ci: add workflow to run Slither on Pull Requests

.github/workflows/build-and-test.yml

@@ -7,8 +7,7 @@ on:
     branches:
       - "develop"
   pull_request:
-    branches:
-      - "*"
+    branches: ["*"]
 
 jobs:
   build:
@@ -18,11 +17,11 @@ jobs:
         working-directory: implementations
 
     steps:
-      - uses: actions/checkout@v2
-      - name: Setup Node.js 16
-        uses: actions/setup-node@v2
+      - uses: actions/checkout@v4
+      - name: Setup Node.js v20
+        uses: actions/setup-node@v4
         with:
-          node-version: "16" # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
+          node-version: "20.x" # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
           cache: "npm"
           cache-dependency-path: implementations/package-lock.json
 
@@ -42,7 +41,7 @@ jobs:
         run: npm run test:coverage
 
       - name: Upload to Coveralls
-        uses: coverallsapp/github-action@master
+        uses: coverallsapp/github-action@v2
         with:
           path-to-lcov: ./implementations/coverage/lcov.info
           github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/npm-release.yml

@@ -25,15 +25,15 @@ jobs:
           exit 1
 
       # step 1: checkout to the correct branch
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       # step 2: setup Node.js to version 16
-      - name: Setup Node.js 16
-        uses: actions/setup-node@v2
+      - name: Setup Node.js v20
+        uses: actions/setup-node@v4
         with:
-          node-version: "16.x"
+          node-version: "20.x"
           registry-url: "https://registry.npmjs.org"
           cache: "npm"
           cache-dependency-path: implementations/package-lock.json

.github/workflows/slither.yml

@@ -0,0 +1,59 @@
+# this workflow run Slither static analysis tool on the Solidity code
+# of the Migration Deposit contract and the Migration Universal Profile
+name: Slither Analysis
+
+on:
+  pull_request:
+    branches: ["*"]
+
+    # Run Slither only when editing the Solidity code of the smart contracts
+    paths:
+      - "contracts/**/*.sol"
+
+jobs:
+  slither:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: implementations
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Use Node.js v20
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20.x"
+          cache: "npm"
+          cache-dependency-path: implementations/package-lock.json
+
+      - name: 📦 Install Node Modules
+        run: npm ci
+
+      - name: 📥 Install Slither
+        run: |
+          pip3 install slither-analyzer solc-select
+          solc-select install 0.8.17
+          solc-select use 0.8.17
+
+      - name: 🐍 Run Slither
+        id: slither_report
+        run: |
+          echo "# 🐍📄 Slither Analysis" > slither_report.md
+
+          slither . \
+            --checklist \
+            --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/ \
+            --no-fail-pedantic \
+            --show-ignored-findings \
+            >> slither_report.md
+
+      - name: 📄 Add Slither report in comment
+        uses: peter-evans/create-or-update-comment@v2
+        env:
+          REPORT: ${{ steps.slither_report.outputs.stdout }}
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          issue-number: ${{ github.event.pull_request.number }}
+          body-file: slither_report.md

.github/workflows/solc_version.yml

@@ -4,9 +4,7 @@ name: Solidity Compiler Versions
 
 on:
   pull_request:
-    branches:
-      - "main"
-      - "develop"
+    branches: ["*"]
 
 jobs:
   solc_version:
@@ -36,12 +34,12 @@ jobs:
             "0.8.21"
           ]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - name: Setup Node.js 16
-        uses: actions/setup-node@v2
+      - name: Setup Node.js v20
+        uses: actions/setup-node@v4
         with:
-          node-version: "16"
+          node-version: "20.x"
           cache: "npm"
           cache-dependency-path: implementations/package-lock.json
 

implementations/contracts/ERC725.sol

@@ -2,15 +2,8 @@
 pragma solidity ^0.8.5;
 
 // modules
-import {OwnableUnset} from "./custom/OwnableUnset.sol";
-import {ERC725XCore} from "./ERC725XCore.sol";
-import {ERC725YCore} from "./ERC725YCore.sol";
-
-// constants
-import {_INTERFACEID_ERC725X, _INTERFACEID_ERC725Y} from "./constants.sol";
-
-// errors
-import {OwnableCannotSetZeroAddressAsOwner} from "./errors.sol";
+import {ERC725X} from "./ERC725X.sol";
+import {ERC725Y} from "./ERC725Y.sol";
 
