Merge pull request #3377 from synapsecns/master

FE Release 11-07-24

.codecov.yml

@@ -81,6 +81,10 @@ flags:
       - packages/sdk-router/
       - packages/widget/
     carryforward: true
+  restclient:
+    paths:
+      - contrib/restclient/
+    carryforward: true
 
 ignore:
   - '**/*_generated.go'

.github/workflows/packages.yml

@@ -41,6 +41,9 @@ jobs:
       - name: Run tests # Run tests of all packages
         run: npx lerna exec npm run ci:lint --parallel
 
+      - name: Run spellcheck # Run spellcheck of all packages
+        run: npx lerna exec npm run ci:spellcheck --parallel -- --if-present
+
   test:
       runs-on: ubuntu-latest
       env:
@@ -109,4 +112,4 @@ jobs:
           run: npx lerna exec npm run build --parallel || true # only for codecov
           env:
             CODECOV_TOKEN: ${{ secrets.CODECOV }}
-            GH_COMMIT_SHA: ${{ github.event.pull_request.head.sha }}
+            GH_COMMIT_SHA: ${{ github.event.pull_request.head.sha }}

.github/workflows/solidity.yml

@@ -7,9 +7,9 @@ on:
       - 'packages/contracts-rfq/**'
       - '.github/workflows/solidity.yml'
       - 'packages/solidity-devops/**'
-    branches:
+    branches-ignore:
       # Solidity workflows are irrelevant for the FE release branch
-      - '!fe-release'
+      - 'fe-release'
   push:
     paths:
       - 'packages/contracts-core/**'

.vscode/settings.json

@@ -4,7 +4,7 @@
     "editor.defaultFormatter": "JuanBlanco.solidity"
   },
   "[typescript]": {
-    "editor.defaultFormatter": "dbaeumer.vscode-eslint"
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
   },
   "[typescriptreact]": {
     "editor.defaultFormatter": "esbenp.prettier-vscode"
@@ -26,4 +26,4 @@
     ".*Class.*",
     ".*Properties.*",
   ]
-}
+}

CONTRIBUTING.md

@@ -82,15 +82,18 @@ If you need to make a new go module, here are the steps to follow:
     ```go
     module github.com/synapsecns/sanguine/path/to/your/module
 
-    go 1.21 // or whatever the version is in go.work
+    go 1.22.1
+
+    toolchain go1.22.4 // or whatever the version is in go.work
    ```
 
    Any local dependencies should use replaces like this:
     ```go
     module github.com/synapsecns/sanguine/path/to/your/module
 
-    go 1.21 // or whatever the version is in go.work
+    go 1.22.1
 
+    toolchain go1.22.4 // or whatever the version is in go.work
    require (
         github.com/synapsecns/sanguine/core v0.0.1
    )
@@ -184,6 +187,10 @@ If you need to make a new go module, here are the steps to follow:
 
 For the most part, we follow the [uber style guide](https://github.com/uber-go/guide/blob/master/style.md).
 
+### macOS and Docker-based Tools
+
+If you're using a Mac with Apple Silicon (M1/M2/M3), you might encounter issues with Docker-based tools that use AMD64 images. This is particularly relevant for tools like our `abigen` utility. Please see our [abigen README](./tools/abigen/README.md#note-on-macos-and-rosetta) for details on how to resolve Rosetta-related issues and our plans for future improvements.
+
 ### Testing
 
 We often use the [testsuite](https://pkg.go.dev/github.com/synapsecns/sanguine/core/testsuite) lib to create a test suite. You don't need this, as it adds a lot of overhead, but if you need a context you should us it. This library contains two  methods:

README.md

@@ -55,6 +55,7 @@ root
 │   ├── <a href="./contrib/git-changes-action">git-changes-action</a>: Github action for identifying changes in dependent modules in a go workspace
 │   ├── <a href="./contrib/opbot">op bot</a>: Slack bot for managing operations.
 │   ├── <a href="./contrib/promexporter">promexporter</a>: Multi-service prometheus exporter
+│   ├── <a href="./contrib/restclient">restclient</a>: Synapse REST API client stub (experimental)
 │   ├── <a href="./contrib/screener-api">screener-api</a>: Optional address screening api
 ├── <a href="./core">core</a>: The Go core library with common utilities for use across the monorepo
 ├── <a href="./ethergo">ethergo</a>: Go-based ethereum testing + common library

