-
Notifications
You must be signed in to change notification settings - Fork 525
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create ScoutCoinFabrik-2.md #907
Conversation
Thanks for delivery @valeriacaracciolo someone will take a look at it in the next few days. |
Awesome, thank you Keegan for your reply
Best,
… On 7 Jul 2023, at 17:42, Keegan | W3F ***@***.***> wrote:
Thanks for delivery @valeriacaracciolo <https://github.com/valeriacaracciolo> someone will take a look at it in the next few days.
—
Reply to this email directly, view it on GitHub <#907 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ARBOA7RZUIRX5PYBIHIPT2DXPAU7BANCNFSM6AAAAAAZ6AX2TM>.
You are receiving this because you were mentioned.
|
Hi @valeriacaracciolo, could you please have a look at the evaluation posted in this pull request and comment on (or fix) the issues addressed there? |
Hello Sebastian,
Below you can find our answers items, one by one. Please let us know in case we missed anything.
### rust-analyzer error
This is a limitation of how rust-analyzer works. When opening a new workspace on vscode, rust-analyzer expects a `Cargo.toml`file on the root folder in order to work. Given this is a multi-folder repository, with different apps and libraries, we don’t have a shared `Cargo.toml` to put on the root. A quick solution is to only open the folder for the app or library you’d like to check, e.g. `code scout/apps/cargo-scout-audit`. Another solution is to add in the vscode workspace `settings.json`, the following configuration:
"rust-analyzer.linkedProjects": [
"apps/cargo-scout-audit",
"detectors/delegate-call",
// ... rest of apps/libraries
],
This would lead to the correct detection by rust-analyzer, but also would mean that when opening the `scout` repository, all apps, detectors and test-cases would begin to compile, which in practice proved to be too cumbersome for the utility it provides.
Any case, we can apply the fix if you think this is a better option.
### Typos in integration tests
It is fixed. Sorry about that.
### unused-return-enum
Thanks for noting this. It is fixed now.
### Logs
| This is also a bit slow, is there any specific reason for that?
In the context of integration tests for the Scout-audit project, on our first iteration of the tests, both Dylint and Scout-audit had to be compiled in each of the test cases in addition to the mandatory compilation of each smart contract. These repetitive compilations demanded over an hour for the whole ran, and highlighted an area of optimization.
We then adopted an improved strategy that included compiling Scout-audit only once, and then transferring the compiled detectors to each corresponding directory of the test cases. This reduced running time by an order of magnitude. However, due to the intrinsic characteristics of Dylint, its compilation remains necessary in each test case, and since our tool is coupled with all the vulnerable and remediated smart contracts for each vulnerability class, this is a lot. We understand there is room for improvement, and this is something that we want to peruse in upcoming stages of this work.
We could have replaced dylint by clippy, and this would have reduced running time in a small percentage, but with the problem that collaboration is made less easy--and this is something that we do not want.
However, at one point we plan to decouple the vulnerable/remediated smart contracts which we use for benchmarking, from the specific integration tests we need for our code.
Please let us know if there are any other questions for this section.
… On 10 Jul 2023, at 14:22, Sebastian Müller ***@***.***> wrote:
Hi @valeriacaracciolo <https://github.com/valeriacaracciolo>, could you please have a look at the evaluation posted in this pull request <#914> and comment on (or fix) the issues addressed there?
—
Reply to this email directly, view it on GitHub <#907 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ARBOA7RPL455QUFJO2OEPCDXPPXZTANCNFSM6AAAAAAZ6AX2TM>.
You are receiving this because you were mentioned.
|
Thanks very much @valeriacaracciolo, your external evaluation has been accepted and therefore the milestone has been passed. Congrats on completing the grant. I agree that you've done some great research, the tool is nice to use, and you have very extensive docs and tests which will hopefully be of great help to devs when it comes to security. |
Congratulations on completing the first milestone of this grant! As part of the Grants Program, we want to help grant recipients acknowledge their grants publicly. To that end, we’ve created a badge for projects that successfully deliver their first milestone. Please use the badge only in reference to the work that has been completed as part of this grant, so please do not display it on your team or project's homepage unless accompanied by a short description of the grant. Furthermore, you're now welcome to announce the grant publicly. Please remember to observe the foundation’s guidelines in doing so. If you haven't already, reach out to [email protected] for feedback on your announcement and cross-promotion. |
We noticed that this is the last milestone of your project. Congratulations on completing your grant! 🎊 |
Thank you Keegan and thanks to the entire Web3 grants team. Always a pleasure working with you guys 🫶We are cooking something new, so I hope to talk to you soon!Best,On Jul 12, 2023, at 2:14 AM, Keegan | W3F ***@***.***> wrote:
Thanks very much @valeriacaracciolo, your external evaluation has been accepted and therefore the milestone has been passed. Congrats on completing the grant. I agree that you've done some great research, the tool is nice to use, and you have very extensive docs and tests which will hopefully be of great help to devs when it comes to security.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Milestone Delivery Checklist
Link to the application pull request: w3f/Grants-Program#1666 < please fill this in with the PR number of your application.