318-6

Reviews/318 - Cross Chain Token Bridge-Staking as a Service Solutions/6 - Build, Deploy, and Internally QA Staking Shell App/README.md

@@ -0,0 +1,170 @@
+Grant Proposal | [318 - Cross Chain Token Bridge-Staking as a Service Solutions](https://portal.devxdao.com/public-proposals/318)
+------------ | -------------
+Milestone | 6
+Milestone Title | Build, Deploy, and Internally QA Staking Shell App
+OP | nickodio_ferrum
+Reviewer | Hatice Kaya
+
+# Milestone Details
+
+## Details & Acceptance Criteria
+
+**Details of what will be delivered in milestone:**
+
+- Build and deploy a shell app that will allow traditional staking including: 
+1. Deployment of pool
+2. Staking Period
+3. Mandatory Lock
+4. Early Withdrawal
+5. Redistribution of Early Withdrawal
+6. Maturity
+- Integrate bridge with one of the Casper’s compatible wallets
+- Share Staking shell app with internal team for QA and incorporate QA feedback
+
+**Acceptance criteria:**
+
+- UI deployment for staking
+- Smart Contract Deployment for traditional staking
+- Casper compatible wallet integration
+1. Ability to proceed through staking flow as described below:
+2. Ability to deploy the pool.
+3. Ability to set and test staking Periods
+4. Ability to set mandatory lock and early withdrawal
+5. Ability to set and test reward redistribution of Early Withdrawal
+6. Ability to set and test rewards distribution for full maturity
+- Internal QA feedback incorporation
+
+**Additional notes regarding submission from OP:**
+
+Regarding Milestone 6, we wanted to provide you with an update that Staking App is completed and is working as per the expectation. However, the URL (https://casper-staking.ferrumnetwork.io/) where the App is deployed needs to be whitelisted by Casper team, a request is already submitted. In the meantime, we have put together a step-by-step guide that will allow you to set up staking on your own end. The staking guide can be found here: https://github.com/ferrumnet/staking-casper-frontend Also, sharing the repos for staking for review: Casper staking frontend: https://github.com/ferrumnet/staking-casper-frontend/releases/tag/v0.5.0 Casper staking SmartContracts: https://github.com/ferrumnet/casper_staking/releases/tag/v0.3.1
+
+## Milestone Submission
+
+The following milestone assets/artifacts were submitted for review:
+
+Repository | Revision Reviewed
+------------ | -------------
+https://github.com/ferrumnet/casper_staking/releases/tag/v0.3.1 | eacb280
+https://github.com/ferrumnet/staking-casper-frontend | 827be5c
+
+# Install & Usage Testing Procedure and Findings
+
+A Gitpod cloud environment running Ubuntu 22.04.2 LTS was used for building and running the project accross two separate repositories.
+
+The smart contract repository (`casper_staking`) was reviewed first. The README at the root level of the repository was empty, leaving the reviewer with no instructions for installing and running that part of the project. After checking the subdirectories, it was seen that there was  a basic README under the `erc20` folder, and a more comprehensive one under the `staking_contract` folder. Following the instructions in the `staking_contract` folder, the staking contracts were built successfully: [staking_contract_build.md](assets/staking_contract_build.md)
+
+It was not possible to deploy or run the staking smart contract by following the instructions on the README.md file under the `staking_contract` directory due to multiple errors: [staking_contract_deploy_command_error.md](assets/staking_contract_deploy_command_error.md)
+
+It was not possible to build, deploy or run the smart contract under the `erc20` directory due to a build error: [erc20_build_failure.md](assets/erc20_build_failure.md)
+
+The frontend part was installed successfully following the instructions on the README.md file of the frontend repository: [frontend_npm_install.md](assets/frontend_npm_install.md)
+
+It was not possible to run the frontend app by following the instructions due to an error: [frontend_start_error.md](assets/frontend_start_error.md)
+
+When attempting to do usage testing on the OP's deployment at the given URL (https://casper-staking.ferrumnetwork.io/), an empty page was encountered.
