fix: Updated to use ethers-rs #8
Conversation
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 8215355 | Triggered | Generic High Entropy Secret | e3bff41 | common/src/contracts/config.rs | View secret |
| 8215358 | Triggered | Generic High Entropy Secret | e3bff41 | common/src/contracts/config.rs | View secret |
| 8215360 | Triggered | Generic High Entropy Secret | e3bff41 | common/src/contracts/config.rs | View secret |
| 8215361 | Triggered | Generic High Entropy Secret | e3bff41 | common/src/contracts/config.rs | View secret |
| 8215365 | Triggered | Generic High Entropy Secret | e3bff41 | common/src/contracts/config.rs | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
| tokio = { version="1.10", features=["sync", "time"] } | ||
| web3 = "0.16.0" | ||
| solidity-bindgen = "0.1.0" | ||
| tokio = { version="1.10", features=["sync", "time", "rt-multi-thread"] } |
There was a problem hiding this comment.
This can be a separate PR: probably a good idea to upgrade these dependencies. I typically check for the latest versions with cargo-outdated (cargo outdated -R)
There was a problem hiding this comment.
Definitely, I'll do it as a new PR.
Dependency changes
Removed dependencies:
Added dependencies:
Code changes
Config changes
Removed the
ORACLE_CONTRACTSenv variable. This was used to get the network name, chain id, contracts addresses and RPC url. Value was split with a:so you had to passsepolia:RPC_URL. Replaced this with two variablesREWARDS_MANAGER_CONTRACTandRPC_URL. We only really need the rewards manager address so by doing this change we can remove all contract configs and if we need to run on a different network we just need to pass the contract address and url, no need for code changes. We are also getting the chain id from the provider so we removedcommon/src/chain_id.rssince we no longer need it.Contract interactions
By switching from
solidity-bindgentoethers-rswe can get rid of over 8k lines incommon/src/contracts/abis.rsand only importavailability-oracle/src/abi/RewardsManager.abi.jsonwhich is what we want to interact with. We're also simulating the transaction to check of errors and if we detect one we log the revert reason.