ERC20 MTS Workshop #11
Conversation
WalkthroughThis update introduces multiple new shell scripts, configuration files, and documentation for an ERC20 multi-VM token demo, including deployment and interaction scripts for both EVM and WASM contracts. Solidity contracts are updated to allow payable constructors, and a test contract simulating infinite gas consumption is added. The Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant ShellScript
participant Foundry/Cast
participant InjectiveCLI
participant EVM
participant WASM
User->>ShellScript: Run deployment/import/mint/query scripts
ShellScript->>InjectiveCLI: Import keys / Query balances / Deploy WASM
ShellScript->>Foundry/Cast: Deploy ERC20 / Mint tokens / Query ERC20
ShellScript->>EVM: Interact with ERC20 contract (deploy, mint, balance)
ShellScript->>WASM: Deploy and interact with WASM contract (increment, query)
WASM-->>ShellScript: Return contract state/results
EVM-->>ShellScript: Return contract state/results
ShellScript-->>User: Display results and confirmations
Poem
✨ Finishing Touches
🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 25
♻️ Duplicate comments (9)
demos/exchange/demo.sh (9)
73-86: Repeat of echo escape issue
Same as above: theseecho "\n### RUNNING ###"and trailingecho "###############\n"lines will not yield newlines as intended.
103-109: Repeat of echo escape issue
The pattern of usingecho "\n…"persists here—apply the same fix withprintfor a shared helper.
118-130: Repeat of echo escape issue
This block also needs proper newline handling (useprintfor a wrapper function).
149-157: Repeat of echo escape issue
Please address the same newline formatting concern here.
167-179: Repeat of echo escape issue
Ensure the\nescapes are rendered by switching toprintfor a helper.
218-231: Repeat of echo escape issue
Consistently apply the newline formatting fix across these echo statements.
251-257: Repeat of echo escape issue
Same pattern—replace withprintfor consolidate into a function.
266-272: Repeat of echo escape issue
Echoing literal\nremains here; please correct.
279-293: Repeat of echo escape issue
This final wrapper and the subsequent pipeline call need the same treatment to render newlines properly.
🧹 Nitpick comments (38)
demos/erc20/.local.env (1)
1-16: Consider addressing linting suggestions for consistency.The static analysis tool suggests reordering keys and removing extra blank lines for better consistency.
Apply this diff to address linting suggestions:
################################################################################ # Localhost setup ################################################################################ # Network +CHAIN_ID=injective-1 ETH_URL=http://localhost:8545 +GRPC_URL=localhost:9900 INJ_URL=http://localhost:26657 -GRPC_URL=localhost:9900 -CHAIN_ID=injective-1 - # User USER=user1 USER_MNEMONIC="copper push brief egg scan entry inform record adjust fossil boss egg comic alien upon aspect dry avoid interest fury window hint race symptom" USER_PWD=12345678🧰 Tools
🪛 dotenv-linter (3.3.0)
[warning] 8-8: [UnorderedKey] The GRPC_URL key should go before the INJ_URL key
[warning] 9-9: [UnorderedKey] The CHAIN_ID key should go before the ETH_URL key
[warning] 11-11: [ExtraBlankLine] Extra blank line detected
demos/erc20/scripts/foundry-util.sh (1)
6-20: Well-implemented transaction validation function.The function properly validates foundry transaction results, handles error cases, and provides clear error messages.
Consider making the sed command more robust:
- sdk_tx_hash=$(cast rpc inj_getTxHashByEthHash $eth_tx_hash | sed -r 's/0x//' | tr -d '"') + sdk_tx_hash=$(cast rpc inj_getTxHashByEthHash $eth_tx_hash | sed 's/^0x//' | tr -d '"')The
-rflag is GNU-specific; using basic regex is more portable.demos/erc20/wasm/counter_msg.rs (1)
47-47: Fix typo in comment."Weather" should be "Whether".
- /// Weather an ack is a success of failure according to the transfer spec + /// Whether an ack is a success of failure according to the transfer specdemos/erc20/scripts/cli-tx.sh (1)
1-1: Add strict error handling flags.Include
set -euo pipefailafter the shebang to catch errors early and prevent undefined variable usage in your automation scripts.#!/bin/sh +set -euo pipefaildemos/erc20/scripts/cli-balances-user1.sh (1)
9-11: Useprintffor portable newlines.
echo "\n..."isn’t portable in/bin/sh. Switch toprintf.- echo "\n### RUNNING ###" + printf "\n### RUNNING ###\n" - echo "###############\n" + printf "###############\n\n"demos/erc20/README.md (1)
21-21: Fix grammatical typo in conclusion.Correct pluralization and improve clarity.
- We've created an ERC20 tokens that is represented at the same address in both the EVM and WASM VMs, also native state. + We've created an ERC20 token that is represented at the same address in both the EVM and WASM VMs, including native state.demos/erc20/scripts/cli-address.sh (1)
9-9: Useprintfinstead ofechofor escaped formatting.
echo "\t* ..."may not interpret\t; useprintf.- echo "\t* Injective address: $INJ_ADDRESS" + printf "\t* Injective address: %s\n" "$INJ_ADDRESS"demos/erc20/scripts/erc20-balance-user2.sh (1)
12-14: Useprintfand quote command echo.Portable newlines via
printfand quote variables in the echoed command to improve readability.- echo "\n### RUNNING ###" + printf "\n### RUNNING ###\n" - echo cast call $ERC20_ADDRESS "balanceOf(address)" $1 "|" xargs cast decode-abi "balanceOf(address)(uint256)" + echo "cast call \"$ERC20_ADDRESS\" \"balanceOf(address)\" \"$1\" | xargs cast decode-abi \"balanceOf(address)(uint256)\"" - echo "###############\n" + printf "###############\n\n"demos/erc20/Makefile (1)
1-2: Consider adding help output for the default target.
Thealltarget is empty; you may want to print usage or list available Makefile tasks (e.g., via ahelptarget) to guide users through the demo.demos/erc20/scripts/import-cast-key.sh (1)
7-7: Quote variable expansions to prevent word-splitting.
Unquoted$USERmay break if it contains special chars or spaces. Update to:- if cast wallet list | grep -q $USER; then + if cast wallet list | grep -q "$USER"; thendemos/erc20/scripts/cli-balances-user2.sh (1)
13-13: Quote positional parameters to avoid word-splitting.
Referencing$1unquoted may break on unusual addresses. Suggested diff:- echo injectived q bank balances $1 --chain-id $CHAIN_ID --node $INJ_URL --keyring-backend=test + echo injectived q bank balances "$1" --chain-id "$CHAIN_ID" --node "$INJ_URL" --keyring-backend=test ... - injectived q bank balances $1 --chain-id $CHAIN_ID --node $INJ_URL --keyring-backend=test + injectived q bank balances "$1" --chain-id "$CHAIN_ID" --node "$INJ_URL" --keyring-backend=testAlso applies to: 16-16
demos/erc20/scripts/cli-denom.sh (1)
22-23: Quote variables in command invocation.
Unquoted$1and$INJ_URLmay lead to unexpected splitting. For example:- echo injectived q bank denom-metadata $1 \ - --node $INJ_URL + echo injectived q bank denom-metadata "$1" \ + --node "$INJ_URL" ... - injectived q bank denom-metadata $1 --node $INJ_URL + injectived q bank denom-metadata "$1" --node "$INJ_URL"Also applies to: 26-26
demos/erc20/scripts/import-cli-key.sh (2)
7-7: Quote variable expansions in grep.
Unquoted$USERcan misbehave if it contains whitespace or special chars. Update to:- if injectived keys list --keyring-backend=test | grep -q $USER; then + if injectived keys list --keyring-backend=test | grep -q "$USER"; then
21-22: Useprintffor formatted output instead ofechowith escapes.
