Closed aymericdelab closed 4 days ago
The latest updates on your projects. Learn more about Vercel for Git โ๏ธ
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
eternum | โ Ready (Inspect) | Visit Preview | ๐ฌ Add feedback | Jun 29, 2024 2:37pm |
โฑ๏ธ Estimated effort to review [1-5] | 4 |
๐งช Relevant tests | No |
๐ Security concerns |
- Sensitive Information Exposure: The presence of private keys and account addresses in configuration files (`Scarb.toml`) raises concerns about the security practices being followed. Ensure these are placeholder values and that sensitive information is handled securely, especially in production environments. |
โก Key issues to review |
Configuration Consistency: Ensure that all configuration changes, such as URLs and addresses, are consistent across different files and environments. This includes checking that the new RPC URLs and contract addresses are correct and intended for the production environment as specified. |
Dependency Updates: Verify that all dependencies, especially those related to contract interactions, are correctly updated to reflect any new contract addresses or ABI changes. | |
Hardcoded Values: Review the necessity and security implications of any hardcoded values, such as private keys or addresses, to ensure they are not sensitive or should be managed differently. |
Category | Suggestion | Score |
Security |
Use environment variables for sensitive URLs to enhance security___ **It's recommended to avoid hardcoding sensitive URLs directly in scripts. Consider fetchingthis value from a secure environment variable or a secure configuration management system.** [contracts/scripts/env_variables.sh [14]](https://github.com/BibliothecaDAO/eternum/pull/1048/files#diff-6cd12b61c94307559d5f270f7dc570bdf74b8153ce1fb3445575b21e83db230fR14-R14) ```diff -STARKNET_RPC_URL="https://api.cartridge.gg/x/eternum-23/katana/" +STARKNET_RPC_URL="${STARKNET_RPC_URL}" ``` Suggestion importance[1-10]: 9Why: Avoiding hardcoded sensitive URLs enhances security by preventing potential exposure. This is a significant improvement. | 9 |
Possible issue |
Remove redundant or clarify distinct contract hash fields___ **Ensure that theclass_hash and original_class_hash values are distinct if they are meant to represent different states or versions of the contract. If they are intended to be the same, consider removing one to avoid redundancy and potential confusion.** [contracts/manifests/prod/manifest.json [4-5]](https://github.com/BibliothecaDAO/eternum/pull/1048/files#diff-782ac57560d5a0f4ea219cca69f0b77a29beba630ee384bf5bf2e5623febda9aR4-R5) ```diff -"class_hash": "0x3f63cecdc4964acafb921ba2934c6507d1b3c344edb64c2762cf08053169ab9", -"original_class_hash": "0x3f63cecdc4964acafb921ba2934c6507d1b3c344edb64c2762cf08053169ab9", +"class_hash": "0x3f63cecdc4964acafb921ba2934c6507d1b3c344edb64c2762cf08053169ab9" ``` Suggestion importance[1-10]: 9Why: This suggestion addresses a potential redundancy and confusion issue, which is crucial for maintaining clarity in the contract's manifest. Ensuring distinct values or removing redundancy can prevent future errors and misunderstandings. | 9 |
Ensure
___
**It appears that the | 8 | |
Possible bug |
Verify and correct the
___
**The | 9 |
Correct the state mutability attribute to reflect function behavior accurately___ **Update thestate_mutability attribute from external to view for functions that do not modify state, such as get_differ_program_hash and get_merger_program_hash , if these functions are indeed intended only for viewing data.** [contracts/manifests/prod/manifest.json [616]](https://github.com/BibliothecaDAO/eternum/pull/1048/files#diff-782ac57560d5a0f4ea219cca69f0b77a29beba630ee384bf5bf2e5623febda9aR616-R616) ```diff -"state_mutability": "external" +"state_mutability": "view" ``` Suggestion importance[1-10]: 8Why: Correcting the state mutability attribute is important for accurately reflecting the function's behavior. This change can prevent potential misuse and aligns with best practices for smart contract development. | 8 | |