 /**
  * @title ERC725 bundle.
@@ -19,7 +12,7 @@ import {OwnableCannotSetZeroAddressAsOwner} from "./errors.sol";
  *
  * @custom:warning This implementation does not have by default a `receive()` or `fallback()` function.
  */
-contract ERC725 is ERC725XCore, ERC725YCore {
+contract ERC725 is ERC725X, ERC725Y {
     /**
      * @notice Deploying an ERC725 smart contract and setting address `initialOwner` as the contract owner.
      * @dev Deploy a new ERC725 contract with the provided `initialOwner` as the contract {owner}.
@@ -28,22 +21,16 @@ contract ERC725 is ERC725XCore, ERC725YCore {
      * @custom:requirements
      * - `initialOwner` CANNOT be the zero address.
      */
-    constructor(address initialOwner) payable {
-        if (initialOwner == address(0)) {
-            revert OwnableCannotSetZeroAddressAsOwner();
-        }
-        OwnableUnset._setOwner(initialOwner);
-    }
+    constructor(
+        address initialOwner
+    ) payable ERC725X(initialOwner) ERC725Y(initialOwner) {}
 
     /**
-     * @inheritdoc ERC725XCore
+     * @inheritdoc ERC725X
      */
     function supportsInterface(
         bytes4 interfaceId
-    ) public view virtual override(ERC725XCore, ERC725YCore) returns (bool) {
-        return
-            interfaceId == _INTERFACEID_ERC725X ||
-            interfaceId == _INTERFACEID_ERC725Y ||
-            super.supportsInterface(interfaceId);
+    ) public view virtual override(ERC725X, ERC725Y) returns (bool) {
+        return super.supportsInterface(interfaceId);
     }
 }

implementations/contracts/ERC725InitAbstract.sol

@@ -2,15 +2,8 @@
 pragma solidity ^0.8.5;
 
 // modules
-import {
-    Initializable
-} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
-import {OwnableUnset} from "./custom/OwnableUnset.sol";
-import {ERC725XCore} from "./ERC725XCore.sol";
-import {ERC725YCore} from "./ERC725YCore.sol";
-
-// constants
-import {_INTERFACEID_ERC725X, _INTERFACEID_ERC725Y} from "./constants.sol";
+import {ERC725XInitAbstract} from "./ERC725XInitAbstract.sol";
+import {ERC725YInitAbstract} from "./ERC725YInitAbstract.sol";
 
 // errors
 import {OwnableCannotSetZeroAddressAsOwner} from "./errors.sol";
@@ -23,35 +16,45 @@ import {OwnableCannotSetZeroAddressAsOwner} from "./errors.sol";
  * @custom:warning This implementation does not have by default a `receive()` or `fallback()` function.
  */
 abstract contract ERC725InitAbstract is
-    Initializable,
-    ERC725XCore,
-    ERC725YCore
+    ERC725XInitAbstract,
+    ERC725YInitAbstract
 {
     /**
      * @dev Internal function to initialize the contract with the provided `initialOwner` as the contract {owner}.
      * @param initialOwner the owner of the contract.
      *
+     * NOTE: we can safely override this function and not call the parent `_initialize(...)` functions from `ERC725XInitAbstract` and `ERC725YInitAbstract`
+     * as the code logic from this `_initialize(...)` is the exactly the same.
+     *
      * @custom:requirements
      * - `initialOwner` CANNOT be the zero address.
      */
     function _initialize(
         address initialOwner
-    ) internal virtual onlyInitializing {
+    )
+        internal
+        virtual
+        override(ERC725XInitAbstract, ERC725YInitAbstract)
+        onlyInitializing
+    {
         if (initialOwner == address(0)) {
             revert OwnableCannotSetZeroAddressAsOwner();
         }
-        OwnableUnset._setOwner(initialOwner);
+        _transferOwnership(initialOwner);
     }
 
     /**
-     * @inheritdoc ERC725XCore
+     * @inheritdoc ERC725XInitAbstract
      */
     function supportsInterface(
         bytes4 interfaceId
-    ) public view virtual override(ERC725XCore, ERC725YCore) returns (bool) {
-        return
-            interfaceId == _INTERFACEID_ERC725X ||
-            interfaceId == _INTERFACEID_ERC725Y ||
-            super.supportsInterface(interfaceId);
+    )
+        public
+        view
+        virtual
+        override(ERC725XInitAbstract, ERC725YInitAbstract)
+        returns (bool)
+    {
+        return super.supportsInterface(interfaceId);
     }
 }