|
6 | 6 | </p> |
7 | 7 |
|
8 | 8 | # index |
9 | | -Repo housing contracts, deploys, and js library for INDEX |
| 9 | + |
| 10 | +This repo houses the [index-coop][22]'s Solidity smart contracts. |
| 11 | + |
| 12 | +[22]: https://www.indexcoop.com/ |
| 13 | + |
| 14 | +## Install (for development) |
| 15 | + |
| 16 | +``` |
| 17 | +yarn |
| 18 | +``` |
| 19 | + |
| 20 | +### Run Hardhat EVM |
| 21 | + |
| 22 | +`yarn chain` |
| 23 | + |
| 24 | +### Build Contracts |
| 25 | + |
| 26 | +`yarn compile` |
| 27 | + |
| 28 | +### Generate TypeChain Typings |
| 29 | + |
| 30 | +`yarn build` |
| 31 | + |
| 32 | +### Run Contract Tests |
| 33 | + |
| 34 | +`yarn test` to run compiled contracts |
| 35 | + |
| 36 | +OR `yarn test:clean` if contracts have been typings need to be updated |
| 37 | + |
| 38 | +### Run Coverage Report for Tests |
| 39 | + |
| 40 | +`yarn coverage` |
| 41 | + |
| 42 | +## Installing from `npm` |
| 43 | + |
| 44 | +`index-coop` publishes its contracts as well as [hardhat][22] and [typechain][23] compilation |
| 45 | +artifacts to npm. |
| 46 | + |
| 47 | +The distribution comes with fixtures for mocking and testing interactions with other protocols |
| 48 | +including Uniswap and Compound. To use these you'll need to install the peer dependencies listed in `package.json`. |
| 49 | + |
| 50 | +``` |
| 51 | +npm install @setprotocol/index-coop-contracts |
| 52 | +``` |
| 53 | + |
| 54 | +[22]: https://www.npmjs.com/package/hardhat |
| 55 | +[23]: https://www.npmjs.com/package/typechain |
| 56 | + |
| 57 | +## Contributing |
| 58 | +We highly encourage participation from the community to help shape the development of Index-Coop. If you are interested in developing on `index-coop` or have any questions, please ping us on [Discord](https://discord.com/invite/RKZ4S3b). |
| 59 | + |
| 60 | +## Security |
| 61 | + |
| 62 | +### TODO: Independent Audits |
| 63 | + |
| 64 | +### Code Coverage |
| 65 | + |
| 66 | +All smart contracts are tested and have 100% line and branch coverage. |
| 67 | + |
| 68 | +### Vulnerability Disclosure Policy |
| 69 | + |
| 70 | +The disclosure of security vulnerabilities helps us ensure the security of our users. |
| 71 | + |
| 72 | +**How to report a security vulnerability?** |
| 73 | + |
| 74 | +If you believe you’ve found a security vulnerability in one of our contracts or platforms, |
| 75 | +send it to us by emailing [[email protected]](mailto:[email protected]). |
| 76 | +Please include the following details with your report: |
| 77 | + |
| 78 | +* A description of the location and potential impact of the vulnerability. |
| 79 | + |
| 80 | +* A detailed description of the steps required to reproduce the vulnerability. |
| 81 | + |
| 82 | +**Scope** |
| 83 | + |
| 84 | +Any vulnerability not previously disclosed by us or our independent auditors in their reports. |
| 85 | + |
| 86 | +**Guidelines** |
| 87 | + |
| 88 | +We require that all reporters: |
| 89 | + |
| 90 | +* Make every effort to avoid privacy violations, degradation of user experience, |
| 91 | +disruption to production systems, and destruction of data during security testing. |
| 92 | + |
| 93 | +* Use the identified communication channels to report vulnerability information to us. |
| 94 | + |
| 95 | +* Keep information about any vulnerabilities you’ve discovered confidential between yourself and |
| 96 | +Set until we’ve had 30 days to resolve the issue. |
| 97 | + |
| 98 | +If you follow these guidelines when reporting an issue to us, we commit to: |
| 99 | + |
| 100 | +* Not pursue or support any legal action related to your findings. |
| 101 | + |
| 102 | +* Work with you to understand and resolve the issue quickly |
| 103 | +(including an initial confirmation of your report within 72 hours of submission). |
| 104 | + |
| 105 | +* Grant a monetary reward based on the OWASP risk assessment methodology. |
0 commit comments