`near-lib` is pointing to the archived dependency

Near-One / rainbow-token-connector

ERC-20/NEP-141 Token Connector for Rainbow Bridge

62 stars 18 forks source link

`near-lib` is pointing to the archived dependency #23

Closed alexauroradev closed 3 years ago

alexauroradev commented 3 years ago

At the moment bridge-token-factory is using near-lib:

near-lib = { git = "https://github.com/ilblackdragon/balancer-near", rev = "a386305c9829d2e5302a78fdc475c8a279fcf6ed"}

The dependency is outdated, @ilblackdragon moved the code here. We need to update the dependency.

mfornet commented 3 years ago

Moreover, in the README of the new repository you can read:

All contracts are not code reviewed, come as is, have no guarantees.

We should code-review and pin a particular commit, since token-connector is a security critical application.

Another option is to add reference vanilla implementation of Fungible Token to core-contracts where only sound and maintained contracts are kept as suggested in https://github.com/near/near-sdk-rs/pull/289#issuecomment-777458586

ilblackdragon commented 3 years ago

The code for this library is moving to near-sdk-rs in this PR: https://github.com/near/near-sdk-rs/pull/275

This PR was blocked on fixing simulation. There might be some other blockers there, I'm not sure. Plus the FT standard will get upgraded to 141 from 21, which means this repo should also upgrade with that change.

mfornet commented 3 years ago

This will be fixed by removing this dependency when https://github.com/near/rainbow-token-connector/issues/21 is implemented.