Maintainability |
Replace hardcoded time interval with a descriptive variable___ **Consider using a variable for thearmiesTickIntervalInSeconds to avoid hardcoding the value directly in the object. This can improve readability and maintainability, especially if the interval might change based on different environments or settings.** [sdk/packages/eternum/src/constants/global.ts [44]](https://github.com/BibliothecaDAO/eternum/pull/1048/files#diff-679a37db0e7e68c37d60fbd39ba068183a0560b3443b67d5043758a317dc2049R44-R44) ```diff -armiesTickIntervalInSeconds: 7200, // 2hrs +armiesTickIntervalInSeconds: TWO_HOURS_IN_SECONDS, // 2hrs ``` Suggestion importance[1-10]: 7Why: Using a descriptive variable instead of a hardcoded value improves readability and maintainability. However, it is not a critical issue. | 7 |
Best practice |
Ensure consistent and appropriate data types across contract interfaces___ **Ensure that thetype for program_hash in the outputs of get_differ_program_hash and get_merger_program_hash is consistent with other similar outputs in the contract, possibly updating it to a more specific or appropriate type if needed.** [contracts/manifests/prod/manifest.json [613]](https://github.com/BibliothecaDAO/eternum/pull/1048/files#diff-782ac57560d5a0f4ea219cca69f0b77a29beba630ee384bf5bf2e5623febda9aR613-R613) ```diff -"type": "core::felt252" +"type": "core::hash256" ``` Suggestion importance[1-10]: 7Why: Ensuring consistent and appropriate data types across contract interfaces is a good practice for maintaining data integrity and clarity. This suggestion helps in aligning the contract's data types, although the impact is moderate. | 7 |
Performance |
Optimize the
___
**Ensure that the | 6 |
Enhancement |
Improve clarity of function names for better maintainability___ **Consider using more descriptive function names thanset_differ_program_hash and set_merger_program_hash to clarify what these functions do or how they differ from each other.** [contracts/manifests/prod/manifest.json [585-597]](https://github.com/BibliothecaDAO/eternum/pull/1048/files#diff-782ac57560d5a0f4ea219cca69f0b77a29beba630ee384bf5bf2e5623febda9aR585-R597) ```diff -"name": "set_differ_program_hash", -"name": "set_merger_program_hash", +"name": "update_differ_program_hash", +"name": "update_merger_program_hash", ``` Suggestion importance[1-10]: 6Why: While the current function names are somewhat descriptive, using more explicit names can improve code readability and maintainability. This is a minor enhancement but beneficial for long-term code clarity. | 6 |
PR Type
enhancement, configuration changes
Description
armiesTickIntervalInSeconds
to 7200 seconds inglobal.ts
.deploy.sh
to use new slot deployments and versions.env_variables.sh
for production.manifest.json
.manifest.toml
..env.production
.Scarb.toml
.Changes walkthrough ๐
global.ts
Update armies tick interval to 7200 seconds
sdk/packages/eternum/src/constants/global.ts - Updated `armiesTickIntervalInSeconds` from 30 to 7200.
deploy.sh
Update deployment script with new slot deployments and versions
scripts/deploy.sh
env_variables.sh
Update environment variables for production
contracts/scripts/env_variables.sh
STARKNET_RPC_URL
andSOZO_WORLD
for production environment.manifest.json
Update contract metadata and ABI definitions
contracts/manifests/prod/manifest.json
contracts.
manifest.toml
Update contract metadata in TOML manifest
contracts/manifests/prod/manifest.toml
contracts.
.env.production
Update environment URLs for production
client/.env.production - Updated URLs for `TORII` and `NODE`.
Scarb.toml
Update RPC URL and world address in Scarb configuration
contracts/Scarb.toml - Updated `rpc_url` and `world_address` for production profile.