POSIXechomay not interpret\tor\n. Switch to:- echo "\t* Injective address: $INJ_ADDRESS" + printf "\t* Injective address: %s\n" "$INJ_ADDRESS" ... - echo "\t* Ethereum address: $ETH_ADDRESS" + printf "\t* Ethereum address: %s\n" "$ETH_ADDRESS"Also applies to: 27-28
demos/erc20/scripts/erc20-balance-user1.sh (1)
19-24: Use printf for escaped newlines and quote command outputs
POSIXechomay not interpret\n. Also quote variables in the printed and executed commands:-echo "\n### RUNNING ###" -echo cast call $ERC20_ADDRESS "balanceOf(address)" $USER_ETH_ADDRESS "|" xargs cast decode-abi "balanceOf(address)(uint256)" -echo "###############\n" - -cast call $ERC20_ADDRESS "balanceOf(address)" $USER_ETH_ADDRESS | xargs cast decode-abi "balanceOf(address)(uint256)" +printf '\n### RUNNING ###\n' +echo "cast call \"$ERC20_ADDRESS\" \"balanceOf(address)\" \"$USER_ETH_ADDRESS\" | xargs cast decode-abi \"balanceOf(address)(uint256)\"" +printf '###############\n\n' + +cast call "$ERC20_ADDRESS" "balanceOf(address)" "$USER_ETH_ADDRESS" | xargs cast decode-abi "balanceOf(address)(uint256)"demos/erc20/scripts/deploy-erc20.sh (4)
8-20: Use printf for newlines and quote variables in printed commands
Replaceecho "\n### ..."withprintffor portable escapes and wrap expansions in quotes:-echo "\n### RUNNING ###" -echo forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20 \ - -r $ETH_URL \ - --account $USER \ - --password $USER_PWD \ - --broadcast \ - --gas-limit 10000000 \ - --gas-price 10 \ - --legacy \ - -vvvv \ - --json \ - --constructor-args "TestMeme" "MEME" "18" "1000000000000000000000000000" -echo "###############\n" +printf '\n### RUNNING ###\n' +echo "forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20 \ + -r \"$ETH_URL\" \ + --account \"$USER\" \ + --password \"$USER_PWD\" \ + --broadcast \ + --gas-limit 10000000 \ + --gas-price 10 \ + --legacy \ + -vvvv \ + --json \ + --constructor-args \"TestMeme\" \"MEME\" \"18\" \"1000000000000000000000000000\"" +printf '###############\n\n'
22-27: Quote expansions in command substitutions
Wrap variables in quotes when invokingforge createto prevent word splitting:-create_res=$(forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20 \ - -r $ETH_URL \ - --account $USER \ - --password $USER_PWD \ - --broadcast \ - --gas-limit 10000000 \ - --gas-price 10 \ - --legacy \ - -vvvv \ - --json \ - --constructor-args "TestMeme" "MEME" "18" "1000000000000000000000000000") +create_res=$(forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20 \ + -r "$ETH_URL" \ + --account "$USER" \ + --password "$USER_PWD" \ + --broadcast \ + --gas-limit 10000000 \ + --gas-price 10 \ + --legacy \ + -vvvv \ + --json \ + --constructor-args "TestMeme" "MEME" "18" "1000000000000000000000000000000")
33-38: Omit redundant exit check in strict mode
Withset -e, the explicitif [ $? -ne 0 ]; then exit 1; fican be removed. Confirm if you prefer explicit checks or rely onset -e.
36-40: Quote JSON parsing and echo outputs
Wrap$create_resin quotes to prevent misparsing by the shell:-contract_eth_address=$(echo $create_res | jq -r '.deployedTo') +contract_eth_address=$(echo "$create_res" | jq -r '.deployedTo')demos/erc20/scripts/wasm-query-counter.sh (5)
5-8: Add check forUSERenvironment variable
The script uses$USERfor key derivation. Validate it before usage:+if [ -z "${USER:-}" ]; then + echo "Error: USER env variable not set" + exit 1 +fi
10-18: Use printf for newline escapes and quote expansions
POSIXechomay not interpret\n. Quote$USER_INJ_ADDRESSin printed commands:-echo "\n### QUERYING COUNT ###" -echo injectived q wasm contract-state smart $WASM_CONTRACT \ - '{"get_count":{"addr":"'$USER_INJ_ADDRESS'"}}' \ - --node $INJ_URL \ - --output json -echo "######################\n" +printf '\n### QUERYING COUNT ###\n' +echo "injectived q wasm contract-state smart \"$WASM_CONTRACT\" '{\"get_count\":{\"addr\":\"$USER_INJ_ADDRESS\"}}' --node \"$INJ_URL\" --output json" +printf '######################\n\n'
21-28: Quote responses when parsing and improve error propagation
Wrap$count_responsein quotes and simplify exit handling underset -e:-count_response=$(injectived q wasm contract-state smart $WASM_CONTRACT \ - '{"get_count":{"addr":"'$USER_INJ_ADDRESS'"}}' \ - --node $INJ_URL \ - --output json) -if [ $? -ne 0 ]; then - echo "Failed to query count from contract" - exit 1 -fi +count_response=$(injectived q wasm contract-state smart "$WASM_CONTRACT" \ + "{\"get_count\":{\"addr\":\"$USER_INJ_ADDRESS\"}}\" \ + --node "$INJ_URL" \ + --output json) +# error will cause immediate exit under strict mode
30-32: Quote JSON parsing input
Prevent word splitting by quoting the JSON string:-count=$(echo $count_response | jq -r '.data.count') +count=$(echo "$count_response" | jq -r '.data.count')
34-45: Repeat formatting and quoting for total funds query
Apply the sameprintfand quoting fixes for the total funds section:-echo "\n### QUERYING TOTAL FUNDS ###" -echo injectived q wasm contract-state smart $WASM_CONTRACT \ - '{"get_total_funds":{"addr":"'$USER_INJ_ADDRESS'"}}' \ - --node $INJ_URL \ - --output json -echo "######################\n" +printf '\n### QUERYING TOTAL FUNDS ###\n' +echo "injectived q wasm contract-state smart \"$WASM_CONTRACT\" '{\"get_total_funds\":{\"addr\":\"$USER_INJ_ADDRESS\"}}' --node \"$INJ_URL\" --output json" +printf '######################\n\n'-funds_response=$(injectived q wasm contract-state smart $WASM_CONTRACT \ - '{"get_total_funds":{"addr":"'$USER_INJ_ADDRESS'"}}' \ - --node $INJ_URL \ - --output json) -if [ $? -ne 0 ]; then - echo "Failed to query total funds from contract" - exit 1 -fi +funds_response=$(injectived q wasm contract-state smart "$WASM_CONTRACT" \ + "{\"get_total_funds\":{\"addr\":\"$USER_INJ_ADDRESS\"}}\" \ + --node "$INJ_URL" \ + --output json) +# errors are handled by set -e-echo $funds_response | jq -r '.data.total_funds' +echo "$funds_response" | jq -r '.data.total_funds'demos/erc20/scripts/deploy-wasm.sh (8)
11-19: Useprintffor newline escapes and quote paths/vars
POSIXechomay not handle\n. Quote$USERand other vars:-echo "\n### RUNNING WASM STORE ###" -echo injectived tx wasm store wasm/counter.wasm \ - --from $USER \ - --chain-id $CHAIN_ID \ - --node $INJ_URL \ - --gas-prices 500000000inj \ - --gas auto \ - --gas-adjustment 1.3 \ - --broadcast-mode sync \ - --keyring-backend test \ - --output json \ - -y -echo "########################\n" +printf '\n### RUNNING WASM STORE ###\n' +echo "injectived tx wasm store \"wasm/counter.wasm\" \ + --from \"$USER\" \ + --chain-id \"$CHAIN_ID\" \ + --node \"$INJ_URL\" \ + --gas-prices 500000000inj \ + --gas auto \ + --gas-adjustment 1.3 \ + --broadcast-mode sync \ + --keyring-backend test \ + --output json \ + -y" +printf '########################\n\n'
24-31: Quote command substitutions and consider checking file existence
Wrap variables in quotes and validate thatwasm/counter.wasmexists before storing:-store_res=$(injectived tx wasm store wasm/counter.wasm \ +if [ ! -f "wasm/counter.wasm" ]; then + echo "Error: wasm/counter.wasm not found" + exit 1 +fi +store_res=$(injectived tx wasm store "wasm/counter.wasm" \ --from $USER \ --chain-id $CHAIN_ID \ --node $INJ_URL \ --gas-prices 500000000inj \ --gas auto \ --gas-adjustment 1.3 \ --broadcast-mode sync \ --keyring-backend test \ - -y --output json) + -y --output json)
34-41: Remove redundant exit checks under strict mode
Withset -e, explicit[ $? -ne 0 ]can be removed.
52-60: Quote JSON parsing and update variables in-place
Wraptx_resultin quotes when parsing and simplify assignment:-tx_result=$(injectived q tx $TXHASH \ - --node $INJ_URL \ - --chain-id $CHAIN_ID \ - --output json) -if [ $? -ne 0 ]; then - echo "Failed to query transaction" - exit 1 -fi +# Query transaction (errors exit under strict mode) +tx_result=$(injectived q tx "$TXHASH" \ + --node "$INJ_URL" \ + --chain-id "$CHAIN_ID" \ + --output json)-# Update store_res with the full transaction result -store_res=$tx_result +# Overwrite store_res with the full transaction result +store_res="$tx_result"
65-73: Quote JSON parsing for code id and echo
Wrapstore_resin quotes and quote attribute filters:-# Extract code ID from transaction response -CODE_ID=$(echo $store_res | jq -r '.events[] | select(.type=="store_code") | .attributes[] | select(.key=="code_id") | .value') -echo "Contract Code ID: $CODE_ID" +CODE_ID=$(echo "$store_res" | jq -r '.events[] | select(.type=="store_code") | .attributes[] | select(.key=="code_id") | .value') +echo "Contract Code ID: $CODE_ID"
71-80: Apply the same quoting and printf fixes to instantiate section
Replaceecho "\n"withprintf, quote JSON args, and wrap variables:-echo "\n### RUNNING WASM INSTANTIATE ###" -echo injectived tx wasm instantiate $CODE_ID '{"count":0}' \ +printf '\n### RUNNING WASM INSTANTIATE ###\n' +echo "injectived tx wasm instantiate \"$CODE_ID\" '{\"count\":0}' \ --label "counter-1.0.0" \ --admin $USER_ADDRESS \ --from $USER \ --chain-id $CHAIN_ID \ --node $INJ_URL \ --gas-prices 500000000inj \ --gas auto \ --gas-adjustment 1.3 \ --broadcast-mode sync \ --keyring-backend test \ --output json \ -y"Also wrap the
instantiate_rescommand substitution in quotes and handle errors under strict mode.
