gitleaks

48-48: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

51-51: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

54-54: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T09:43:10Z

integration-tests/tests/pool.sut.ts

+export async function releaseInit(client: SorobanClient): Promise<void> {
+    console.log("    Contracts initialization has been started");
+
+    require("dotenv").config({ path: contractsFilename });
+
+    let salt = 0;
+    const generateSalt = (value: number): string =>
+        String(value).padStart(64, "0");
+
+    await initPool(client, `${generateSalt(++salt)}`);
+
+    await initSToken(client, "XRP", `${generateSalt(++salt)}`);
+    await initSToken(client, "USDC", `${generateSalt(++salt)}`);
+    await initSToken(client, "XLM", `${generateSalt(++salt)}`);
+
+    await initDToken(client, "XLM", `${generateSalt(++salt)}`);
+    await initDToken(client, "XRP", `${generateSalt(++salt)}`);
+    await initDToken(client, "USDC", `${generateSalt(++salt)}`);
+
+    await initPoolReserve(client, "XLM");
+    await initPoolReserve(client, "XRP");
+    await initPoolReserve(client, "USDC");
+
+    await initPoolCollateral(client, "XRP", 1);
+    await initPoolCollateral(client, "USDC", 2);
+    await initPoolCollateral(client, "XLM", 3);
+
+    await initPoolBorrowing(client, "XLM");
+    await initPoolBorrowing(client, "XRP");
+    await initPoolBorrowing(client, "USDC");
+
+    await initPoolPriceFeed(client, [
+        {
+            asset: "XLM",
+            asset_decimals: +process.env['XLM_DECIMALS'] ?? 7,
+            max_sanity_price_in_base: BigInt(+process.env['XLM_MAX_SANITY_PRICE_IN_BASE']),
+            min_sanity_price_in_base: BigInt(+process.env['XLM_MIN_SANITY_PRICE_IN_BASE']),
+            priceFeedConfig: {
+                feed_asset: "XLM",
+                feed_asset_type: process.env['XLM_FEED_ASSET_TYPE'],
+                feed_decimals: +process.env['XLM_FEED_DECIMALS'],
+                feed: process.env.SLENDER_PRICE_FEED,
+                twap_records: +process.env['XLM_PRICE_TWAP_RECORDS'],
+                min_timestamp_delta: +process.env['XLM_MIN_TIMESTAMP_DELTA'],
+                timestamp_precision: process.env['XLM_PRICE_TIMESTAMP_PRECISION']
+            },
+        },
+        {
+            asset: "XRP",
+            asset_decimals: +process.env['XRP_DECIMALS'] ?? 7,
+            max_sanity_price_in_base: BigInt(+process.env['XRP_MAX_SANITY_PRICE_IN_BASE']),
+            min_sanity_price_in_base: BigInt(+process.env['XRP_MIN_SANITY_PRICE_IN_BASE']),
+            priceFeedConfig: {
+                feed_asset: "XRP",
+                feed_asset_type: process.env['XRP_FEED_ASSET_TYPE'],
+                feed_decimals: +process.env['XRP_FEED_DECIMALS'],
+                feed: process.env.SLENDER_PRICE_FEED,
+                twap_records: +process.env['XRP_PRICE_TWAP_RECORDS'],
+                min_timestamp_delta: +process.env['XRP_MIN_TIMESTAMP_DELTA'],
+                timestamp_precision: process.env['XRP_PRICE_TIMESTAMP_PRECISION']
+            },
+        },
+        {
+            asset: "USDC",
+            asset_decimals: +process.env['USDC_DECIMALS'] ?? 7,
+            max_sanity_price_in_base: BigInt(+process.env['USDC_MAX_SANITY_PRICE_IN_BASE']),
+            min_sanity_price_in_base: BigInt(+process.env['USDC_MIN_SANITY_PRICE_IN_BASE']),
+            priceFeedConfig: {
+                feed_asset: "USDC",
+                feed_asset_type: process.env['USDC_FEED_ASSET_TYPE'],
+                feed_decimals: +process.env['USDC_FEED_DECIMALS'],
+                feed: process.env.SLENDER_PRICE_FEED,
+                twap_records: +process.env['USDC_PRICE_TWAP_RECORDS'],
+                min_timestamp_delta: +process.env['USDC_MIN_TIMESTAMP_DELTA'],
+                timestamp_precision: process.env['USDC_PRICE_TIMESTAMP_PRECISION']
+            },
+        },
+    ]);
+
+    console.log("    Contracts initialization has been finished");
+}


Consider adding unit tests for releaseInit function.