+
+![Frontend usage review blank screen](assets/usage_review_blank_screen.png)
+
+After communication with the OP, a new url (https://casper-staking.ferrumnetwork.io/b9e3b671e577a7d7a4c53aa7010449b47fb8a811c76582dcc41f65a67a16e23d) was provided for usage testing. The app was loaded and visible on the new url. When the Connect Wallet button was clicked, nothing happened on the user interface, and an error was seen on the developer console of the browser.
+
+![Frontend usage review Connect Wallet error](assets/usage_review_error_on_connect_wallet.png)
+
+## Overall Impression of usage testing
+
+A number of errors were encountered during the build, installation, and usage of the project. It was not possible to do a complete usage testing due to the encountered errors mentioned above.
+The documentation does not provide sufficient installation/execution instructions, and containes errors.
+Due to the issues mentioned above, and because this is the late milestone of the project, the submission should FAIL on all of the criteria in this section.
+
+Requirement | Finding
+------------ | -------------
+Project builds without errors | FAIL
+Documentation provides sufficient installation/execution instructions | FAIL
+Project functionality meets/exceeds acceptance criteria and operates without error | FAIL
+
+# Unit / Automated Testing
+
+The smart contract repository has 6 tests in total under the `staking_contract` directory, covering the positive paths, but there are no tests for negatives paths: [staking_contract_test.md](assets/staking_contract_test.md)
+
+It was not possible to check the tests under the `erc20` directory due to the build error encountered.
+
+The frontend repository does not have any tests apart from a single default test of the React framework.
+
+The OP needs to improve test coverage by adding more tests to the smart contracts under the `staking_contract` directory to cover the negative paths, and make sure the smart contracts under the `erc20` directory also meets the same criteria.
+
+The OP also needs to add tests to the frontend repository.
+
+Due to the issues mentioned above, and because this is the late milestone of the project, the submission should FAIL on all criteria of this section.
+
+Requirement | Finding
+------------ | -------------
+Unit Tests - At least one positive path test | FAIL
+Unit Tests - At least one negative path test | FAIL
+Unit Tests - Additional path tests | FAIL
+
+# Documentation
+
+### Code Documentation
+
+The code-level documentation of the project is very limited, lacking standard inline comments which allow auto-generation of the documentation throughout the code-base. The OP needs to improve the code-level documentation significantly by adding standard code comments.
+
+Due to the issues mentioned above, and because this is the late milestone of the project, this submission should fail on the criterion of this section.
+
+Requirement | Finding
+------------ | -------------
+Code Documented | FAIL
+
+### Project Documentation
+
+The project documentation is not at an acceptable level for this late milestone. OP needs to improve the project level documentation significantly, and fix the errors in the existing documentation. Although there is a good attempt of documentation on the frontend repository, especially the given examples on the smart contract repository are not working.
+
+Due to the issues mentioned above, and because this is the late milestone of the project, this submission should fail on all of the criteria of this section.
+
+Requirement | Finding
+------------ | -------------
+Usage Documented | FAIL
+Example Documented | FAIL
+
+## Overall Conclusion on Documentation
+
+Based on the reviewer's findings, this review should FAIL.
+
+# Open Source Practices
+
+## Licenses
+
+The Project is released under the MIT License.
+
+Requirement | Finding
+------------ | -------------
+OSI-approved open source software license | PASS
+
+## Contribution Policies
+
+Pull requests and Issues are enabled on the repositories, but the project lacks CONTRIBUTING.md and SECURITY.md.
+
+Due to the issues mentioned above, and because this is the late milestone of the project, this submission should fail in this section.
+
+Requirement | Finding
+------------ | -------------
+OSS contribution best practices | FAIL
+
+# Coding Standards
+
+## General Observations
+
+Code is generally well-structured and readable. The project is committed to GitHub, but the automated tests are not sufficient, and manual tests were not possible to be done.
+
+The project also has a number of security vulnerabilities dicovered by the dependabot alerts and the CodeQL analysis features of the code hosting platform. Both the smart contract and the frontend repositories have a high number of high and critical severity vulnerability alerts.