103-108: Quote JSON parsing for instantiation txhash
Wrapinstantiate_resin quotes when extracting the transaction hash:-# Extract txhash from instantiate transaction response -TXHASH=$(echo $instantiate_res | jq -r '.txhash') +TXHASH=$(echo "$instantiate_res" | jq -r '.txhash')
126-132: Quote parsing for contract address
Wrapinstantiate_resin quotes when extracting the contract address:-CONTRACT_ADDRESS=$(echo $instantiate_res | jq -r '.events[] | select(.type=="instantiate") | .attributes[] | select(.key=="_contract_address") | .value') +CONTRACT_ADDRESS=$(echo "$instantiate_res" | jq -r '.events[] | select(.type=="instantiate") | .attributes[] | select(.key=="_contract_address") | .value')demos/erc20/scripts/wasm-tx-increment.sh (6)
5-8: Validate all required environment variables
You checkWASM_CONTRACTbut rely onUSER. Add a check forUSER:+if [ -z "${USER:-}" ]; then + echo "Error: USER env variable is not set" + exit 1 +fi
13-17: Quote positional parameter and use descriptive var
Quote$1, assign to a named variable, and validate the expected format:-if [ -z "$1" ]; then - echo "⚠️ Error: No value with ERC20 denom specified" - echo "Usage: $0 <value>erc20:<contract_address>" - exit 1 -fi +AMOUNT="$1" +if [ -z "$AMOUNT" ]; then + echo "⚠️ Error: No amount with ERC20 denom specified" + echo "Usage: $0 <value>erc20:<contract_address>" + exit 1 +fi
21-28: Use printf for newline escapes and quote variables in printed commands
Replaceecho "\n"withprintf, wrap$AMOUNTand$WASM_CONTRACTin quotes:-echo "\n### EXECUTING INCREMENT ###" -echo injectived tx wasm execute $WASM_CONTRACT '{"increment":{}}' \ - --amount $1 \ +printf '\n### EXECUTING INCREMENT ###\n' +echo "injectived tx wasm execute \"$WASM_CONTRACT\" '{\"increment\":{}}' \ + --amount \"$AMOUNT\" \
36-44: Quote command substitutions and rely on strict mode for errors
Wrap$WASM_CONTRACTand$AMOUNTin quotes and remove explicit exit checks:-execute_res=$(injectived tx wasm execute $WASM_CONTRACT '{"increment":{}}' \ +execute_res=$(injectived tx wasm execute "$WASM_CONTRACT" '{"increment":{}}' \ --amount $AMOUNT \ --from $USER \ --chain-id $CHAIN_ID \ --node $INJ_URL \ --gas-prices 500000000inj \ --gas auto \ --gas-adjustment 1.3 \ --broadcast-mode sync \ --keyring-backend test \ - -y --output json) -if [ $? -ne 0 ]; then - echo "Failed to execute increment on WASM contract" - exit 1 -fi + -y --output json)
52-61: Quote JSON parsing when extracting tx code and raw log
Wraptx_resultin quotes and simplify code extraction:-tx_result=$(injectived q tx $TXHASH \ - --node $INJ_URL \ - --chain-id $CHAIN_ID \ - --output json) +tx_result=$(injectived q tx "$TXHASH" \ + --node "$INJ_URL" \ + --chain-id "$CHAIN_ID" \ + --output json)-TX_CODE=$(echo $tx_result | jq -r '.code') +TX_CODE=$(echo "$tx_result" | jq -r '.code')
75-83: Wrap logs and improve output consistency
Quote the raw log output and align exit messages:- echo "❌ Transaction failed with code: $TX_CODE" - echo "Error: $(echo $tx_result | jq -r '.raw_log')" + echo "❌ Transaction failed with code: $TX_CODE" + echo "Error: $(echo "$tx_result" | jq -r '.raw_log')"
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (2)
.DS_Storeis excluded by!**/.DS_Storedemos/erc20/wasm/counter.wasmis excluded by!**/*.wasm
📒 Files selected for processing (23)
.gitignore(1 hunks)demos/erc20/.local.env(1 hunks)demos/erc20/Makefile(1 hunks)demos/erc20/README.md(1 hunks)demos/erc20/scripts/cli-address.sh(1 hunks)demos/erc20/scripts/cli-balances-user1.sh(1 hunks)demos/erc20/scripts/cli-balances-user2.sh(1 hunks)demos/erc20/scripts/cli-denom.sh(1 hunks)demos/erc20/scripts/cli-keys.sh(1 hunks)demos/erc20/scripts/cli-q.sh(1 hunks)demos/erc20/scripts/cli-tx.sh(1 hunks)demos/erc20/scripts/deploy-erc20.sh(1 hunks)demos/erc20/scripts/deploy-wasm.sh(1 hunks)demos/erc20/scripts/erc20-balance-user1.sh(1 hunks)demos/erc20/scripts/erc20-balance-user2.sh(1 hunks)demos/erc20/scripts/foundry-util.sh(1 hunks)demos/erc20/scripts/import-cast-key.sh(1 hunks)demos/erc20/scripts/import-cli-key.sh(1 hunks)demos/erc20/scripts/wasm-query-counter.sh(1 hunks)demos/erc20/scripts/wasm-tx-increment.sh(1 hunks)demos/erc20/wasm/counter_msg.rs(1 hunks)demos/exchange/.evmix.env(0 hunks)demos/exchange/demo.sh(9 hunks)
💤 Files with no reviewable changes (1)
- demos/exchange/.evmix.env
🧰 Additional context used
🧬 Code Graph Analysis (1)
demos/erc20/scripts/deploy-erc20.sh (1)
demos/erc20/scripts/foundry-util.sh (1)
check_foundry_result(6-20)
🪛 dotenv-linter (3.3.0)
demos/erc20/.local.env
[warning] 8-8: [UnorderedKey] The GRPC_URL key should go before the INJ_URL key
[warning] 9-9: [UnorderedKey] The CHAIN_ID key should go before the ETH_URL key
[warning] 11-11: [ExtraBlankLine] Extra blank line detected
🪛 Shellcheck (0.10.0)
demos/erc20/scripts/cli-tx.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 5-5: Use "$@" (with quotes) to prevent whitespace problems.
(SC2048)
demos/erc20/scripts/cli-balances-user1.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
demos/erc20/scripts/cli-keys.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 5-5: Use "$@" (with quotes) to prevent whitespace problems.
(SC2048)
demos/erc20/scripts/erc20-balance-user1.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
demos/erc20/scripts/cli-balances-user2.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
demos/erc20/scripts/cli-q.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 5-5: Use "$@" (with quotes) to prevent whitespace problems.
(SC2048)
demos/erc20/scripts/deploy-erc20.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 4-4: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
demos/erc20/scripts/erc20-balance-user2.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
demos/erc20/scripts/cli-denom.sh
[warning] 5-5: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 15-15: In POSIX sh, [[ ]] is undefined.
(SC3010)
demos/erc20/scripts/import-cli-key.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
demos/erc20/scripts/foundry-util.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
demos/erc20/scripts/import-cast-key.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
demos/erc20/scripts/wasm-query-counter.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
demos/erc20/scripts/wasm-tx-increment.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 10-10: USER_INJ_ADDRESS appears unused. Verify use (or export if used externally).
(SC2034)
demos/erc20/scripts/deploy-wasm.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🔇 Additional comments (4)
.gitignore (1)
17-17: Approve adding.DS_Storeto ignored files.This will prevent macOS metadata files from being tracked across all directories, keeping the repo clean.
demos/exchange/demo.sh (1)
26-26: No-op blank line insertion
This added blank line has no effect on script behavior.demos/erc20/wasm/counter_msg.rs (1)
1-63: Excellent CosmWasm message structure implementation.The message definitions follow CosmWasm best practices with proper serde annotations, clear separation of concerns, and comprehensive IBC lifecycle handling.
demos/erc20/Makefile (1)
19-19: Validate .PHONY declarations.