The releaseInit function significantly expands the setup capabilities for the pool. Consider adding unit tests to ensure the functionality is thoroughly tested.

Do you want me to generate the unit testing code or open a GitHub issue to track this task?

coderabbitai

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between cb39e61 and a574d10.

Files selected for processing (2)

deploy/scripts/.mainnet.env (1 hunks)
integration-tests/tests/soroban.config.ts (1 hunks)

Files skipped from review as they are similar to previous changes (1)

deploy/scripts/.mainnet.env

Additional comments not posted (2)

integration-tests/tests/soroban.config.ts (2)

4-4: Improved configurability with dynamic contractsFilename.

The contractsFilename variable now dynamically incorporates the NODE_ENV environment variable. Ensure that NODE_ENV is set correctly to avoid any issues with the file path.

6-6: Ensure proper configuration of .env files.

The dotenv configuration line correctly leverages the NODE_ENV variable. Ensure that the .env files for each environment are properly configured and exist in the specified path.

coderabbitai

Actionable comments posted: 12

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between a574d10 and be07f95.

Files ignored due to path filters (9)

contracts/pool/src/tests/snapshots/budget_utilization.snap is excluded by !**/*.snap
deploy/artifacts/testnet/contract-bindings.zip is excluded by !**/*.zip
deploy/artifacts/testnet/debt_token.wasm is excluded by !**/*.wasm
deploy/artifacts/testnet/deployer.wasm is excluded by !**/*.wasm
deploy/artifacts/testnet/flash_loan_receiver_mock.wasm is excluded by !**/*.wasm
deploy/artifacts/testnet/pool.wasm is excluded by !**/*.wasm
deploy/artifacts/testnet/price_feed_mock.wasm is excluded by !**/*.wasm
deploy/artifacts/testnet/s_token.wasm is excluded by !**/*.wasm
deploy/artifacts/testnet/token.wasm is excluded by !**/*.wasm

Files selected for processing (3)

contracts/pool/src/methods/flash_loan.rs (1 hunks)
contracts/pool/src/tests/flash_loan.rs (4 hunks)
deploy/artifacts/testnet/.contracts (1 hunks)

Additional context used

Gitleaks

deploy/artifacts/testnet/.contracts

1-2: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2-3: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

3-4: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

4-5: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

5-6: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

6-7: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

14-15: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

15-16: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

16-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

17-18: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

18-19: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

19-20: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Additional comments not posted (2)

contracts/pool/src/methods/flash_loan.rs (1)

84-84: LGTM! But verify the integration of the change.

The change to include the premium in the amount when transferring the underlying asset is approved.

However, ensure that this change is correctly integrated and does not introduce any issues in the overall logic.
contracts/pool/src/tests/flash_loan.rs (1)
Line range hint 81-121:
LGTM! But verify the integration of the changes.

The changes to adjust the indexing of reserves and the expected values of underlying assets are approved.

However, ensure that these changes are correctly integrated and do not introduce any issues in the overall logic.

Verification successful

The changes are correctly integrated and do not introduce any issues.

The function should_require_borrower_to_pay_fee correctly adjusts the indexing of reserves and the expected values of underlying assets. The assertions confirm the expected changes in the treasury and s_token balances before and after the flash loan.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the integration of the changes to adjust the indexing of reserves and the expected values of underlying assets.

# Test: Search for the function usage. Expect: Ensure the logic is correctly integrated.
rg --type rust -A 10 $'should_require_borrower_to_pay_fee'
Length of output: 878

Script:
#!/bin/bash
# Description: Retrieve the full implementation of the function `should_require_borrower_to_pay_fee` for thorough review.

