-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds framework for the documentation of analyzed tools #726
Adds framework for the documentation of analyzed tools #726
Conversation
Signed-off-by: maciek.nabialek <maciej.nabialek@arianelabs.com>
Hi @nabialek-arianelabs, thanks for sending this. Is there any particular reason to include specific analysis files, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just went through the README
, added a couple of details.
I haven't gone through the rest as per #726 (comment).
@@ -0,0 +1,37 @@ | |||
# EVM Analytic tools study | |||
### General Information: | |||
This report aims to analyze potential tools that will aid in the development, porting, and security assessment |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From analyze potential tools
it looks like we are evaluating the tools, not the smart contracts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@acuarica This sentence is correct. The focus of these reports is the analysis of the tools.
tools/README.md
Outdated
of Smart Contracts deployed on the Hedera network. Key aspects evaluated during this research include: | ||
- Ease of use and compatibility with Hedera. | ||
- Ability to identify optimizations and potential errors or bugs specific to Smart Contracts on the Hedera. | ||
- Issues with compatibility for contracts ported from Ethereum or other networks to the Hedera. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Issues with compatibility for contracts ported from Ethereum or other networks to the Hedera. | |
- Compatibility issues with contracts ported from Ethereum, or other EVM networks, to the Hedera network. |
tools/README.md
Outdated
- Ability to identify optimizations and potential errors or bugs specific to Smart Contracts on the Hedera. | ||
- Issues with compatibility for contracts ported from Ethereum or other networks to the Hedera. | ||
### Prerequisites | ||
Tools were tested in the MacOS and Kubuntu Linux environments as well as on Docker containers. Test setup involves: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: isn't Kubuntu too specific? Can we say just Ubuntu?
Tools were tested in the MacOS and Kubuntu Linux environments as well as on Docker containers. Test setup involves: | |
Tools were tested in MacOS and Kubuntu Linux environments as well as on Docker containers. Test setup involves: |
tools/README.md
Outdated
- Cloning the Hedera JSON RPC repository: `git clone -b main --single-branch https://github.com/hashgraph/hedera-json-rpc-relay.git`. | ||
- Installing dependencies, and building the project: `npm install`, `npm run setup`, from the project directory. | ||
- Starting the project: `npm start`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe I'm missing something here, but why do we need the relay? Aren't these analysis tools static? If so, I don't see the dependency with the relay.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@acuarica Our analysis included investigating the possibility of replacing their APIs with Hedera Json Rpc in MAIAN and Manticore tools.
But I guess you are right - it is not crucial for the final report, so I've removed it.
tools/README.md
Outdated
- Utils: EIP712Verifier, cryptography/ECDSA, SignatureChecker | ||
2. There are precompiles which may be missing from Hedera EVM that are present in current EVM version. | ||
For example Cancun-related updates are yet to be implemented as for end of April 2024. | ||
3. By the [docs](https://docs.hedera.com/hedera/sdks-and-apis/sdks/token-service/associate-tokens-to-an-account). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: By the docs
alone looks odd.
tools/README.md
Outdated
For example Cancun-related updates are yet to be implemented as for end of April 2024. | ||
3. By the [docs](https://docs.hedera.com/hedera/sdks-and-apis/sdks/token-service/associate-tokens-to-an-account). | ||
When using the Hedera Token Service it is important to check if the token is associated with the receiving account. | ||
4. List of pain points between Hedera EVM and vanilla Ethereum EVM: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Canonical instead of vanilla?
Is there a reason to include the generated files? To see the actual report result, might be better to include the analysis in CI and published the results from there. |
Hi @arianejasuwienas, we have discussed with the team the main points of these PRs. From its contents, it is not entirely clear what the purpose of these PRs is. However, from your comments it seems the main goal is to evaluate the suitability of these tools in a Hedera project. If that's the case, could you rewrite the docs to make that explicit? There is no need to include full report and logs output, at most, some sample report output might be embedded in the docs. All the docs may be placed inside a folder Without the report and logs output the PRs might be just a few files. If that's the case, it might be easier to merge them into a single PR (like the original one posted in the relay hashgraph/hedera-json-rpc-relay#2439). The references for Etherscan API keys don't apply for Hedera, those should be removed. Happy to discuss this further is something is not clear. team in cc @ebadiere @AlfredoG87 @quiet-node |
Test reports are a critical component of our research. Removing them entirely from the contexts in which we draw conclusions from performed tests would be challenging. Perhaps, in such cases, we could maintain these reports in a separate repository and reference them in this specific PR. Omitting Etherscan API information entirely means we lose essential details: Slither's ability to access resources directly from the blockchain is not compatible with Hashscan. My proposal is to condense this information but still retain it in the report. |
Hey @arianejasuwienas,
I might be missing something here, but why it would be challenging? If the focus is on the Smart Contracts themselves, I agree, but this is not the case. Some example report might be worth including, but not all of them.
Sure, that might be a potential solution. However, having these reports in a separate repo begs the question of whether to move the whole evaluation into a separate repo.
One clarification first: Etherscan is both a block explorer and a verification service. Hashscan is only a block explorer. The verification service that we use is based on Sourcify and is provided by a different service.[*] Here what's important is that
[*] Hashscan could in principle provide a Etherscan-like API given that it has the block information and can act as a facade for the verification service. This might be worth exploring in the future. |
Replaced with: #740 |
Adds framework for research documentation of EVM analytic tools: