-
-
Notifications
You must be signed in to change notification settings - Fork 41
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #262 from Cyfrin/hunter/reset-foundry
updated paths
- Loading branch information
Showing
28 changed files
with
1,514 additions
and
0 deletions.
There are no files selected for viewing
64 changes: 64 additions & 0 deletions
64
courses/foundry/1-foundry-simple-storage/10-vscode-solidity-setup/+page.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
--- | ||
title: VSCode Solidity setup | ||
--- | ||
|
||
_Follow along with this video:_ | ||
|
||
--- | ||
|
||
### Improving Code Format in Visual Studio Code | ||
|
||
When you first start, your code might just look like a whole bunch of dull, lifeless, white text. | ||
|
||
This can be easily fixed by using one of the `Solidity` extensions. Out of all the Solidity extensions available in the Extensions tab (CTRL/CMD + SHIFT + X) the following are worth mentioning: | ||
|
||
1. [Solidity by Juan Blanco](https://marketplace.visualstudio.com/items?itemName=JuanBlanco.solidity), the most used Solidity extension out there. | ||
2. [Solidity by Nomic Foundation](https://marketplace.visualstudio.com/items?itemName=NomicFoundation.hardhat-solidity) is Patrick's favorite Solidity extension. The rest of the course will be displaying this extension. | ||
3. [Solidity Visual Developer](https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-visual-auditor) is another popular choice. | ||
|
||
**NOTE**: If the code remains unhighlighted despite having installed the extension, there's a quick solution to that. Press `Command + Shift + P`, or `Control + Shift + P` on Windows. This opens up the command bar. In the command bar, type in "Settings" and select "Preferences: Open User Settings (JSON)". | ||
|
||
If you have nothing in there, create a new setting by typing in: | ||
|
||
``` | ||
{ | ||
"editor.defaultFormatter": "NomicFoundation.hardhat" | ||
} | ||
``` | ||
|
||
Use: | ||
|
||
`"editor.defaultFormatter": "tintinweb.solidity-visual-auditor"` for Solidity Visual Developer | ||
|
||
or | ||
|
||
`"editor.defaultFormatter": "JuanBlanco.solidity"` for Solidity by Juan Blanco | ||
|
||
### Other interesting extensions | ||
|
||
In the previous lesson, we mentioned a file called `foundry.toml`. This also has an extension that formats it to make it easier to read. Please install [Even Better TOML](https://marketplace.visualstudio.com/items?itemName=tamasfe.even-better-toml). | ||
|
||
Another indispensable extension is [Inline Bookmarks](https://marketplace.visualstudio.com/items?itemName=tintinweb.vscode-inline-bookmarks). | ||
|
||
The Inline Bookmarks plugin facilitates bookmarking the actual code. The extension can be used for document review, auditing, log analysis, and keeping track of development notes and to-do lists. You may share your notes and bookmarks with others with ease because they are saved with your files. | ||
|
||
The following default trigger words/tags are configured by default: | ||
``` | ||
@todo - (blue) General ToDo remark. | ||
@note - (blue) General remark. | ||
@remind - (blue) General remark. | ||
@follow-up - (blue) General remark. | ||
@audit - (red) General bookmark for potential issues. | ||
@audit-info - (blue) General bookmark for information to be noted for later use. | ||
@audit-ok - (green) Add a note that a specific line is not an issue even though it might look like. | ||
@audit-issue - (purple) Reference a code location an issue was filed for. | ||
``` | ||
|
||
You can fully customize the colors! | ||
|
||
Remember these! They will be very handy in developing and especially in auditing projects. | ||
|
||
More details are available [here](https://github.com/tintinweb/vscode-inline-bookmarks). | ||
|
||
Next comes the fun part! Let's compile our contract using Foundry! | ||
|
29 changes: 29 additions & 0 deletions
29
...dry/1-foundry-simple-storage/11-compile-a-smart-contract-using-foundry/+page.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
--- | ||
title: Compile a smart contract using Foundry | ||
--- | ||
|
||
_Follow along with this video:_ | ||
|
||
--- | ||
|
||
### Compiling Smart Contracts: A Guide to the Foundry Console Compilation Process | ||
|
||
Open a new terminal. Type in `forge build` or `forge compile` to compile the smart contracts in your project. | ||
|
||
Once the compiling is finished, you'll see some new folders in the Explorer tab on the left side. One of them is a folder called `out`. Here you'll be able to find the [ABI](https://docs.soliditylang.org/en/latest/abi-spec.html) of the smart contract together with the [Bytecode](https://www.geeksforgeeks.org/introduction-to-bytecode-and-opcode-in-solidity/) and a lot of useful information. | ||
