build(deps): [Snyk] Security upgrade ethers from 5.7.2 to 6.0.0 (#2607)

* fix: dapp-example/package.json & dapp-example/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WS-7266574 Signed-off-by: Logan Nguyen <[email protected]> * fix: migrated ethersv5 to ethersv6 in dapp-example Signed-off-by: Logan Nguyen <[email protected]> * dep: bumped packages Signed-off-by: Logan Nguyen <[email protected]> * chore: fix dependencies Signed-off-by: nikolay <[email protected]> * chore: edit sleeps Signed-off-by: nikolay <[email protected]> * chore: bump timeout Signed-off-by: nikolay <[email protected]> * chore: revert spec Signed-off-by: nikolay <[email protected]> * chore: fix _signingKey Signed-off-by: nikolay <[email protected]> * chore: edit tests Signed-off-by: nikolay <[email protected]> * chore: edit events Signed-off-by: nikolay <[email protected]> * chore: test Signed-off-by: nikolay <[email protected]> --------- Signed-off-by: Logan Nguyen <[email protected]> Signed-off-by: nikolay <[email protected]> Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Logan Nguyen <[email protected]> Co-authored-by: nikolay <[email protected]> Signed-off-by: ebadiere <[email protected]>
hashgraph · Aug 1, 2024 · 605aa13 · 605aa13
1 parent b51a587
commit 605aa13
Show file tree

Hide file tree

Showing 12 changed files with 11,831 additions and 9,066 deletions.
diff --git a/dapp-example/localDappCI.env b/dapp-example/localDappCI.env
@@ -12,8 +12,8 @@ NETWORK_NAME='local hedera'
 RPC_URL='http://host.docker.internal:7546'
 SYMBOL='HBAR'
 IS_TESTNET=false
-PRIVATE_KEY='08e926c84220295b5db5df25be107ce905b41e237ac748dd04d479c23dcdf2d5'
-RECEIVER_PRIVATE_KEY='01eed4d6c44d5b5c59d8c63d89236815741fa99ce68211827ab77d1a72d3a41a'
+PRIVATE_KEY='0x08e926c84220295b5db5df25be107ce905b41e237ac748dd04d479c23dcdf2d5'
+RECEIVER_PRIVATE_KEY='0x01eed4d6c44d5b5c59d8c63d89236815741fa99ce68211827ab77d1a72d3a41a'
 FEE_HISTORY_MAX_RESULTS=10
 DEFAULT_RATE_LIMIT = 200
 TIER_1_RATE_LIMIT = 100

diff --git a/dapp-example/package-lock.json b/dapp-example/package-lock.json
diff --git a/dapp-example/package.json b/dapp-example/package.json
@@ -7,20 +7,31 @@
     "@emotion/styled": "^11.11.5",
     "@hashgraph/sdk": "^2.45.0",
     "@mui/material": "^5.15.16",
-    "ethers": "^5.6.8",
+    "ethers": "^6.13.1",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
-    "react-scripts": "5.0.1"
+    "react-scripts": "5.0.1",
+    "typescript": "^5.5.2"
+  },
+  "overrides": {
+    "cypress": "^13.12.0",
+    "typescript": "^5.5.2"
   },
   "devDependencies": {
-    "@synthetixio/synpress": "^3.7.1",
-    "cypress": "^12.13.0",
+    "@babel/core": "^7.24.7",
+    "@babel/preset-env": "^7.24.7",
+    "@cypress/webpack-batteries-included-preprocessor": "^3.0.3",
+    "@cypress/webpack-preprocessor": "^5.0.2",
+    "@synthetixio/synpress": "^3.7.3",
+    "babel-loader": "^9.1.3",
+    "cypress": "^13.12.0",
     "cypress-multi-reporters": "^1.6.3",
-    "cypress-wait-until": "^1.7.2",
+    "cypress-wait-until": "^3.0.1",
     "env-cmd": "^10.1.0",
     "http-server": "^14.1.1",
     "mocha-junit-reporter": "^2.2.0",
-    "start-server-and-test": "^1.14.0"
+    "start-server-and-test": "^1.14.0",
+    "webpack": "^5.92.1"
   },
   "scripts": {
     "start": "react-scripts start --openssl-legacy-provider",