# Search for the full implementation of the function.
ast-grep --lang rust --pattern $'fn should_require_borrower_to_pay_fee() {
  $$$
}'
Length of output: 6684

coderabbitai · 2024-07-31T12:37:40Z

deploy/artifacts/testnet/.contracts

@@ -0,0 +1,32 @@
+SLENDER_TOKEN_XLM=CDLZFC3SYJYDZT7K67VZ75HPJVIEUVNIXF47ZG2FB2RMQQVU2HHGCYSC


Potential exposure of sensitive information.

The SLENDER_TOKEN_XLM environment variable appears to contain a sensitive token. Ensure this is not exposed in the version control system.

Tools

Gitleaks

1-2: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T12:37:41Z

deploy/artifacts/testnet/.contracts

@@ -0,0 +1,32 @@
+SLENDER_TOKEN_XLM=CDLZFC3SYJYDZT7K67VZ75HPJVIEUVNIXF47ZG2FB2RMQQVU2HHGCYSC
+SLENDER_TOKEN_XRP=CAOODR344VWG6LIL3J72IQ5CSJDAIQMBEO4DPRZMV3AYD36VCL47Y5OH


Potential exposure of sensitive information.

The SLENDER_TOKEN_XRP environment variable appears to contain a sensitive token. Ensure this is not exposed in the version control system.

Tools

Gitleaks

1-2: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2-3: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T12:37:41Z

deploy/artifacts/testnet/.contracts

@@ -0,0 +1,32 @@
+SLENDER_TOKEN_XLM=CDLZFC3SYJYDZT7K67VZ75HPJVIEUVNIXF47ZG2FB2RMQQVU2HHGCYSC
+SLENDER_TOKEN_XRP=CAOODR344VWG6LIL3J72IQ5CSJDAIQMBEO4DPRZMV3AYD36VCL47Y5OH
+SLENDER_TOKEN_USDC=CDTDX7KSIDDAXYPCHOEVMAH5UYGUEZW3PB7PAQKAIPBBTJ4NVNYNDN4Q


Potential exposure of sensitive information.

The SLENDER_TOKEN_USDC environment variable appears to contain a sensitive token. Ensure this is not exposed in the version control system.

Tools

Gitleaks

2-3: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

3-4: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T12:37:41Z

deploy/artifacts/testnet/.contracts

+SLENDER_TOKEN_XLM=CDLZFC3SYJYDZT7K67VZ75HPJVIEUVNIXF47ZG2FB2RMQQVU2HHGCYSC
+SLENDER_TOKEN_XRP=CAOODR344VWG6LIL3J72IQ5CSJDAIQMBEO4DPRZMV3AYD36VCL47Y5OH
+SLENDER_TOKEN_USDC=CDTDX7KSIDDAXYPCHOEVMAH5UYGUEZW3PB7PAQKAIPBBTJ4NVNYNDN4Q
+SLENDER_TOKEN_RWA=CCA6W7VFNVWQHU5FQIZ6OHXABYZLNZ7MOL5CK2B2NFFN75OSRXCXINXK


Potential exposure of sensitive information.

The SLENDER_TOKEN_RWA environment variable appears to contain a sensitive token. Ensure this is not exposed in the version control system.

Tools

Gitleaks

3-4: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

4-5: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T12:37:41Z

deploy/artifacts/testnet/.contracts

+SLENDER_TOKEN_XRP=CAOODR344VWG6LIL3J72IQ5CSJDAIQMBEO4DPRZMV3AYD36VCL47Y5OH
+SLENDER_TOKEN_USDC=CDTDX7KSIDDAXYPCHOEVMAH5UYGUEZW3PB7PAQKAIPBBTJ4NVNYNDN4Q
+SLENDER_TOKEN_RWA=CCA6W7VFNVWQHU5FQIZ6OHXABYZLNZ7MOL5CK2B2NFFN75OSRXCXINXK
+SLENDER_S_TOKEN_HASH=d14e8cf2e2c07ac4237e4804a50d02c717333ab2a1a4ed63cc63228e265b0a0d


Potential exposure of sensitive information.