+
+![Frontend security alerts](assets/frontend_security_alerts.png)
+
+Due to the security issues on the repository, and because this is the late milestone of the project, the submission should fail in this section. OP needs to fix the security vulnerabilities for this submission to pass the next review.
+
+# Final Conclusion
+
+Due to all of the issues mentioned in the earlier sections, in the reviewers opinion, this submission should FAIL.
+
+# Recommendation
+
+Recommendation | FAIL
+------------ | -------------

Reviews/318 - Cross Chain Token Bridge-Staking as a Service Solutions/6 - Build, Deploy, and Internally QA Staking Shell App/assets/erc20_build_failure.md

@@ -0,0 +1,95 @@
+```bash
+$ make prepare
+rustup target add wasm32-unknown-unknown
+info: syncing channel updates for 'nightly-2023-01-16-x86_64-unknown-linux-gnu'
+info: latest update on 2023-01-16, rust version 1.68.0-nightly (9e75dddf6 2023-01-15)
+info: downloading component 'cargo'
+info: downloading component 'rust-std'
+info: downloading component 'rustc'
+info: installing component 'cargo'
+info: installing component 'rust-std'
+ 29.8 MiB /  29.8 MiB (100 %)  14.7 MiB/s in  2s ETA:  0s
+info: installing component 'rustc'
+ 67.6 MiB /  67.6 MiB (100 %)  16.2 MiB/s in  4s ETA:  0s
+info: downloading component 'rust-std' for 'wasm32-unknown-unknown'
+info: installing component 'rust-std' for 'wasm32-unknown-unknown'
+ 19.2 MiB /  19.2 MiB (100 %)  14.2 MiB/s in  1s ETA:  0s
+gitpod /workspace/casper_staking/erc20 (main) $ make build-contracts
+cargo build --release --target wasm32-unknown-unknown  -p erc20-token  -p erc20-test  -p erc20-test-call
+    Updating crates.io index
+  Downloaded num-bigint v0.4.3
+  Downloaded serde_bytes v0.11.7
+  Downloaded num-derive v0.3.3
+  Downloaded num-complex v0.4.2
+  Downloaded hex v0.4.3
+  Downloaded rand v0.7.3
+  Downloaded proc-macro2 v1.0.43
+  Downloaded hex_fmt v0.3.0
+  Downloaded memory_units v0.4.0
+  Downloaded funty v1.1.0
+  Downloaded subtle v2.4.1
+  Downloaded autocfg v1.1.0
+  Downloaded ff v0.8.0
+  Downloaded crypto-mac v0.10.1
+  Downloaded crunchy v0.2.2
+  Downloaded cpufeatures v0.2.2
+  Downloaded once_cell v1.13.0
+  Downloaded ecdsa v0.10.2
+  Downloaded num-iter v0.1.43
+  Downloaded wyz v0.2.0
+  Downloaded rand_core v0.6.3
+  Downloaded hmac v0.10.1
+  Downloaded ed25519 v1.2.0
+  Downloaded num-integer v0.1.45
+  Downloaded ppv-lite86 v0.2.16
+  Downloaded ed25519-dalek v1.0.1
+  Downloaded crypto-mac v0.8.0
+  Downloaded zeroize_derive v1.3.2
+  Downloaded digest v0.9.0
+  Downloaded block-buffer v0.9.0
+  Downloaded itoa v1.0.3
+  Downloaded ryu v1.0.11
+  Downloaded num-traits v0.2.15
+  Downloaded k256 v0.7.3
+  Downloaded serde_derive v1.0.143