|
||
The `cache` folder also appears. Generally, this folder is used to store temporary system files facilitating the compilation process. But for this course, you can safely ignore it. | ||
|
||
### More terminal wizardry | ||
|
||
Throughout your solidity development/audit journey you will type a lot of terminal commands, every time to make a change that you want tested you'll probably have to rerun the `forge build` then maybe you test it with `forge test` or run a script with `forge script` and many more. Typing all these over and over again is inefficient and time-consuming. The better way is to use the `up` and `down` arrow keys. Type the following commands: | ||
|
||
``` | ||
echo "I like Foundry" | ||
echo "I love Cyfrin" | ||
echo "Auditing is great" | ||
``` | ||
|
||
Now press the `up` and `down` arrow keys to cycle through the 3 commands. | ||
|
||
Ok, cool! We learned how to compile a contract, but how does one deploy a smart contract? |
93 changes: 93 additions & 0 deletions
93
...oundry-simple-storage/12-deploy-a-smart-contract-locally-using-ganache/+page.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
--- | ||
title: Deploy a smart contract locally using Ganache | ||
--- | ||
|
||
_Follow along with this video:_ | ||
|
||
|
||
### Deploying a smart contract | ||
|
||
There are multiple ways and multiple places where you could deploy a smart contract. | ||
|
||
While developing using the Foundry framework the easiest and most readily available place for deployment is Anvil. | ||
|
||
Anvil is a local testnet node shipped with Foundry. You can use it for testing your contracts from frontends or for interacting over RPC. | ||
|
||
To run Anvil you simply have to type `anvil` in the terminal. | ||
|
||
::image{src='/foundry-simply-storage/10-deploy-a-smart-contract-locally-using-ganache/Image1.PNG' style='width: 75%; height: auto;'} | ||
|
||
You now have access to 10 test addresses funded with 10_000 ETH each, with their associated private keys. | ||
|
||
This testnet node always listens on `127.0.0.1:8545` this will be our `RPC_URL` parameter when we deploy smart contracts here. More on this later! | ||
|
||
More info about Anvil is available [here](https://book.getfoundry.sh/reference/anvil/). | ||
|
||
Please press `Ctrl/CMD + C` to close Anvil. | ||
|
||
Anvil will be used throughout the course to deploy and test our smart contracts, but before that, let's quickly check an intermediary step. | ||
|
||
### Ganache | ||
|
||
_Ganache is a glaze, icing, sauce, or filling for pastries usually made by heating equal parts weight of cream and chopped chocolate, warming the cream first, then pouring it over the chocolate._ | ||
|
||
Wait, not that ganache! The other ganache: | ||
|
||
Ganache is a personal blockchain for rapid Ethereum and Filecoin distributed application development. You can use Ganache across the entire development cycle; enabling you to develop, deploy, and test your dApps in a safe and deterministic environment. | ||
|
||
Better! | ||
|
||
Please download Ganache from [here](https://archive.trufflesuite.com/ganache/). | ||
|
||
For people using Windows WSL please read [this](https://github.com/Cyfrin/foundry-simple-storage-f23?tab=readme-ov-file#windows-wsl--ganache). Using Ganache in this environment is not the easiest thing to do. We are not going to use this in the future, so don't worry if you can't configure it properly. | ||
|
||
Hit `Quickstart Ethereum`. Voila! A brand new blockchain. We get some addresses, that have balances and private keys. | ||
|
||
### Configuring MetaMask | ||
|
||
To deploy to a custom network (like your localhost), you'll need MetaMask. MetaMask is a popular cryptocurrency wallet and browser extension that allows users to interact with the Ethereum blockchain and its ecosystem. If you don't have it download it from [here](https://metamask.io/download/) | ||
|
||
Follow these steps: | ||
|
||
1. Open MetaMask. | ||
|
||
2. Click the three little dots and select 'Expand View'. | ||
|
||
3. Go to 'Settings', then 'Networks'. | ||
|
||
4. Here, you'll see the list of networks (Ethereum, Mainnet, etc.) with plenty of details about each one. Locate the RPC URL - this is key. | ||
|
||
The RPC URL is essentially the endpoint we make API calls to when sending transactions. For every blockchain transaction you execute, you're making an API to whatever is in here. | ||
To send a transaction to your custom blockchain, you need to add it as a network: | ||
|
||
1. Click on 'Add a Network' | ||
|
||
2. Scroll to the bottom of the list of networks. | ||
|
||
3. Hit 'Add a Network manually'. | ||
|
||
4. Enter the details of your local network | ||
|
||
Network name: `Localhost` | ||
|
||