The.PHONYline correctly lists all defined targets, ensuring no file conflicts with target names.
| echo "\n### RUNNING ###" | ||
| echo forge create examples/ExchangeDemo.sol:ExchangeDemo \ | ||
| -r $ETH_URL \ | ||
| --account $USER \ | ||
| --password $USER_PWD \ | ||
| --broadcast \ | ||
| --legacy \ | ||
| --gas-limit 10000000 \ | ||
| --gas-price 10 \ | ||
| -vvvv \ | ||
| --json | ||
| echo "###############\n" | ||
|
|
There was a problem hiding this comment.
Echo escapes won’t render newlines under POSIX /bin/sh
Using echo "\n### RUNNING ###" and echo "###############\n" will print literal \n rather than newlines in many /bin/sh implementations. Replace these with printf calls and consider extracting a helper function to reduce repetition.
Proposed diff:
- echo "\n### RUNNING ###"
+ printf '\n### RUNNING ###\n'
… (command you’re running) …
- echo "###############\n"
+ printf '###############\n\n'📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| echo "\n### RUNNING ###" | |
| echo forge create examples/ExchangeDemo.sol:ExchangeDemo \ | |
| -r $ETH_URL \ | |
| --account $USER \ | |
| --password $USER_PWD \ | |
| --broadcast \ | |
| --legacy \ | |
| --gas-limit 10000000 \ | |
| --gas-price 10 \ | |
| -vvvv \ | |
| --json | |
| echo "###############\n" | |
| #!/usr/bin/env sh | |
| printf '\n### RUNNING ###\n' | |
| echo forge create examples/ExchangeDemo.sol:ExchangeDemo \ | |
| -r $ETH_URL \ | |
| --account $USER \ | |
| --password $USER_PWD \ | |
| --broadcast \ | |
| --legacy \ | |
| --gas-limit 10000000 \ | |
| --gas-price 10 \ | |
| -vvvv \ | |
| --json | |
| printf '###############\n\n' |
🤖 Prompt for AI Agents
In demos/exchange/demo.sh around lines 38 to 50, the echo commands use "\n" for
newlines, which will print literal \n instead of actual newlines in many /bin/sh
environments. Replace these echo commands with printf calls to correctly render
newlines. Additionally, create a helper function to print these formatted
messages to avoid repetition and improve readability.
|
|
||
| # User | ||
| USER=user1 | ||
| USER_MNEMONIC="copper push brief egg scan entry inform record adjust fossil boss egg comic alien upon aspect dry avoid interest fury window hint race symptom" |
There was a problem hiding this comment.
Critical Security Issue: Exposed mnemonic phrase in version control.
The mnemonic phrase should never be committed to version control as it provides full access to the wallet. This creates a significant security vulnerability.
Consider these alternatives:
- Use environment variables that are set outside the codebase
- Use a
.env.examplefile with placeholder values - Document in README how to set up local credentials securely
-USER_MNEMONIC="copper push brief egg scan entry inform record adjust fossil boss egg comic alien upon aspect dry avoid interest fury window hint race symptom"
+# USER_MNEMONIC should be set as an environment variable
+# Example: export USER_MNEMONIC="your twelve word mnemonic phrase here"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| USER_MNEMONIC="copper push brief egg scan entry inform record adjust fossil boss egg comic alien upon aspect dry avoid interest fury window hint race symptom" | |
| # USER_MNEMONIC should be set as an environment variable | |
| # Example: export USER_MNEMONIC="your twelve word mnemonic phrase here" |
🤖 Prompt for AI Agents
In demos/erc20/.local.env at line 14, the mnemonic phrase is exposed in version
control, posing a critical security risk. Remove the actual mnemonic from this
file and replace it with a placeholder value or leave it empty. Add this file to
.gitignore to prevent committing sensitive data. Instead, instruct users to set
their mnemonic securely via environment variables or a separate local config not
tracked by version control, and update the README with setup instructions.
| @@ -0,0 +1,20 @@ | |||
| #!/bin/sh | |||
|
|
|||
| source .local.env | |||
There was a problem hiding this comment.
🛠️ Refactor suggestion
Fix POSIX compliance issue.
Using source is not POSIX compliant. Use . instead for better compatibility.
-source .local.env
+. .local.env🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🤖 Prompt for AI Agents
In demos/erc20/scripts/foundry-util.sh at line 3, replace the use of the
`source` command with the POSIX-compliant `.` command to include the .local.env
file. This change ensures better compatibility across different shell
environments.
| source .local.env | ||
|
|
||
| injectived keys $* --keyring-backend=test |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Fix POSIX compliance and argument handling issues.
Two issues need to be addressed:
sourceis not POSIX compliant$*can cause whitespace problems with arguments
-source .local.env
+. .local.env
-injectived keys $* --keyring-backend=test
+injectived keys "$@" --keyring-backend=test📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| source .local.env | |
| injectived keys $* --keyring-backend=test | |
| . .local.env | |
| injectived keys "$@" --keyring-backend=test |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 5-5: Use "$@" (with quotes) to prevent whitespace problems.
(SC2048)
🤖 Prompt for AI Agents
In demos/erc20/scripts/cli-keys.sh around lines 3 to 5, replace the non-POSIX
compliant 'source' command with the POSIX-compliant '.' command to load the
environment file. Also, replace the use of '$*' with '"$@"' to correctly handle
arguments containing whitespace and preserve argument boundaries.
| source .local.env | ||
|
|
||
| injectived q $* --node $INJ_URL |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Fix POSIX compliance and argument handling issues.
Same issues as in cli-keys.sh:
sourceis not POSIX compliant$*can cause whitespace problems with arguments
-source .local.env
+. .local.env
-injectived q $* --node $INJ_URL
+injectived q "$@" --node $INJ_URL📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| source .local.env | |
| injectived q $* --node $INJ_URL | |
| . .local.env | |
| injectived q "$@" --node $INJ_URL |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 5-5: Use "$@" (with quotes) to prevent whitespace problems.
(SC2048)
🤖 Prompt for AI Agents
In demos/erc20/scripts/cli-q.sh around lines 3 to 5, replace the non-POSIX
compliant 'source' command with the POSIX-compliant '.' command to load the
environment variables. Also, change the use of '$*' to '"$@"' when passing
arguments to 'injectived q' to correctly handle arguments with whitespace and
preserve argument boundaries.
| #!/bin/sh | ||
|
|
||
| source .local.env | ||
| source scripts/foundry-util.sh |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Switch to bash and set strict modes for error handling
Shellcheck SC3046 flags source in POSIX sh. Change shebang to bash and add set -euo pipefail:
-#!/bin/sh
-source .local.env
-source scripts/foundry-util.sh
+#!/usr/bin/env bash
+set -euo pipefail
+. ./.local.env
+. ./scripts/foundry-util.sh📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| #!/bin/sh | |
| source .local.env | |
| source scripts/foundry-util.sh | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| . ./.local.env | |
| . ./scripts/foundry-util.sh |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 4-4: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🤖 Prompt for AI Agents
In demos/erc20/scripts/deploy-erc20.sh at lines 1 to 4, the script uses `source`
which is not POSIX compliant and triggers Shellcheck SC3046. Change the shebang
from `#!/bin/sh` to `#!/bin/bash` and add `set -euo pipefail` after the shebang
to enable strict error handling and improve script robustness.
| #!/bin/sh | ||
|
|
||
| source .local.env | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Switch to bash or use POSIX-compliant sourcing
Shellcheck SC3046: replace source with . or change shebang to bash. Also enable strict error handling:
-#!/bin/sh
-source .local.env
+#!/usr/bin/env bash
+set -euo pipefail
+. ./.local.env🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🤖 Prompt for AI Agents
In demos/erc20/scripts/wasm-query-counter.sh at lines 1 to 4, the script uses
'source' which is not POSIX-compliant for /bin/sh. To fix this, either change
the shebang to '#!/bin/bash' to use bash or replace 'source .local.env' with '.
.local.env' for POSIX compliance. Additionally, add strict error handling by
enabling 'set -euo pipefail' after the shebang to improve script robustness.
| #!/bin/sh | ||
|
|
||
| source .local.env | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Switch shebang to bash and enforce strict modes
Shellcheck SC3046: replace source with POSIX . or use bash. Add set -euo pipefail:
-#!/bin/sh
-
-source .local.env
+#!/usr/bin/env bash
+set -euo pipefail
+. ./.local.env📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| #!/bin/sh | |
| source .local.env | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| . ./.local.env |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🤖 Prompt for AI Agents
In demos/erc20/scripts/deploy-wasm.sh at lines 1 to 4, the script uses a shebang
for sh but uses the bash-specific `source` command and lacks strict error
handling. Change the shebang to `#!/bin/bash` to explicitly use bash, replace
`source .local.env` with `. .local.env` if you want to keep sh compatibility, or
keep `source` with bash. Also, add `set -euo pipefail` after the shebang to
enforce strict error handling and safer script execution.
| USER_INJ_ADDRESS=$(injectived keys show $USER --keyring-backend=test -a)\ | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Remove unused variable assignment
USER_INJ_ADDRESS is assigned but never used. Drop this or incorporate it into execution logs:
-USER_INJ_ADDRESS=$(injectived keys show $USER --keyring-backend=test -a)\
+# removed unused USER_INJ_ADDRESS assignment🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 10-10: USER_INJ_ADDRESS appears unused. Verify use (or export if used externally).