The SLENDER_S_TOKEN_HASH environment variable appears to contain a sensitive token hash. Ensure this is not exposed in the version control system.

Tools

Gitleaks

4-5: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

5-6: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T12:37:41Z

deploy/artifacts/testnet/.contracts

+SLENDER_TOKEN_USDC_INITIALIZED=TRUE
+SLENDER_POOL=CDOWGSFIKIFAQ3S4AWMKAYD6CMBQ7GTLJS36Q5WJWO4CML4FY7VYOGC3
+SLENDER_S_TOKEN_XRP=CBXJI2JT3LXDDW3LE2S4XGFWMNGJX7RZ5667KH6IXRAZ4LMR365JJLPM
+SLENDER_S_TOKEN_USDC=CC54UFYIGACHNJ5YUWCA4QV7BRFXTCKXURLU2LFIFRMBU5WXN2LV7EDG


Potential exposure of sensitive information.

The SLENDER_S_TOKEN_USDC environment variable appears to contain a sensitive token. Ensure this is not exposed in the version control system.

Tools

Gitleaks

14-15: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

15-16: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T12:37:41Z

deploy/artifacts/testnet/.contracts

+SLENDER_POOL=CDOWGSFIKIFAQ3S4AWMKAYD6CMBQ7GTLJS36Q5WJWO4CML4FY7VYOGC3
+SLENDER_S_TOKEN_XRP=CBXJI2JT3LXDDW3LE2S4XGFWMNGJX7RZ5667KH6IXRAZ4LMR365JJLPM
+SLENDER_S_TOKEN_USDC=CC54UFYIGACHNJ5YUWCA4QV7BRFXTCKXURLU2LFIFRMBU5WXN2LV7EDG
+SLENDER_S_TOKEN_XLM=CBQ2YPEPMH2JB5IX53NZVKJXPT3VGLOKME3XSX7MPXRPLVMHF5W4RYTR


Potential exposure of sensitive information.

The SLENDER_S_TOKEN_XLM environment variable appears to contain a sensitive token. Ensure this is not exposed in the version control system.

Tools

Gitleaks

15-16: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

16-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T12:37:41Z

deploy/artifacts/testnet/.contracts

+SLENDER_S_TOKEN_XRP=CBXJI2JT3LXDDW3LE2S4XGFWMNGJX7RZ5667KH6IXRAZ4LMR365JJLPM
+SLENDER_S_TOKEN_USDC=CC54UFYIGACHNJ5YUWCA4QV7BRFXTCKXURLU2LFIFRMBU5WXN2LV7EDG
+SLENDER_S_TOKEN_XLM=CBQ2YPEPMH2JB5IX53NZVKJXPT3VGLOKME3XSX7MPXRPLVMHF5W4RYTR
+SLENDER_DEBT_TOKEN_XLM=CD6LOPW3CY57SSTTBLTEWCVVK4ZIRNTNKFE6COULDA3ZSK2OBERF6C6R


Potential exposure of sensitive information.

The SLENDER_DEBT_TOKEN_XLM environment variable appears to contain a sensitive token. Ensure this is not exposed in the version control system.

Tools

Gitleaks

16-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

17-18: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T12:37:41Z

deploy/artifacts/testnet/.contracts

+SLENDER_S_TOKEN_USDC=CC54UFYIGACHNJ5YUWCA4QV7BRFXTCKXURLU2LFIFRMBU5WXN2LV7EDG
+SLENDER_S_TOKEN_XLM=CBQ2YPEPMH2JB5IX53NZVKJXPT3VGLOKME3XSX7MPXRPLVMHF5W4RYTR
+SLENDER_DEBT_TOKEN_XLM=CD6LOPW3CY57SSTTBLTEWCVVK4ZIRNTNKFE6COULDA3ZSK2OBERF6C6R
+SLENDER_DEBT_TOKEN_XRP=CBXNRH3LODCXPTSW4YDB2CNWMGQ6JTGG4TEW27OVG7C5DVMTGQVPXFX4


Potential exposure of sensitive information.

