Using SafeCast for all downcasting #267
Conversation
package.json
Outdated
| @@ -46,7 +46,7 @@ | |||
| "ethereumjs-util": "^6.0.0", | |||
| "fast-memoize": "^2.5.1", | |||
| "merkletreejs": "0.0.22", | |||
| "openzeppelin-solidity": "2.1.1", | |||
| "openzeppelin-solidity": "OpenZeppelin/openzeppelin-contracts#master", | |||
There was a problem hiding this comment.
I would prefer a concrete commit, instead of a changing reference such as master
There was a problem hiding this comment.
If you check one commit behind, you'll see that neither of these options are working.
There was a problem hiding this comment.
We don't seem to be running npm install on travis for some weird reason. I think that's why it is failing.
Also, is SafeCast included in a branch or tagged version (e.g. v2.5rc or such). Then we could make it explicit that we are waiting on a specific version.
There was a problem hiding this comment.
We don't seem to be running npm install on travis for some weird reason.
I thought this might be the case, but second guessed myself, cuz I thought "How could anything be working if we don't run npm install?"
Is SafeCast included in a branch or tagged version
I'll check it out.
There was a problem hiding this comment.
Unfortunately, at this time, there are no branch tags on OZ since their most recent release (which did not yet include these changes)
https://github.com/OpenZeppelin/openzeppelin-contracts/tags
There was a problem hiding this comment.
@nlordell - I like the idea of using the shorter hash. Do we know if this works?
There was a problem hiding this comment.
@bh2smith absolutely none, I just imagine it would as it probably uses git under the hood to resolve refs
There was a problem hiding this comment.
How does one know the exact number of characters that constitute a legit "short-hash"?
There was a problem hiding this comment.
This works, thanks @nlordell -
"OpenZeppelin/openzeppelin-contracts#2c11ed59"
There was a problem hiding this comment.
Also, there is no need for npm install in the travis file as the install script section was not overloaded. Note that travis calls npm ci instead of npm install which is usually better but uses your project-lock.json file - which explains why SafeCast.sol was missing. What surprises me is that npm ci should fail if package-lock.json and package.json don't match but didn't in this case.
bh2smith
force-pushed
the
212/use_safecast
branch
from
e429322 to
3f7fb7f
Compare
Closes #212 - by using specific commit hash of OpenZeppelin dependency and using its new
SafeCastsecurity tool!TestPlan: checkout this branch, run
npm installfollowed bytruffle test(with an instance ofganache–clirunning).