(SC2034)
🤖 Prompt for AI Agents
In demos/erc20/scripts/wasm-tx-increment.sh around lines 10 to 11, the variable
USER_INJ_ADDRESS is assigned but never used. Remove the assignment line entirely
or, if the address is useful for debugging, add a command to log or echo
USER_INJ_ADDRESS so it is utilized in the script.
| #!/bin/sh | ||
|
|
||
| source .local.env | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Use bash and enforce strict error handling
Replace source with POSIX . or switch shebang to bash. Add set -euo pipefail:
-#!/bin/sh
-source .local.env
+#!/usr/bin/env bash
+set -euo pipefail
+. ./.local.env📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| #!/bin/sh | |
| source .local.env | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| . ./.local.env |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🤖 Prompt for AI Agents
In demos/erc20/scripts/wasm-tx-increment.sh at lines 1 to 4, the script uses a
sh shebang with the bash-specific `source` command and lacks strict error
handling. Change the shebang to `#!/bin/bash` to use bash explicitly, replace
`source` with `.` if you want to keep sh compatibility, and add `set -euo
pipefail` after the shebang to enforce strict error handling and safer script
execution.
There was a problem hiding this comment.
Actionable comments posted: 2
🔭 Outside diff range comments (1)
src/FixedSupplyBankERC20.sol (1)
7-11:⚠️ Potential issuePayable constructor may strand the 1 ETH sent on deployment
With
payableadded, the contract now receives 1 ETH during deployment (seedeploy-erc20.sh).
BankERC20exposes noreceive()/fallback()function nor any explicit ETH-withdrawal logic, so that ether becomes permanently locked inside the contract.+ /** + * @notice Withdraw native ETH accidentally left in the contract. + * Only the deployer can call this – adjust access control to fit your needs. + */ + function sweepNative(address payable to) external { + require(msg.sender == owner(), "only owner"); + to.transfer(address(this).balance); + }Alternatively, refund the ETH to
msg.senderinside the constructor if it is only sent to satisfy Foundry.Locking user funds is a critical security risk in production deployments.
Please confirm the intended behaviour or add a safe-withdraw mechanism.
♻️ Duplicate comments (2)
demos/erc20/scripts/deploy-wasm.sh (1)
1-4: Switch to bash and enable strict error handling
The script uses#!/bin/shbut calls the bash‐onlysourcecommand and lacks strict mode. Please update to:-#!/bin/sh -source .local.env +#!/usr/bin/env bash +set -euo pipefail +. ./.local.env🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
demos/erc20/scripts/deploy-erc20.sh (1)
1-4: Shellcheck SC3046: switch to bash & strict mode
Same issue raised previously – see past review.
Please adopt the earlier suggestion.🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 4-4: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🧹 Nitpick comments (4)
demos/erc20/scripts/deploy-wasm.sh (4)
10-22: Useprintfinstead ofechofor formatted output
echo "\n### …"prints the literal\n. Replace withprintf "\n### RUNNING WASM STORE ###\n"(and similarly for other banners) for reliable newlines across shells.
24-33: Simplify error handling for the store command
Capture and check in one step to avoid relying on$?:-store_res=$(injectived tx wasm store … --output json) -if [ $? -ne 0 ]; then - echo "Failed to store WASM contract" - exit 1 -fi +if ! store_res=$(injectived tx wasm store … --output json); then + echo "Failed to store WASM contract" >&2 + exit 1 +fi
40-41: Quote variable expansions when piping tojq
Unquoted$store_rescan break if the JSON contains whitespace. Use:TXHASH=$(echo "$store_res" | jq -r '.txhash')
87-96: Simplify error handling for the instantiate command
Apply the sameif ! …; thenpattern:-instantiate_res=$(injectived tx wasm instantiate … --output json) -if [ $? -ne 0 ]; then - echo "Failed to instantiate WASM contract" - exit 1 -fi +if ! instantiate_res=$(injectived tx wasm instantiate … --output json); then + echo "Failed to instantiate WASM contract" >&2 + exit 1 +fi
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
demos/erc20/scripts/deploy-erc20.sh(1 hunks)demos/erc20/scripts/deploy-wasm.sh(1 hunks)src/FixedSupplyBankERC20.sol(1 hunks)src/tests/FixedSupplyBankERC20InfiniteGas.sol(1 hunks)
🧰 Additional context used
🧬 Code Graph Analysis (1)
demos/erc20/scripts/deploy-erc20.sh (1)
demos/erc20/scripts/foundry-util.sh (1)
check_foundry_result(6-20)
🪛 Shellcheck (0.10.0)
demos/erc20/scripts/deploy-erc20.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 4-4: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
demos/erc20/scripts/deploy-wasm.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
⏰ Context from checks skipped due to timeout of 90000ms (1)
- GitHub Check: Socket Security: Pull Request Alerts
🔇 Additional comments (2)
demos/erc20/scripts/deploy-wasm.sh (1)
131-132: Verify correct attribute key for contract address extraction
CosmWasm events often usecontract_address(no leading underscore) in the instantiate event. Please confirm that:jq -r '.events[] | select(.type=="instantiate") | .attributes[] | select(.key=="_contract_address")'matches your chain’s event schema, or adjust to
.key=="contract_address".src/tests/FixedSupplyBankERC20InfiniteGas.sol (1)
17-25:symbol()now guarantees out-of-gas; wrap in dedicated test harness onlyThe infinite
while (true)loop will revert every external/readonly call due to OOG.
That is fine for a fuzz / failure-mode test, but make sure:
- No production script or front-end queries
symbol()on this contract.- Unit tests assert the expected revert to avoid hanging.
- Static-analysis tools ignore the unreachable
return.If this contract is meant purely for internal testing, consider adding a comment or modifier (
onlyTest) to prevent accidental deployment.
| # Update store_res with the full transaction result | ||
| store_res=$tx_result | ||
|
|
||
| # Extract code ID from transaction response | ||
| CODE_ID=$(echo $store_res | jq -r '.events[] | select(.type=="store_code") | .attributes[] | select(.key=="code_id") | .value') |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Validate extracted CODE_ID before proceeding
If CODE_ID is empty, instantiation will silently fail. Add:
if [ -z "$CODE_ID" ]; then
echo "Error: Failed to parse CODE_ID" >&2
exit 1
fibefore using $CODE_ID.
🤖 Prompt for AI Agents
In demos/erc20/scripts/deploy-wasm.sh around lines 62 to 66, the extracted
CODE_ID from the transaction response is not validated, which can cause silent
failures if it is empty. Add a check after extracting CODE_ID to verify if it is
empty, and if so, print an error message to stderr and exit the script with a
non-zero status to prevent further execution.
| echo "\n### RUNNING ###" | ||
| echo forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20 \ | ||
| -r $ETH_URL \ | ||
| --account $USER \ | ||
| --password $USER_PWD \ | ||
| --broadcast \ | ||
| --gas-limit 10000000 \ | ||
| --gas-price 10 \ | ||
| --value 1000000000000000000 \ | ||
| --legacy \ | ||
| -vvvv \ | ||
| --json \ | ||
| --constructor-args "TestMeme" "MEME" "18" "1000000000000000000000000000" | ||
| echo "###############\n" | ||
|
|
||
| create_res=$(forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20 \ | ||
| -r $ETH_URL \ | ||
| --account $USER \ | ||
| --password $USER_PWD \ | ||
| --broadcast \ | ||
| --gas-limit 10000000 \ | ||
| --gas-price 10 \ | ||
| --value 1000000000000000000 \ | ||
| --legacy \ | ||
| -vvvv \ | ||
| --json \ | ||
| --constructor-args "TestMeme" "MEME" "18" "1000000000000000000000000000") |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Harden script portability & safety
• echo "\n" is undefined in many shells – use printf or echo -e.
• Paths assume the CWD is demos/erc20; resolve relative to the script dir (SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)").
• $USER collides with the system env var; rename to e.g. DEPLOYER.
• Wrap the verbose display command in a printf/here-doc instead of re-typing args twice.
Illustrative refactor:
-#!/bin/sh
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+. "${SCRIPT_DIR}/.local.env"
+. "${SCRIPT_DIR}/scripts/foundry-util.sh"
-echo "\n### RUNNING ###"
-echo forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20 \
+printf '\n### RUNNING ###\n'
+forge_cmd=(forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20
+ -r "$ETH_URL"
+ --account "$DEPLOYER"
+ --password "$DEPLOYER_PWD"
+ --broadcast
+ --gas-limit 10000000
+ --gas-price 10
+ --value 1000000000000000000
+ --legacy
+ -vvvv
+ --json
+ --constructor-args "TestMeme" "MEME" "18" "1000000000000000000000000000")
+printf '%q ' "${forge_cmd[@]}"; printf '\n'
+
-create_res=$(forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20 \
- -r $ETH_URL \
- --account $USER \
- --password $USER_PWD \
- ...