diff --git a/dapp-example/public/index.html b/dapp-example/public/index.html
@@ -22,6 +22,9 @@
       Learn how to configure a non-root public URL by running `npm run build`.
     -->
     <title>React App</title>
+    <style>
+        body > iframe { display: none !important; }
+    </style>
   </head>
   <body>
     <noscript>You need to enable JavaScript to run this app.</noscript>

diff --git a/dapp-example/src/App.js b/dapp-example/src/App.js
@@ -26,9 +26,9 @@ function App() {
 
   useEffect(() => {
     if (window.ethereum) {
-      const provider = new ethers.providers.Web3Provider(window.ethereum, 'any');
+      const provider = new ethers.BrowserProvider(window.ethereum, 'any');
 
-      setSigner(provider.getSigner());
+      provider.getSigner().then((signer) => setSigner(signer));
 
       window.ethereum.on('accountsChanged', changeConnectedAccount);
       window.ethereum.on('chainChanged', (chainId) => {
@@ -68,7 +68,7 @@ function App() {
           method: 'eth_getBalance',
           params: [accountAddress.toString(), 'latest'],
         });
-        formattedBalance = ethers.utils.formatEther(accountBalance);
+        formattedBalance = ethers.formatEther(accountBalance);
       }
       setBalance(formattedBalance);
     } catch (error) {
@@ -111,12 +111,12 @@ function App() {
   const showAccountIdHandler = useCallback(async () => {
     try {
       const message = address + '_' + Date.now();
-      const msgHash = ethers.utils.hashMessage(message);
-      const msgHashBytes = ethers.utils.arrayify(msgHash);
+      const msgHash = ethers.hashMessage(message);
+      const msgHashBytes = ethers.getBytes(msgHash);
 
       const signature = await signer.signMessage(message);
 
-      const recoveredPubKey = ethers.utils.recoverPublicKey(msgHashBytes, signature);
+      const recoveredPubKey = ethers.SigningKey.recoverPublicKey(msgHashBytes, signature);
       const accountId = recoveredPublicKeyToAccountId(recoveredPubKey);
 
       setAlias(accountId.aliasKey.toStringRaw());
@@ -134,7 +134,7 @@ function App() {
     await tx.wait();
 
     setToBalanceAfterTransfer(
-      ethers.utils.formatEther(
+      ethers.formatEther(
         await window.ethereum.request({
           method: 'eth_getBalance',
           params: [hbarsToAddress, 'latest'],

diff --git a/dapp-example/src/components/ActivateHollowAccountForm.js b/dapp-example/src/components/ActivateHollowAccountForm.js
@@ -26,7 +26,7 @@ const ActivateHollowAccountForm = ({ signer, isConnected, chain, address }) => {
       const tx = await contract.transferTo(hollowAccountAddress, 3_000_000_000, { gasLimit: 1_000_000 });
       const receipt = await tx.wait();
 
-      setActivateHollowAccountMsg(receipt.events[0].event == 'Transferred' ? 'Done' : 'There was an error.');
+      setActivateHollowAccountMsg(receipt.logs[0].fragment.name == 'Transferred' ? 'Done' : 'There was an error.');
       setIsLoading(false);
     } catch (e) {
       console.error(e);

diff --git a/dapp-example/src/components/AssociateHTSTokensForm.js b/dapp-example/src/components/AssociateHTSTokensForm.js
@@ -16,7 +16,7 @@ const AssociateHTSTokensForm = ({ signer, isConnected, chain, address }) => {
   }, [chain, address]);
 