+  Downloaded num-rational v0.4.1
+  Downloaded unicode-ident v1.0.3
+  Downloaded bitflags v1.3.2
+  Downloaded elliptic-curve v0.8.5
+  Downloaded cfg-if v1.0.0
+  Downloaded zeroize v1.3.0
+  Downloaded num v0.4.0
+  Downloaded base64 v0.13.0
+  Downloaded rand v0.8.5
+  Downloaded bitvec v0.18.5
+  Downloaded byteorder v1.4.3
+  Downloaded blake2 v0.9.2
+  Downloaded group v0.8.0
+  Downloaded wee_alloc v0.4.5
+  Downloaded unicode-xid v0.2.3
+  Downloaded typenum v1.15.0
+  Downloaded serde_json v1.0.83
+  Downloaded cfg-if v0.1.10
+  Downloaded version_check v0.9.4
+  Downloaded opaque-debug v0.3.0
+  Downloaded radium v0.3.0
+  Downloaded synstructure v0.12.6
+  Downloaded sha2 v0.9.9
+  Downloaded rand_core v0.5.1
+  Downloaded generic-array v0.14.6
+  Downloaded base16 v0.2.1
+  Downloaded quote v1.0.21
+  Downloaded static_assertions v1.1.0
+  Downloaded serde v1.0.143
+  Downloaded uint v0.9.3
+  Downloaded rand_chacha v0.2.2
+  Downloaded syn v1.0.99
+  Downloaded libc v0.2.131
+  Downloaded signature v1.2.2
+  Downloaded casper-contract v1.4.4
+  Downloaded curve25519-dalek v3.2.1
+  Downloaded casper-types v1.5.0
+  Downloaded 72 crates (3.4 MB) in 0.68s
+error: package ID specification `erc20-test` did not match any packages
+make: *** [Makefile:9: build-contracts] Error 101
+```

Reviews/318 - Cross Chain Token Bridge-Staking as a Service Solutions/6 - Build, Deploy, and Internally QA Staking Shell App/assets/frontend_npm_install.md

@@ -0,0 +1,72 @@
+```bash
+$ npm install
+npm WARN ERESOLVE overriding peer dependency
+npm WARN While resolving: react-color-gradient-picker@0.1.2
+npm WARN Found: react@17.0.2
+npm WARN node_modules/react
+npm WARN   react@"^17.0.2" from the root project
+npm WARN   34 more (@emotion/react, ...)
+npm WARN 
+npm WARN Could not resolve dependency:
+npm WARN peer react@"^16.13.1" from react-color-gradient-picker@0.1.2
+npm WARN node_modules/react-color-gradient-picker
+npm WARN   react-color-gradient-picker@"^0.1.2" from ferrum-design-system@1.0.82
+npm WARN   node_modules/ferrum-design-system
+npm WARN 
+npm WARN Conflicting peer dependency: react@16.14.0
+npm WARN node_modules/react
+npm WARN   peer react@"^16.13.1" from react-color-gradient-picker@0.1.2
+npm WARN   node_modules/react-color-gradient-picker
+npm WARN     react-color-gradient-picker@"^0.1.2" from ferrum-design-system@1.0.82
+npm WARN     node_modules/ferrum-design-system
+npm WARN ERESOLVE overriding peer dependency
+npm WARN While resolving: react-color-gradient-picker@0.1.2
+npm WARN Found: react-dom@17.0.2
+npm WARN node_modules/react-dom
+npm WARN   react-dom@"17.0.2" from the root project
+npm WARN   15 more (@testing-library/react, react-bootstrap, @restart/ui, ...)