- --constructor-args "TestMeme" "MEME" "18" "1000000000000000000000000000")
+create_res=$("${forge_cmd[@]}")These changes remove duplication, avoid undefined behaviour, and make the script runnable from any directory.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| echo "\n### RUNNING ###" | |
| echo forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20 \ | |
| -r $ETH_URL \ | |
| --account $USER \ | |
| --password $USER_PWD \ | |
| --broadcast \ | |
| --gas-limit 10000000 \ | |
| --gas-price 10 \ | |
| --value 1000000000000000000 \ | |
| --legacy \ | |
| -vvvv \ | |
| --json \ | |
| --constructor-args "TestMeme" "MEME" "18" "1000000000000000000000000000" | |
| echo "###############\n" | |
| create_res=$(forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20 \ | |
| -r $ETH_URL \ | |
| --account $USER \ | |
| --password $USER_PWD \ | |
| --broadcast \ | |
| --gas-limit 10000000 \ | |
| --gas-price 10 \ | |
| --value 1000000000000000000 \ | |
| --legacy \ | |
| -vvvv \ | |
| --json \ | |
| --constructor-args "TestMeme" "MEME" "18" "1000000000000000000000000000") | |
| printf '\n### RUNNING ###\n' | |
| forge_cmd=(forge create src/FixedSupplyBankERC20.sol:FixedSupplyBankERC20 | |
| -r "$ETH_URL" | |
| --account "$DEPLOYER" | |
| --password "$DEPLOYER_PWD" | |
| --broadcast | |
| --gas-limit 10000000 | |
| --gas-price 10 | |
| --value 1000000000000000000 | |
| --legacy | |
| -vvvv | |
| --json | |
| --constructor-args "TestMeme" "MEME" "18" "1000000000000000000000000000000") | |
| printf '%q ' "${forge_cmd[@]}"; printf '\n' | |
| echo "###############\n" | |
| create_res=$("${forge_cmd[@]}") |
🤖 Prompt for AI Agents
In demos/erc20/scripts/deploy-erc20.sh lines 8 to 34, replace all echo "\n" with
printf or echo -e for portability, resolve all relative paths using a SCRIPT_DIR
variable set to the script's directory to avoid assumptions about the current
working directory, rename the USER variable to DEPLOYER to prevent collision
with the system environment variable, and consolidate the repeated forge create
command arguments by storing them in a variable or using a here-doc or printf
block to avoid duplication and improve maintainability.
There was a problem hiding this comment.
Actionable comments posted: 22
♻️ Duplicate comments (2)
workshops/erc20-mts/scripts/cli-tx.sh (1)
1-3: Same portability issue ascli-q.sh.Adopt the same fix: Bash shebang or
.plusset -euo pipefail.🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/cli-keys.sh (1)
1-5: Portability and quoting issues identical to the other CLI wrappers.Apply the same changes: Bash shebang or POSIX
., addset -euo pipefail, and replace$*with"$@".🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 5-5: Use "$@" (with quotes) to prevent whitespace problems.
(SC2048)
🧹 Nitpick comments (19)
src/MintBurnBankERC20.sol (1)
9-12: Payable constructor traps ETH with no withdrawal path.Making the constructor
payableallows Ether to be sent at deployment, but the contract provides no way for that Ether to be recovered later. Unless this is intentional, consider adding awithdraw()/receive()function or reverting onselfbalance() > 0to avoid permanently locked funds.workshops/erc20-mts/scripts/cli-balances-user1.sh (1)
3-13: Minor portability & robustness improvements.
- Replace
sourcewith.for POSIX compliance.- Guard against unset
$USERvariable.- Use
printffor portable newlines.- Quote expansions.
Example patch:
-. .local.env - -echo "Checking balance of user1..." -USER_INJ_ADDRESS=$(injectived keys show $USER --keyring-backend=test -a) - -echo "\n### RUNNING ###" -echo injectived q bank balances $USER_INJ_ADDRESS --chain-id $CHAIN_ID --node $INJ_URL -echo "###############\n" +. ./.local.env +: "${USER:?USER env var not set}" + +printf 'Checking balance of %s…\n' "$USER" +USER_INJ_ADDRESS=$(injectived keys show "$USER" --keyring-backend=test -a) + +printf '\n### RUNNING ###\n' +printf 'injectived q bank balances %s --chain-id %s --node %s\n' \ + "$USER_INJ_ADDRESS" "$CHAIN_ID" "$INJ_URL" +printf '###############\n\n'🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/import-cast-key.sh (1)
7-13: Quote and harden wallet existence check
- Unquoted
$USERcan misbehave if it contains regex metachars.- Pipeline errors (e.g.,
cast wallet listfailing) aren’t caught.-if cast wallet list | grep -q $USER; then +set -o pipefail +if cast wallet list | grep -Fq -- "$USER"; then echo "Wallet $USER already exists. Skipping import." else cast wallet import "$USER" \ --unsafe-password "$USER_PWD" \ --mnemonic "$USER_MNEMONIC" fiConsider adding
set -euo pipefailat the top for consistent error handling.workshops/erc20-mts/scripts/cli-balances-user2.sh (1)
12-17: Quote and format commands portably
- Use
printffor portable newlines.- Quote
$1,$CHAIN_ID, and$INJ_URLin the command.- Consider adding argument validation.
-echo "\n### RUNNING ###" -echo injectived q bank balances $1 --chain-id $CHAIN_ID --node $INJ_URL --keyring-backend=test -echo "###############\n" +printf "\n### RUNNING ###\n" +printf "injectived q bank balances %s --chain-id %s --node %s --keyring-backend=test\n" \ + "$1" "$CHAIN_ID" "$INJ_URL" +printf "###############\n\n"workshops/erc20-mts/scripts/cli-address.sh (2)
6-7: Add argument validation and quoting
- No check that a key name (
$1) was provided.- Unquoted
$1may break on special chars.if [ $# -lt 1 ] || [ -z "$1" ]; then echo "Usage: $0 <key-name>" exit 1 fi INJ_ADDRESS=$(injectived keys show "$1" --keyring-backend=test -a)
12-13: Quote command outputs when constructing ETH_ADDRESS
Unquoted expansions can break if output contains spaces. Also check for command failure.-ETH_ADDRESS=0x$(injectived keys parse $INJ_ADDRESS --output json | jq -r '.bytes') +if eth_bytes=$(injectived keys parse "$INJ_ADDRESS" --output json | jq -r '.bytes'); then + ETH_ADDRESS=0x"$eth_bytes" +else + echo "Error: failed to parse Injective key to Ethereum address" + exit 1 +fiworkshops/erc20-mts/scripts/deploy-erc20-mintburn.sh (1)
14-15: Fix newline echo for POSIX sh.Using
echo "\n…"doesn't reliably emit a newline in POSIXsh. Useprintfor separateechocalls.- echo "\n### RUNNING ###" + printf "\n### RUNNING ###\n"workshops/erc20-mts/scripts/erc20-balance-user1.sh (1)
19-21: Use POSIX-safe newline printing.The
echo "\n### RUNNING ###"may not produce a newline. Preferprintf.- echo "\n### RUNNING ###" + printf "\n### RUNNING ###\n"workshops/erc20-mts/scripts/wasm-query-counter.sh (3)
14-19: Useprintffor portable newlines
echo "\n### …\n"prints literal\nin POSIXsh. Replace withprintf.- echo "\n### QUERYING COUNT ###" + printf "\n### QUERYING COUNT ###\n" ... - echo "######################\n" + printf "######################\n\n"
30-33: Quotecount_responsewhen piping tojq
Unquoted expansion can break if the JSON contains spaces or newlines.- count=$(echo $count_response | jq -r '.data.count') + count=$(printf '%s' "$count_response" | jq -r '.data.count')
41-48: Quotefunds_responsewhen parsing withjq
Same as above—always wrap variable expansions in quotes.- echo $funds_response | jq -r '.data.total_funds' + printf '%s' "$funds_response" | jq -r '.data.total_funds'workshops/erc20-mts/scripts/mint-erc20.sh (1)
35-45: Useprintffor portable newlines
echo "\n### RUNNING ###"and similar calls will not interpret\nin POSIXsh.- echo "\n### RUNNING ###" + printf "\n### RUNNING ###\n" ... - echo "###############\n" + printf "###############\n\n"workshops/erc20-mts/scripts/deploy-wasm.sh (1)
10-22: Useprintfinstead ofechofor newlines
Allecho "\n…"invocations are literal in POSIXsh. Switch toprintf:- echo "\n### RUNNING WASM STORE ###" + printf "\n### RUNNING WASM STORE ###\n" ... - echo "########################\n" + printf "########################\n\n"workshops/erc20-mts/scripts/wasm-tx-increment.sh (2)
10-14:USER_INJ_ADDRESSis assigned but never used
Either use this value in your logs or remove the assignment to avoid dead code.🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 10-10: USER_INJ_ADDRESS appears unused. Verify use (or export if used externally).