   const htsTokenAssociate = useCallback(async () => {
-    const hrcToken = new ethers.Contract(htsTokenAddress, new ethers.utils.Interface(IHRC), signer);
+    const hrcToken = new ethers.Contract(htsTokenAddress, new ethers.Interface(IHRC), signer);
 
     try {
       setIsLoading(true);

diff --git a/dapp-example/src/components/ContractInteractions.js b/dapp-example/src/components/ContractInteractions.js
@@ -27,12 +27,12 @@ const ContractInteractions = ({ signer, isConnected, chain, address }) => {
       setDeployContractMsg('Loading...');
 
       const contractFactory = new ethers.ContractFactory(Greeter.abi, Greeter.bytecode, signer);
-      const contract = await contractFactory.deploy('initial_msg');
-      const receipt = await contract.deployTransaction.wait();
-      setContractAddress(receipt.contractAddress);
+      const contract = await contractFactory.deploy('initial_msg', { gasLimit: 1_000_000 });
+      await contract.waitForDeployment();
+      setContractAddress(contract.target);
 
       setIsLoading(false);
-      setDeployContractMsg('Addr: ' + receipt.contractAddress);
+      setDeployContractMsg('Addr: ' + contract.target);
     } catch (error) {
       console.error(error.message);
       setDeployContractMsg(null);
@@ -65,7 +65,7 @@ const ContractInteractions = ({ signer, isConnected, chain, address }) => {
       setContractCallUpdateMsg('Loading...');
 
       const contract = new ethers.Contract(contractAddress, Greeter.abi, signer);
-      const tx = await contract.setGreeting(contractCallUpdateMsgInput);
+      const tx = await contract.setGreeting(contractCallUpdateMsgInput, { gasLimit: 1_000_000 });
       await tx.wait();
 
       setContractCallUpdateMsg('Updated text: ' + contractCallUpdateMsgInput);

diff --git a/dapp-example/src/hooks/useHederaSdk.js b/dapp-example/src/hooks/useHederaSdk.js
@@ -6,7 +6,7 @@ const client = Client.forTestnet();
 
 const useHederaSdk = () => {
   const recoveredPublicKeyToAccountId = (publicKey) => {
-    const compressed = ethers.utils.computePublicKey(ethers.utils.arrayify(publicKey), true);
+    const compressed = ethers.SigningKey.computePublicKey(ethers.getBytes(publicKey), true);
 
     return PublicKey.fromString(compressed).toAccountId(0, 0);
   };

diff --git a/dapp-example/synpress.js b/dapp-example/synpress.js
@@ -1,6 +1,7 @@
 const { defineConfig } = require('cypress');
 const path = require('path');
 const synpressPath = path.dirname(require.resolve('@synthetixio/synpress'));
+const preprocessor = require('@cypress/webpack-batteries-included-preprocessor');
 
 module.exports = defineConfig({
   userAgent: 'synpress',
@@ -25,7 +26,12 @@ module.exports = defineConfig({
     openMode: 0,
   },
   e2e: {
-    setupNodeEvents: require(`${synpressPath}/plugins/index`),
+    setupNodeEvents: (on, config) => {
+      const { defaultOptions } = preprocessor;
+      defaultOptions.webpackOptions.module.rules[1].exclude = [/browserslist/];
+      on('file:preprocessor', preprocessor(defaultOptions));
+      require(`${synpressPath}/plugins/index`)(on, config);
+    },
     baseUrl: 'http://localhost:3000',
     specPattern: 'tests/e2e/specs/**/*.{js,jsx,ts,tsx}',
     supportFile: 'tests/e2e/support.js',

diff --git a/dapp-example/tests/e2e/bootstrap.js b/dapp-example/tests/e2e/bootstrap.js
@@ -135,7 +135,8 @@ const deployHederaTokenService = async function (wallet) {
 
