-
Notifications
You must be signed in to change notification settings - Fork 70
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into collection-offers
- Loading branch information
Showing
21 changed files
with
1,267 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # New Module Proposal | ||
|
|
||
| ## Description | ||
|
|
||
| <!--- Describe your changes in detail --> | ||
|
|
||
| ## Motivation and Context | ||
|
|
||
| <!--- Why is this module required? What problem does it solve? --> | ||
|
|
||
| ## How has this been tested? | ||
|
|
||
| <!--- Please describe in detail how you tested your changes. --> | ||
| <!--- Include details of your testing environment, tests ran to see how --> | ||
| <!--- your change affects other areas of the code, etc. --> | ||
|
|
||
| ## Checklist: | ||
|
|
||
| <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> | ||
| <!--- If you're unsure about any of these, don't hesitate to ask. --> | ||
|
|
||
| - [ ] The module includes tests written for Foundry | ||
| - [ ] The module is documented with [NATSPEC](https://docs.soliditylang.org/en/v0.5.10/natspec-format.html) | ||
| - [ ] The documentation includes [UML Diagrams](https://plantuml.com/ascii-art) for external and public functions | ||
| - [ ] The module is a [Hyperstructure](https://www.jacob.energy/hyperstructures.html) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| # V3 𓀨 | ||
|
|
||
| This repoository contains the core contracts that compose the ZORA V3 Protocol. | ||
| This repository contains the core contracts that compose the ZORA V3 Protocol. | ||
|
|
||
| This protocol is a [Hyperstructure](https://www.jacob.energy/hyperstructures.html). It is unstoppable, free, expansive, permissionless, and credibly neutral. | ||
|
|
||
|
|
@@ -44,8 +44,58 @@ When a new market is registered, a ZORA Module Fee Switch NFT, or ZORF, is minte | |
|
|
||
| Once registered, anyone is able to use the market module by approving it via the ZoraModuleManager. | ||
|
|
||
| ## Contributing | ||
|
|
||
| ZORA V3 is meant to be as extensible as possible. As such, there are a number of ways for developers to contribute. This protocol is being developed in the open, and anyone can propose a module, audit a module, or suggest new module types for the community to begin using. | ||
|
|
||
| As the protocol matures, so too will these contribution guidelines. If you have a suggestion on how we can collaborate better on this protocol, [please let us know](#leaving-feedback). | ||
|
|
||
| ### Registering a New Module | ||
|
|
||
| New modules are added to V3 in three stages. We track which stage each module is in with PR labels: | ||
|
|
||
| - Draft / RFC | ||
| - Community Audit | ||
| - Ready for Deployment | ||
|
|
||
| Note that we also include a 4th label, "ZORA Bug Bounty" for Modules that are created by the ZORA core team and ready for a community audit. | ||
|
|
||
| #### Draft / RFC | ||
|
|
||
| In this stage, the ZORA community is able to give design feedback and start discussions about what the module aims to accomplish. A new draft module can be started by [creating a new pull request](https://github.com/ourzora/v3/compare). | ||
|
|
||
| #### Community Audit | ||
|
|
||
| Once a module has been designed, built, tested and documented, the module can undergo community audits. If a vulnerability is found during this phase, feel free to leave a comment directly in the PR. If the module has been audited by a third party, the audit report can be included in the PR. | ||
|
|
||
| Modules that are written by the ZORA core team are open to our bug bounty program, which allows community auditors to claim up to 25 ETH for vulnerabilities that may have been missed during development. The rubric we use to determine bug bounties is inspired by [ImmuneFi](https://immunefi.com/severity-updated/) and is as follows: | ||