(SC2034)
21-24: Useprintffor portable newlines
Replaceecho "\n### EXECUTING INCREMENT ###"with:- echo "\n### EXECUTING INCREMENT ###" + printf "\n### EXECUTING INCREMENT ###\n"workshops/erc20-mts/wasm/counter_msg.rs (4)
5-7: Consider an unsigned type forcountA counter usually represents a non-negative value. Using
i32opens the door for negative states that the business logic may not expect.-pub struct InstantiateMsg { - pub count: i32, -} +pub struct InstantiateMsg { + /// Initial counter value – must be non-negative. + pub count: u64, +}Changing to
u64(oru128if you expect very large values) conveys intent and removes the need for runtime checks against negative numbers.
10-13:Reset { count }variant inherits the same signed-integer caveatFor consistency with the previous suggestion and to avoid accidental negative resets, update the field type as well:
-Reset { count: i32 }, +Reset { count: u64 },If you intentionally allow negative resets, please add explicit documentation explaining why that is safe and desired.
18-23: Doc comment no longer matches the parameters
GetCount/GetTotalFundsacceptaddr, so the phrase “returns the current count” is misleading—there is one count per address, not a single global value.-// GetCount returns the current count as a json-encoded number +// GetCount returns the counter value for the given addressKeeping docs accurate prevents confusion for contract integrators.
45-48: Typo in comment – “Weather” → “Whether”Minor but worth fixing for polish:
-/// Weather an ack is a success of failure according to the transfer spec +/// Whether an ack is a success or failure according to the transfer spec
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
workshops/erc20-mts/wasm/counter.wasmis excluded by!**/*.wasm
📒 Files selected for processing (23)
src/MintBurnBankERC20.sol(1 hunks)workshops/erc20-mts/.local.env(1 hunks)workshops/erc20-mts/Makefile(1 hunks)workshops/erc20-mts/README.md(1 hunks)workshops/erc20-mts/scripts/cli-address.sh(1 hunks)workshops/erc20-mts/scripts/cli-balances-user1.sh(1 hunks)workshops/erc20-mts/scripts/cli-balances-user2.sh(1 hunks)workshops/erc20-mts/scripts/cli-denom.sh(1 hunks)workshops/erc20-mts/scripts/cli-keys.sh(1 hunks)workshops/erc20-mts/scripts/cli-q.sh(1 hunks)workshops/erc20-mts/scripts/cli-tx.sh(1 hunks)workshops/erc20-mts/scripts/deploy-erc20-mintburn.sh(1 hunks)workshops/erc20-mts/scripts/deploy-erc20.sh(1 hunks)workshops/erc20-mts/scripts/deploy-wasm.sh(1 hunks)workshops/erc20-mts/scripts/erc20-balance-user1.sh(1 hunks)workshops/erc20-mts/scripts/erc20-balance-user2.sh(1 hunks)workshops/erc20-mts/scripts/foundry-util.sh(1 hunks)workshops/erc20-mts/scripts/import-cast-key.sh(1 hunks)workshops/erc20-mts/scripts/import-cli-key.sh(1 hunks)workshops/erc20-mts/scripts/mint-erc20.sh(1 hunks)workshops/erc20-mts/scripts/wasm-query-counter.sh(1 hunks)workshops/erc20-mts/scripts/wasm-tx-increment.sh(1 hunks)workshops/erc20-mts/wasm/counter_msg.rs(1 hunks)
✅ Files skipped from review due to trivial changes (2)
- workshops/erc20-mts/.local.env
- workshops/erc20-mts/README.md
🧰 Additional context used
🧬 Code Graph Analysis (3)
workshops/erc20-mts/scripts/mint-erc20.sh (1)
workshops/erc20-mts/scripts/foundry-util.sh (1)
check_foundry_result(6-20)
workshops/erc20-mts/scripts/deploy-erc20-mintburn.sh (1)
workshops/erc20-mts/scripts/foundry-util.sh (1)
check_foundry_result(6-20)
workshops/erc20-mts/scripts/deploy-erc20.sh (1)
workshops/erc20-mts/scripts/foundry-util.sh (1)
check_foundry_result(6-20)
🪛 Shellcheck (0.10.0)
workshops/erc20-mts/scripts/cli-balances-user2.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/foundry-util.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/erc20-balance-user2.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/import-cast-key.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/cli-denom.sh
[warning] 5-5: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 15-15: In POSIX sh, [[ ]] is undefined.
(SC3010)
workshops/erc20-mts/scripts/import-cli-key.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/wasm-query-counter.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/deploy-wasm.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/mint-erc20.sh
[warning] 5-5: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 6-6: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/deploy-erc20-mintburn.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 4-4: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/deploy-erc20.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 4-4: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/erc20-balance-user1.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/wasm-tx-increment.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 10-10: USER_INJ_ADDRESS appears unused. Verify use (or export if used externally).
(SC2034)
workshops/erc20-mts/scripts/cli-balances-user1.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
workshops/erc20-mts/scripts/cli-keys.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 5-5: Use "$@" (with quotes) to prevent whitespace problems.
(SC2048)
workshops/erc20-mts/scripts/cli-q.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 5-5: Use "$@" (with quotes) to prevent whitespace problems.
(SC2048)
workshops/erc20-mts/scripts/cli-tx.sh
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 5-5: Use "$@" (with quotes) to prevent whitespace problems.
(SC2048)
🪛 checkmake (0.2.2)
workshops/erc20-mts/Makefile
[warning] 25-25: Missing required phony target "clean"
(minphony)
[warning] 25-25: Missing required phony target "test"
(minphony)
⏰ Context from checks skipped due to timeout of 90000ms (1)
- GitHub Check: Socket Security: Pull Request Alerts
🔇 Additional comments (2)
workshops/erc20-mts/scripts/erc20-balance-user2.sh (1)
7-10: The guard checkingERC20_ADDRESSis correctly implemented and exits on missing config.workshops/erc20-mts/wasm/counter_msg.rs (1)
37-57: Validatechannel/sequencesizesIBC channels and sequence numbers can exceed
u64on long-running chains. Althoughu64is probably fine for most cases, consider:
- Documenting the assumption that the sequence fits in
u64.- Using
u128orString(for BigInt) if overflow is a concern.Not blocking, but worth noting before main-net deployments.
|
|
||
| source .local.env | ||
|
|
||
| injectived q $* --node $INJ_URL |
There was a problem hiding this comment.
Quote the forwarded arguments to preserve whitespace.
$* under‐quotes and will mangle arguments containing spaces or glob characters. Use "$@" and quote $INJ_URL.
-injectived q $* --node $INJ_URL
+injectived q "$@" --node "$INJ_URL"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| injectived q $* --node $INJ_URL | |
| injectived q "$@" --node "$INJ_URL" |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 5-5: Use "$@" (with quotes) to prevent whitespace problems.
(SC2048)
🤖 Prompt for AI Agents
In workshops/erc20-mts/scripts/cli-q.sh at line 5, the script uses unquoted $*
which can mangle arguments with spaces or special characters. Replace $* with
"$@" to preserve argument boundaries and quote $INJ_URL as "$INJ_URL" to handle
any spaces or special characters in the node URL correctly.
| #!/bin/sh | ||
|
|
||
| source .local.env |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Use a Bash-compatible shebang or POSIX-compliant . instead of source.
/bin/sh does not guarantee support for the source builtin. Either:
- Switch to a Bash shebang, or
- Keep
/bin/shand replacesourcewith.
Diff example (option 1):
-#!/bin/sh
+#!/usr/bin/env bash
-
-source .local.env
+. ./.local.env
+set -euo pipefail🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🤖 Prompt for AI Agents
In workshops/erc20-mts/scripts/cli-q.sh at lines 1 to 3, the script uses a
/bin/sh shebang but calls the non-POSIX `source` command, which may not be
supported. To fix this, either change the shebang to a Bash-compatible one like
/bin/bash or replace `source .local.env` with `. .local.env` to maintain POSIX
compliance with /bin/sh.
|
|
||
| source .local.env | ||
|
|
||
| injectived tx $* --keyring-backend=test --chain-id $CHAIN_ID --node $INJ_URL --gas=auto --gas-adjustment=1.3 --gas-prices=10inj |
There was a problem hiding this comment.
Quote positional parameters and env vars.