The SLENDER_DEBT_TOKEN_XRP environment variable appears to contain a sensitive token. Ensure this is not exposed in the version control system.

Tools

Gitleaks

17-18: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

18-19: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai · 2024-07-31T12:37:41Z

deploy/artifacts/testnet/.contracts

+SLENDER_S_TOKEN_XLM=CBQ2YPEPMH2JB5IX53NZVKJXPT3VGLOKME3XSX7MPXRPLVMHF5W4RYTR
+SLENDER_DEBT_TOKEN_XLM=CD6LOPW3CY57SSTTBLTEWCVVK4ZIRNTNKFE6COULDA3ZSK2OBERF6C6R
+SLENDER_DEBT_TOKEN_XRP=CBXNRH3LODCXPTSW4YDB2CNWMGQ6JTGG4TEW27OVG7C5DVMTGQVPXFX4
+SLENDER_DEBT_TOKEN_USDC=CBKPLSRWIWULHSJ3QW6WQSXM3N2TDEHLKFECS7HP2XGQFA5V2FYOTVFE


Potential exposure of sensitive information.

The SLENDER_DEBT_TOKEN_USDC environment variable appears to contain a sensitive token. Ensure this is not exposed in the version control system.

Tools

Gitleaks

18-19: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

19-20: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

coderabbitai

Actionable comments posted: 15

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between be07f95 and 64689fa.

Files ignored due to path filters (6)

deploy/artifacts/mainnet/debt_token.wasm is excluded by !**/*.wasm
deploy/artifacts/mainnet/deployer.wasm is excluded by !**/*.wasm
deploy/artifacts/mainnet/flash_loan_receiver_mock.wasm is excluded by !**/*.wasm
deploy/artifacts/mainnet/pool.wasm is excluded by !**/*.wasm
deploy/artifacts/mainnet/price_feed_mock.wasm is excluded by !**/*.wasm
deploy/artifacts/mainnet/s_token.wasm is excluded by !**/*.wasm

Files selected for processing (2)

deploy/artifacts/mainnet/.contracts (1 hunks)
integration-tests/tests/release.ts (1 hunks)

Files skipped from review as they are similar to previous changes (1)

integration-tests/tests/release.ts

Additional context used

Gitleaks

deploy/artifacts/mainnet/.contracts

1-2: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

2-3: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

3-4: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

4-5: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

5-6: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

11-12: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

12-13: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

13-14: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

14-15: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

15-16: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

16-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Additional comments not posted (10)

deploy/artifacts/mainnet/.contracts (10)

17-17: LGTM!

The environment variable SLENDER_POOL_XLM_RESERVE_INITIALIZED is a boolean flag and does not contain sensitive information.

Tools

Gitleaks

16-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

18-18: LGTM!

The environment variable SLENDER_POOL_XRP_RESERVE_INITIALIZED is a boolean flag and does not contain sensitive information.

19-19: LGTM!

The environment variable SLENDER_POOL_USDC_RESERVE_INITIALIZED is a boolean flag and does not contain sensitive information.

20-20: LGTM!

The environment variable SLENDER_POOL_XRP_COLLATERAL_CONFIGURED is a boolean flag and does not contain sensitive information.

21-21: LGTM!

The environment variable SLENDER_POOL_USDC_COLLATERAL_CONFIGURED is a boolean flag and does not contain sensitive information.

22-22: LGTM!

The environment variable SLENDER_POOL_XLM_COLLATERAL_CONFIGURED is a boolean flag and does not contain sensitive information.

23-23: LGTM!

The environment variable SLENDER_POOL_XLM_BORROWING_ENABLED is a boolean flag and does not contain sensitive information.

24-24: LGTM!

The environment variable SLENDER_POOL_XRP_BORROWING_ENABLED is a boolean flag and does not contain sensitive information.

25-25: LGTM!

The environment variable SLENDER_POOL_USDC_BORROWING_ENABLED is a boolean flag and does not contain sensitive information.

26-26: LGTM!

The environment variable SLENDER_POOL_PRICE_FEED_SET is a boolean flag and does not contain sensitive information.

coderabbitai · 2024-07-31T12:54:31Z