New RPC URL: Ganache`http://127.0.0.1:7545` or Anvil `http://127.0.0.1:8545` (make sure you always add `http://`) - these two could differ on your machine, please consult the Ganache UI or Anvil terminal for the exact RPC URL. | ||
|
||
Chain ID: Ganache `5777`(sometimes `1337`) or Anvil `31337` - these two could differ on your machine, please consult the Ganache UI or Anvil terminal for the exact Chain ID. | ||
|
||
Currency symbol: ETH | ||
|
||
Block explorer URL: - (we don't have a block explorer for our newly created blockchain, which will most likely disappear when we close the VS Code / Ganache app) | ||
|
||
Great! Now that we configured our local network, the next step is to add one of the accounts available in Ganche or Anvil into our MetaMask. [This is done as follows](https://support.metamask.io/hc/en-us/articles/360015489331-How-to-import-an-account#h_01G01W07NV7Q94M7P1EBD5BYM4): | ||
|
||
1. Click the account selector at the top of your wallet. | ||
|
||
2. Click `Add account or hardware wallet`. | ||
|
||
3. Click `Import account` | ||
|
||
4. You will be directed to the Import page. Paste your Ganache/Anvil private key. Click `Import`. | ||
|
||
**NOTE: Do not use this account for anything else, do not interact with it or send things to it on mainnet or any other real blockchain, use it locally, for testing purposes. Everyone has access to it.** | ||
|
||
Next up we shall talk more about adding a new network to MetaMask. |
24 changes: 24 additions & 0 deletions
24
...undry/1-foundry-simple-storage/13-how-to-add-a-new-network-to-metamask/+page.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
--- | ||
title: How to add a new network to Metamask | ||
--- | ||
|
||
_Follow along with this video:_ | ||
|
||
--- | ||
|
||
### Adding New Networks Using MetaMask | ||
|
||
Conveniently, MetaMask provides an easy way to add EVM-compatible chains. By pre-configuring a host of them, you can add a chain such as the Arbitrum One by simply clicking on the `Networks` button on the top left, then `Add Network` and proceeding to `Add`. The pleasing part is that MetaMask does all the grunt work, filling in all the necessary information for you. A click on Approve Network ensures the successful addition of the network. | ||
|
||
Steps: | ||
|
||
1. Click on the Networks button on the top left | ||
2. Click on Add Network | ||
3. Choose your desired EVM-compatible chain | ||
4. Click on Add | ||
5. After ensuring all necessary information is already filled in, click on Approve Network | ||
|
||
But what can you do if the chain you want to add is not pre-configured? | ||
|
||
Simple! You employ the same process we just used to add our new Ganache local chain in the [previous lesson](https://updraft.cyfrin.io/courses/foundry/foundry-simple-storage/deploy-smart-contract-locally) | ||
|
88 changes: 88 additions & 0 deletions
88
...-foundry-simple-storage/14-deploy-a-smart-contract-locally-using-forge/+page.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
--- | ||
title: Deploy a smart contract locally using Forge | ||
--- | ||
|
||
_Follow along with this video:_ | ||
|
||
--- | ||
|
||
### Deploying to a local blockchain | ||
|
||
To find out more about forge's capabilities type | ||
|
||
``` | ||
forge --help | ||
``` | ||
|
||
Out of the resulting list, we are going to use the `create` command. | ||
|
||
Type `forge create --help` in the terminal or go [here](https://book.getfoundry.sh/reference/forge/forge-create) to find out more about the available configuration options. | ||
|
||
Try running `forge create SimpleStorage`. It should fail because we haven't specified a couple of required parameters: | ||
|
||
1. `Where do we deploy?` | ||
|
||
2. `Who's paying the gas fees/signing the transaction?` | ||
|
||
Let's tackle both these questions. | ||
|
||
As you've learned in the previous lessons, each blockchain (private or public) has an RPC URL (RPC SERVER) that acts as an endpoint. When we tried to deploy our smart contract, forge tried to use `http://localhost:8545/`, which doesn't host any blockchain. Thus, let's try to deploy our smart contract specifying the place where we want to deploy it. | ||
|
||
Please start Ganache and press `Quickstart Ethereum`. Copy the RPC Server `HTTP://127.0.0.1:7545`. Let's run our forge create again specifying the correct rpc url. | ||
|
||
``` | ||
forge create SimpleStorage --rpc-url http://127.0.0.1:7545 | ||
``` | ||
|
||
This again failed, indicating the following: | ||
|
||
``` | ||
Error accessing local wallet. Did you set a private key, mnemonic or keystore? | ||
``` | ||
|
||
Try the following command: | ||
|
||
``` | ||
forge create SimpleStorage --rpc-url http://127.0.0.1:7545 --interactive | ||
``` | ||
|
||