|
|
||
| | **Level** | **Example** | **Maximum Bug Bounty** | | ||
| | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | | ||
| | 5. Critical | - Empty or freeze the protocol's holdings (e.g. economic attacks, flash loans, reentrancy, MEV, logic errors) | Up to 25 ETH | | ||
| | 4. High | - Token holders temporarily unable to transfer holdings<br>- Users spoof each other<br>- Transient Consensus Failures | Up to 10 ETH | | ||
| | 3. Medium | - Contract consumes unbounded gas<br>- Block stuffing<br>- Griefing denial of service (i.e. attacker spends as much in gas as damage to the contract)<br>- Gas griefing | Up to 5 ETH | | ||
| | 2. Low | - Contract fails to deliver promised returns, but doesn't lose value | Up to 1 ETH | | ||
| | 1. None | - Best practices | | | ||
| | Not sure? | | Let's talk :~) | | ||
|
|
||
| The ZORA Core team will commit to publicly disclosing all bug bounty payouts for applicable modules, as defined above. | ||
|
|
||
| Although not required, developers outside the ZORA core team are able to create and fund their own bug bounty programs, if desired. Feel free to outline your audit program in your PR description. | ||
|
|
||
| After a module has undergone a community audit (ideally about 3-7 days), the module can be deployed and registered. If a vulnerability is found post-deployment, you can email [[email protected]](mailto:[email protected]) directly. | ||
|
|
||
| #### Registering a Module | ||
|
|
||
| Since the ZORA DAO is currently controlled by a multi-sig, the ZORA Core team will deploy and register audited modules manually. If the module is marked with a "Ready for Deployment" label, it will be picked up in the next available deployment window by the ZORA core team. Once deployed, the contract address will be available in the `addresses/` directory. | ||
|
|
||
| ### Leaving Feedback | ||
|
|
||
| If you have suggestions or comments on how we can better collaborate on this codebase and/or the protocol as a whole, please [create an issue](https://github.com/ourzora/v3/issues/new) outlining your ideas and suggestions. We can then use the issue tracker as an open discussion forum. | ||
|
|
||
| ## Local Development | ||
|
|
||
| 1. Install dependencies with `yarn` | ||
| 2. Compile the contracts with `yarn build` | ||
| 3. Run tests with `yarn test` | ||
| 1. Install [Foundry](https://github.com/gakonst/foundry#installation) | ||
| 2. Install dependencies with `yarn` & `forge update` | ||
| 3. Compile the contracts with `yarn build` | ||
| 4. Run tests with `yarn test` | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| { | ||
| "RoyaltyEngineV1": "0x28EdFcF0Be7E86b07493466e7631a213bDe8eEF2", | ||
| "WETH": "0x0d500b1d8e8ef31e21c99d1db9a6444d3adf1270", | ||
| "ZoraProtocolFeeSettings": "0x9641169A1374b77E052E1001c5a096C29Cd67d35", | ||
| "ZoraModuleManager": "0xCCA379FDF4Beda63c4bB0e2A3179Ae62c8716794", | ||
| "ERC20TransferHelper": "0x909e9efE4D87d1a6018C2065aE642b6D0447bc91", | ||
| "ERC721TransferHelper": "0xCe6cEf2A9028e1C3B21647ae3B4251038109f42a", | ||
| "AsksV1_1": "0x3634e984Ba0373Cfa178986FD19F03ba4dD8E469" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| { | ||
| "RoyaltyEngineV1": "0x0a01E11887f727D1b1Cd81251eeEE9BEE4262D07", | ||
| "WETH": "0x9c3c9283d3e44854697cd22d3faa240cfb032889", | ||
| "ZoraProtocolFeeSettings": "0x9641169A1374b77E052E1001c5a096C29Cd67d35", | ||
| "ZoraModuleManager": "0x850A7c6fE2CF48eea1393554C8A3bA23f20CC401", | ||
| "ERC20TransferHelper": "0xCCA379FDF4Beda63c4bB0e2A3179Ae62c8716794", | ||
| "ERC721TransferHelper": "0x909e9efE4D87d1a6018C2065aE642b6D0447bc91", | ||
| "AsksV1_1": "0xCe6cEf2A9028e1C3B21647ae3B4251038109f42a" | ||
| } |
Oops, something went wrong.