SECURITY.md

@@ -0,0 +1,30 @@
+# Security Policy
+
+## Overview
+
+The security of Synapse Protocol is paramount. To standardize and encourage the discovery of bugs, the following outlines how to report bugs found in Synapse Protocol, sanguine, or any related code base. The program enables community members to submit reports of "bugs" or vulnerabilities for a chance to earn rewards. The program aims to incentivise responsible disclosure and enhance the security of Synapse Protocol.
+
+Bounties are allocated on an ad hoc basis, and depend on the legitimacy, risk level, and other variables.
+
+## Reporting a Vulnerability
+
+All bug disclosures should be disclosed privately to a member of Synapse Labs. This can be done in the following ways:
+
+1. Open up a ticket in the Synapse Discord
+2. Reach out to a core team member privately on Telegram
+
+## The Wrong Way to Disclose
+
+Please exercise prudence when disclosing a bug. The following actions are the wrong way to disclose a bug:
+
+- Filing a public ticket mentioning the vulnerability
+- Testing the vulnerability on mainnet or testnet
+- Sharing the bug on a public channel
+
+## Other Vulnerabilities
+
+For vulnerabilities in any of our websites, email servers, or other non-critical infrastructure, please reach out through one of the channels above. We and Labs appreciate detailed instructions outlining the vulnerability.
+
+## Other Terms
+
+The decisions made regarding rewards are final and binding. By submitting your report, you grant Synapse Labs any and all rights, including without limitation intellectual property rights, needed to validate, mitigate, and disclose the vulnerability. All reward decisions, including eligibility for and amounts of the rewards and how such rewards will be paid, are made at the sole discretion of Synapse Labs. Terms and conditions of the Program may be altered at any time. Synapse Labs may change or cancel this Program at any time, for any reason.

agents/go.mod

@@ -201,7 +201,7 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect
-	github.com/gomarkdown/markdown v0.0.0-20191123064959-2c17d62f5098 // indirect
+	github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
@@ -326,7 +326,7 @@ require (
 	golang.org/x/oauth2 v0.21.0 // indirect
 	golang.org/x/sys v0.24.0 // indirect
 	golang.org/x/term v0.23.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.24.0 // indirect
 	google.golang.org/api v0.183.0 // indirect

agents/go.sum

@@ -569,8 +569,9 @@ github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW
 github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb h1:PBC98N2aIaM3XXiurYmW7fx4GZkL8feAMVq7nEjURHk=
 github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y=
-github.com/gomarkdown/markdown v0.0.0-20191123064959-2c17d62f5098 h1:Qxs3bNRWe8GTcKMxYOSXm0jx6j0de8XUtb/fsP3GZ0I=
 github.com/gomarkdown/markdown v0.0.0-20191123064959-2c17d62f5098/go.mod h1:aii0r/K0ZnHv7G0KF7xy1v0A7s2Ljrb5byB7MO5p6TU=
+github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 h1:EcQR3gusLHN46TAD+G+EbaaqJArt5vHhNpXAa12PQf4=
+github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA=
 github.com/gomodule/redigo v1.7.1-0.20190724094224-574c33c3df38/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -1592,8 +1593,8 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
+golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

contrib/git-changes-action/go.mod

@@ -70,7 +70,7 @@ require (
 	golang.org/x/net v0.28.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.24.0 // indirect
-	golang.org/x/text v0.17.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
 	golang.org/x/tools v0.24.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

contrib/git-changes-action/go.sum

@@ -477,8 +477,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
+golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

contrib/opbot/botmd/botmd.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/slack-io/slacker"
 	"github.com/synapsecns/sanguine/contrib/opbot/config"
+	"github.com/synapsecns/sanguine/contrib/opbot/internal"
 	"github.com/synapsecns/sanguine/contrib/opbot/signoz"
 	screenerClient "github.com/synapsecns/sanguine/contrib/screener-api/client"
 	"github.com/synapsecns/sanguine/core/dbcommon"
@@ -29,6 +30,7 @@ type Bot struct {
 	signozClient  *signoz.Client
 	signozEnabled bool
 	rpcClient     omnirpcClient.RPCClient
+	rfqClient     internal.RFQClient
 	signer        signer.Signer
 	submitter     submitter.TransactionSubmitter
 	screener      screenerClient.ScreenerClient
@@ -42,10 +44,11 @@ func NewBot(handler metrics.Handler, cfg config.Config) *Bot {
 	sugaredLogger := otelzap.New(experimentalLogger.MakeZapLogger()).Sugar()
 
 	bot := Bot{
-		handler: handler,
-		cfg:     cfg,
-		server:  server,
-		logger:  experimentalLogger.MakeWrappedSugaredLogger(sugaredLogger),
+		handler:   handler,
+		cfg:       cfg,
+		server:    server,
+		logger:    experimentalLogger.MakeWrappedSugaredLogger(sugaredLogger),
+		rfqClient: internal.NewRFQClient(handler, cfg.RFQIndexerAPIURL),
 	}
 
 	// you should be able to run opbot even without signoz.