+npm WARN 
+npm WARN Could not resolve dependency:
+npm WARN peer react-dom@"^16.13.1" from react-color-gradient-picker@0.1.2
+npm WARN node_modules/react-color-gradient-picker
+npm WARN   react-color-gradient-picker@"^0.1.2" from ferrum-design-system@1.0.82
+npm WARN   node_modules/ferrum-design-system
+npm WARN 
+npm WARN Conflicting peer dependency: react-dom@16.14.0
+npm WARN node_modules/react-dom
+npm WARN   peer react-dom@"^16.13.1" from react-color-gradient-picker@0.1.2
+npm WARN   node_modules/react-color-gradient-picker
+npm WARN     react-color-gradient-picker@"^0.1.2" from ferrum-design-system@1.0.82
+npm WARN     node_modules/ferrum-design-system
+npm WARN ERESOLVE overriding peer dependency
+npm WARN While resolving: terser-webpack-plugin@1.4.5
+npm WARN Found: webpack@4.46.0
+npm WARN node_modules/terser-webpack-plugin/node_modules/webpack
+npm WARN 
+npm WARN Could not resolve dependency:
+npm WARN peer webpack@"^4.0.0" from terser-webpack-plugin@1.4.5
+npm WARN node_modules/terser-webpack-plugin
+npm WARN   terser-webpack-plugin@"^1.4.3" from webpack@4.46.0
+npm WARN   node_modules/ferrum-design-system/node_modules/webpack
+npm WARN   2 more (webpack, webpack)
+npm WARN EBADENGINE Unsupported engine {
+npm WARN EBADENGINE   package: 'react-bs-datatable@2.2.3',
+npm WARN EBADENGINE   required: { node: '14' },
+npm WARN EBADENGINE   current: { node: 'v18.16.0', npm: '9.5.1' }
+npm WARN EBADENGINE }
+
+up to date, audited 2310 packages in 6s
+
+225 packages are looking for funding
+  run `npm fund` for details
+
+40 vulnerabilities (1 low, 7 moderate, 22 high, 10 critical)
+
+To address issues that do not require attention, run:
+  npm audit fix
+
+To address all issues (including breaking changes), run:
+  npm audit fix --force
+
+Run `npm audit` for details.
+```

Reviews/318 - Cross Chain Token Bridge-Staking as a Service Solutions/6 - Build, Deploy, and Internally QA Staking Shell App/assets/frontend_start_error.md

@@ -0,0 +1,37 @@
+```bash
+Starting the development server...
+
+Error: error:0308010C:digital envelope routines::unsupported
+    at new Hash (node:internal/crypto/hash:71:19)
+    at Object.createHash (node:crypto:133:10)
+    at module.exports (/workspace/staking-casper-frontend/node_modules/webpack/lib/util/createHash.js:135:53)
+    at NormalModule._initBuildHash (/workspace/staking-casper-frontend/node_modules/webpack/lib/NormalModule.js:417:16)
+    at handleParseError (/workspace/staking-casper-frontend/node_modules/webpack/lib/NormalModule.js:471:10)
+    at /workspace/staking-casper-frontend/node_modules/webpack/lib/NormalModule.js:503:5
+    at /workspace/staking-casper-frontend/node_modules/webpack/lib/NormalModule.js:358:12
+    at /workspace/staking-casper-frontend/node_modules/loader-runner/lib/LoaderRunner.js:373:3
+    at iterateNormalLoaders (/workspace/staking-casper-frontend/node_modules/loader-runner/lib/LoaderRunner.js:214:10)
+    at iterateNormalLoaders (/workspace/staking-casper-frontend/node_modules/loader-runner/lib/LoaderRunner.js:221:10)
+/workspace/staking-casper-frontend/node_modules/react-scripts/scripts/start.js:19
+  throw err;
+  ^
+
+Error: error:0308010C:digital envelope routines::unsupported
+    at new Hash (node:internal/crypto/hash:71:19)
+    at Object.createHash (node:crypto:133:10)
+    at module.exports (/workspace/staking-casper-frontend/node_modules/webpack/lib/util/createHash.js:135:53)
+    at NormalModule._initBuildHash (/workspace/staking-casper-frontend/node_modules/webpack/lib/NormalModule.js:417:16)
+    at /workspace/staking-casper-frontend/node_modules/webpack/lib/NormalModule.js:452:10
+    at /workspace/staking-casper-frontend/node_modules/webpack/lib/NormalModule.js:323:13
+    at /workspace/staking-casper-frontend/node_modules/loader-runner/lib/LoaderRunner.js:367:11
+    at /workspace/staking-casper-frontend/node_modules/loader-runner/lib/LoaderRunner.js:233:18
+    at context.callback (/workspace/staking-casper-frontend/node_modules/loader-runner/lib/LoaderRunner.js:111:13)
+    at /workspace/staking-casper-frontend/node_modules/react-scripts/node_modules/babel-loader/lib/index.js:59:103 {
+  opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
+  library: 'digital envelope routines',
+  reason: 'unsupported',
+  code: 'ERR_OSSL_EVP_UNSUPPORTED'
+}
+
+Node.js v18.16.0
+```