Unquoted $*, $CHAIN_ID, and $INJ_URL risk word-splitting. Suggested patch:
-injectived tx $* --keyring-backend=test --chain-id $CHAIN_ID --node $INJ_URL --gas=auto --gas-adjustment=1.3 --gas-prices=10inj
+injectived tx "$@" --keyring-backend=test \
+ --chain-id "$CHAIN_ID" \
+ --node "$INJ_URL" \
+ --gas=auto --gas-adjustment=1.3 --gas-prices=10inj📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| injectived tx $* --keyring-backend=test --chain-id $CHAIN_ID --node $INJ_URL --gas=auto --gas-adjustment=1.3 --gas-prices=10inj | |
| injectived tx "$@" --keyring-backend=test \ | |
| --chain-id "$CHAIN_ID" \ | |
| --node "$INJ_URL" \ | |
| --gas=auto --gas-adjustment=1.3 --gas-prices=10inj |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 5-5: Use "$@" (with quotes) to prevent whitespace problems.
(SC2048)
🤖 Prompt for AI Agents
In workshops/erc20-mts/scripts/cli-tx.sh at line 5, the positional parameters $*
and environment variables $CHAIN_ID and $INJ_URL are unquoted, which risks
word-splitting and potential errors. Fix this by quoting "$*" to preserve
parameter grouping and quoting "$CHAIN_ID" and "$INJ_URL" to prevent
word-splitting when they contain spaces or special characters.
| check_foundry_result() { | ||
| res=$1 | ||
|
|
||
| eth_tx_hash=$(echo $res | jq -r '.transactionHash') | ||
| sdk_tx_hash=$(cast rpc inj_getTxHashByEthHash $eth_tx_hash | sed -r 's/0x//' | tr -d '"') | ||
|
|
||
| tx_receipt=$(injectived q tx $sdk_tx_hash --node $INJ_URL --output json) | ||
| code=$(echo $tx_receipt | jq -r '.code') | ||
| raw_log=$(echo $tx_receipt | jq -r '.raw_log') | ||
|
|
||
| if [ -n "$code" ] && [ "$code" -ne 0 ]; then | ||
| echo "Error: Tx Failed. Code: $code, Log: $raw_log" | ||
| exit 1 | ||
| fi | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Harden check_foundry_result for robustness
- Unquoted expansions (
echo $res) can break on whitespace or special chars. - No validation that an argument was passed.
- Failures in
castorinjectivedaren’t caught.
Consider adding at the top of the script:
set -euo pipefailAnd within the function:
check_foundry_result() {
+ if [ $# -lt 1 ] || [ -z "$1" ]; then
+ echo "Usage: check_foundry_result <foundry-json-result>"
+ exit 1
+ fi
+ res="$1"
eth_tx_hash=$(echo "$res" | jq -r '.transactionHash')
sdk_tx_hash=$(cast rpc inj_getTxHashByEthHash "$eth_tx_hash" | sed -r 's/^0x//' | tr -d '"')
tx_receipt=$(injectived q tx "$sdk_tx_hash" --node "$INJ_URL" --output json)
code=$(echo "$tx_receipt" | jq -r '.code')
raw_log=$(echo "$tx_receipt" | jq -r '.raw_log')
if [ -n "$code" ] && [ "$code" -ne 0 ]; then
echo "Error: Tx Failed. Code: $code, Log: $raw_log"
exit 1
fi
}This ensures proper quoting, catches missing args, and fails fast on command errors.
🤖 Prompt for AI Agents
In workshops/erc20-mts/scripts/foundry-util.sh around lines 6 to 20, the
function check_foundry_result lacks argument validation, proper quoting, and
error handling for commands like cast and injectived. Fix this by adding a check
at the start of the function to ensure an argument is passed, quote all variable
expansions to handle whitespace or special characters safely, and handle
possible failures from cast and injectived commands by using set -euo pipefail
at the top of the script to enable strict error checking and fail fast on
errors.
| #!/bin/sh | ||
|
|
||
| source .local.env | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Incompatible POSIX source usage
The script uses /bin/sh but sources .local.env with source, which isn't portable in POSIX sh.
Apply this diff to fix portability:
-#!/bin/sh
-source .local.env
+#!/bin/sh
+. .local.env📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| #!/bin/sh | |
| source .local.env | |
| #!/bin/sh | |
| . .local.env |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🤖 Prompt for AI Agents
In workshops/erc20-mts/scripts/foundry-util.sh at lines 1 to 4, the script uses
/bin/sh but incorrectly uses the non-POSIX 'source' command to load .local.env.
Replace 'source .local.env' with '. .local.env' to ensure POSIX-compliant
sourcing and improve portability.
| #!/bin/sh | ||
|
|
||
| source .local.env | ||
| source scripts/foundry-util.sh | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Ensure POSIX-compatible environment loading
This script uses source under #!/bin/sh. In POSIX sh, use . or switch to Bash.
- source .local.env
+ . .local.env
- source scripts/foundry-util.sh
+ . scripts/foundry-util.sh📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| #!/bin/sh | |
| source .local.env | |
| source scripts/foundry-util.sh | |
| #!/bin/sh | |
| . .local.env | |
| . scripts/foundry-util.sh |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 4-4: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🤖 Prompt for AI Agents
In workshops/erc20-mts/scripts/deploy-erc20.sh at lines 1 to 5, the script uses
the `source` command which is not POSIX-compliant under `#!/bin/sh`. To fix
this, replace all instances of `source` with the POSIX-compatible `.` command or
change the shebang to `#!/bin/bash` if Bash-specific features are required.
| #!/bin/sh | ||
|
|
||
| set -e | ||
|
|
||
| source .local.env | ||
| source scripts/foundry-util.sh | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Ensure POSIX-compatible environment loading
You're invoking source under #!/bin/sh. Convert to . or change the shebang to Bash.
- source .local.env
+ . .local.env
- source scripts/foundry-util.sh
+ . scripts/foundry-util.sh📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| #!/bin/sh | |
| set -e | |
| source .local.env | |
| source scripts/foundry-util.sh | |
| #!/bin/sh | |
| set -e | |
| . .local.env | |
| . scripts/foundry-util.sh |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 5-5: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
[warning] 6-6: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🤖 Prompt for AI Agents
In workshops/erc20-mts/scripts/mint-erc20.sh at lines 1 to 7, the script uses
`source` which is not POSIX-compliant under `#!/bin/sh`. To fix this, either
replace `source` with the POSIX-compatible `.` command for sourcing environment
files or change the shebang line from `#!/bin/sh` to `#!/bin/bash` to explicitly
use Bash.
| #!/bin/sh | ||
|
|
||
| source .local.env | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Ensure POSIX-compatible environment loading
Replace source with . or update shebang to Bash:
- source .local.env
+ . .local.env📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| #!/bin/sh | |
| source .local.env | |
| #!/bin/sh | |
| . .local.env |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🤖 Prompt for AI Agents
In workshops/erc20-mts/scripts/deploy-wasm.sh at lines 1 to 4, the script uses
`source` which is not POSIX-compliant. To fix this, either replace `source
.local.env` with `. .local.env` for POSIX compatibility or change the shebang
from `#!/bin/sh` to `#!/bin/bash` if Bash-specific features are required.
| #!/bin/sh | ||
|
|
||
| source .local.env | ||
|
|
There was a problem hiding this comment.
🛠️ Refactor suggestion
Ensure POSIX-compatible environment loading
source .local.env under #!/bin/sh should be:
- source .local.env
+ . .local.env📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| #!/bin/sh | |
| source .local.env | |
| #!/bin/sh | |
| . .local.env |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 3-3: In POSIX sh, 'source' in place of '.' is undefined.
(SC3046)
🤖 Prompt for AI Agents
In workshops/erc20-mts/scripts/wasm-tx-increment.sh at lines 1 to 4, the script
uses `source .local.env` which is not POSIX-compliant under `#!/bin/sh`. Replace
`source .local.env` with `. .local.env` to ensure POSIX compatibility for
environment loading.
| exit 1 | ||
| fi | ||
|
|
||
| USER_INJ_ADDRESS=$(injectived keys show $USER --keyring-backend=test -a)\ |
There was a problem hiding this comment.
Remove stray backslash causing syntax error
The trailing \ on the assignment will escape the newline and break the script.
- USER_INJ_ADDRESS=$(injectived keys show $USER --keyring-backend=test -a)\
+ USER_INJ_ADDRESS=$(injectived keys show "$USER" --keyring-backend=test -a)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| USER_INJ_ADDRESS=$(injectived keys show $USER --keyring-backend=test -a)\ | |
| USER_INJ_ADDRESS=$(injectived keys show "$USER" --keyring-backend=test -a) |
🧰 Tools
🪛 Shellcheck (0.10.0)
[warning] 10-10: USER_INJ_ADDRESS appears unused. Verify use (or export if used externally).
(SC2034)
🤖 Prompt for AI Agents
In workshops/erc20-mts/scripts/wasm-tx-increment.sh at line 10, remove the
trailing backslash from the USER_INJ_ADDRESS assignment line to prevent escaping
the newline and causing a syntax error in the shell script.
|
Closed for #16 |
Rebranding this PR and code as "Workshop" thing to prevent collisions with @arrivets ERC20 demos
Difference between demo and workshop here is that workshop is interactive and has own pace, steps must be reproduce-able and provide room for user's optional input. Demo is more like a code example that has many steps, running automatically.