   const contractFactory = new ethers.ContractFactory(contractArtifact.abi, contractArtifact.bytecode, wallet);
   const contract = await contractFactory.deploy({ gasLimit: 1_000_000 });
-  const { contractAddress } = await contract.deployTransaction.wait();
+  await contract.waitForDeployment();
+  const contractAddress = contract.target;
 
   return contractAddress;
 };
@@ -145,7 +146,8 @@ const deployAndFundContractTransferTx = async function (wallet) {
 
   const contractFactory = new ethers.ContractFactory(contractArtifact.abi, contractArtifact.bytecode, wallet);
   const contract = await contractFactory.deploy({ gasLimit: 1_000_000 });
-  const { contractAddress } = await contract.deployTransaction.wait();
+  await contract.waitForDeployment();
+  const contractAddress = contract.target;
 
   await new HederaSDK.TransferTransaction()
     .addHbarTransfer(HederaSDK.AccountId.fromEvmAddress(0, 0, contractAddress), new HederaSDK.Hbar(100))
@@ -161,8 +163,12 @@ const deployAndFundContractTransferTx = async function (wallet) {
   if (mainPrivateKeyString === '') {
     mainPrivateKeyString = HederaSDK.PrivateKey.generateECDSA().toStringRaw();
   }
-  const mainWallet = new ethers.Wallet(mainPrivateKeyString, new ethers.providers.JsonRpcProvider(process.env.RPC_URL));
-  const mainCompressedKey = mainWallet._signingKey().compressedPublicKey.replace('0x', '');
+
+  const provider = new ethers.JsonRpcProvider(new ethers.FetchRequest(process.env.RPC_URL), undefined, {
+    batchMaxCount: 1
+  });
+  const mainWallet = new ethers.Wallet(mainPrivateKeyString, provider);
+  const mainCompressedKey = mainWallet.signingKey.compressedPublicKey.replace('0x', '');
   const mainAccountId = (await createAccountFromCompressedPublicKey(mainCompressedKey)).accountId;
   console.log(
     `Primary wallet account private: ${mainPrivateKeyString}, public: ${mainCompressedKey}, id: ${mainAccountId}`,
@@ -173,7 +179,7 @@ const deployAndFundContractTransferTx = async function (wallet) {
     receiverPrivateKeyString = HederaSDK.PrivateKey.generateECDSA().toStringRaw();
   }
   const receiverWallet = new ethers.Wallet(receiverPrivateKeyString);
-  const receiverCompressedKey = receiverWallet._signingKey().compressedPublicKey.replace('0x', '');
+  const receiverCompressedKey = receiverWallet.signingKey.compressedPublicKey.replace('0x', '');
   const receiverAccountId = (await createAccountFromCompressedPublicKey(receiverCompressedKey)).accountId;
   console.log(
     `Receiver wallet account private: ${receiverPrivateKeyString}, public: ${receiverCompressedKey}, id: ${receiverAccountId}`,

diff --git a/dapp-example/tests/e2e/specs/index.spec.js b/dapp-example/tests/e2e/specs/index.spec.js
@@ -12,6 +12,7 @@ describe('Test Core Hedera User Scenarios', function () {
 
   before(() => {
     cy.visit('http://localhost:3000');
+    cy.wait(10000);
     cy.contains('Connect Account').click();
     cy.acceptMetamaskAccess().should('be.true');
     cy.switchToCypressWindow();
@@ -101,11 +102,11 @@ describe('Test Core Hedera User Scenarios', function () {
   });
 
   describe('Tests with hollow account created via TX', function () {
-    mandatoryTests(hollowAccount1._signingKey().privateKey, 3, true);
+    mandatoryTests(hollowAccount1.signingKey.privateKey, 3, true);
   });
 
   describe('Tests with hollow account created via Contract', function () {
-    mandatoryTests(hollowAccount2._signingKey().privateKey, 4, true);
+    mandatoryTests(hollowAccount2.signingKey.privateKey, 4, true);
   });
 
   function mandatoryTests(pkToImport = null, accountNumber = 1, shouldAssociateWithHTS = false) {