You will be asked to enter a private key, please paste one of the private keys available in Ganache. When you paste a key you won't see the text or any placeholder symbols, just press CTRL(CMD) + V and then ENTER. | ||
|
||
Voila! | ||
|
||
::image{src='/foundry-simply-storage/12-deploy-a-smart-contract-locally-using-forge/Image1.PNG' style='width: 75%; height: auto;'} | ||
|
||
You can go to Ganache and check the `Blocks` and `Transactions` tabs to see more info about what you just did. | ||
|
||
From now on, everything we deploy shall be done on Anvil. But if you like Ganache more, feel free to use that. | ||
|
||
Do the following: | ||
|
||
1. Run `clear` | ||
2. Run `anvil` | ||
3. Create a new terminal by pressing the `+` button | ||
4. Copy one of the private keys from the anvil terminal | ||
5. Run `forge create SimpleStorage --interactive` | ||
We don't need to specify an `--rpc-url` this time because forge defaults to Anvil's RPC URL. | ||
6. Go to the Anvil terminal and check the deployment details: | ||
|
||
``` | ||
Transaction: 0x40d2ca8f0d680f098c7d5e3c127ef1ce1207ef439ba6e163c2042483e15998a6 | ||
Contract created: 0x5fbdb2315678afecb367f032d93f642f64180aa3 | ||
Gas used: 357076 | ||
Block Number: 1 | ||
Block Hash: 0x85a56c0b8f166e86d1cce65412615e0d9a72972e04b2488023275131ea27330a | ||
Block Time: "Mon, 15 Apr 2024 11:50:55 +0000" | ||
``` | ||
|
||
The more explicit way to deploy using `forge create` is as follows: | ||
|
||
``` | ||
forge create SimpleStorage --rpc-url http://127.0.0.1:8545 --private-key 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80 | ||
``` | ||
|
||
We included the `--rpc-url` to not count on the default and the `--private-key` to not use the `--interactive` option anymore. | ||
|
||
Pfew! That was a lot, but we learned a very important thing, how to deploy a smart contract on two local blockchains. But what comes next is one of the most important if not the **_MOST IMPORTANT_** aspects you will learn here: **_Private key safety_** |
43 changes: 43 additions & 0 deletions
43
.../foundry/1-foundry-simple-storage/15-important-private-key-safety-pt-1/+page.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
--- | ||
title: Important - private key safety pt.1 | ||
--- | ||
|
||
_Follow along with this video:_ | ||
|
||
--- | ||
|
||
### Practicing Private Key Safety | ||
|
||
Having a private key in plain text is extremely bad. The private key(s) we used in the last lesson are well-known keys for local testing, you shouldn't use those on mainnet and keeping them in plain text is ok, but any other private key should be kept hidden, especially your production key or key's associated with accounts that hold crypto. | ||
|
||
Moreover, it's very bad to have private keys in bash history (hit the up arrow and see the key you used to deploy). | ||
|
||
You can delete your history by typing: | ||
|
||
``` | ||
history -c | ||
``` | ||
|
||
We will teach you more about how to secure private keys in one of the next lessons. | ||
|
||
### Your Safety Promise | ||
|
||
It's time now to articulate your promise for maintaining private key safety. Create a file titled `Promise.md`. In this file, make it a point to write down your promise: | ||
|
||
``` | ||
I promise to never use my private key associated with real money in plain text. | ||
``` | ||
|
||
If you feel comfortable doing so, consider tweeting this to affirm and secure your pledge. Make sure to tag [@PatrickAlphaC](https://twitter.com/PatrickAlphaC) and [@CyfrinUpdraft](https://twitter.com/CyfrinUpdraft) or any other professional in this field to hold yourself accountable. | ||
|
||
Hacking private keys is one of the most important reasons people and projects lose absurd amounts. You don't even need to look that deep to find titles like this: | ||
|
||
[The Ronin hack](https://www.halborn.com/blog/post/explained-the-ronin-hack-march-2022) - Social engineering of private keys | ||
|
||
[Early Crypto Investor Bo Shen Says He Lost $42 Million in Wallet Hack](https://www.bnnbloomberg.ca/early-crypto-investor-bo-shen-says-he-lost-42-million-in-wallet-hack-1.1850446) | ||
|
||
[The \$477 million FTX hack](https://www.elliptic.co/blog/the-477-million-ftx-hack-following-the-blockchain-trail) where `The new CEO of FTX revealed that private keys allowing access to the firm’s crypto assets were stored in unencrypted form, and a former employee disclosed that over $150 million was stolen from Alameda Research, due to poor security. ` | ||
|
||
Don't be like that! Maybe you are not holding millions, but what you hold is yours, don't let it become theirs! | ||
|
||
In the following lessons, we'll learn how to access RPC URLs for free using Alchemy for any blockchain. We will also delve into exploring safer methodologies for dealing with private keys. Stay tuned! |
Oops, something went wrong.