Rust smart contract for Solana liquidity pools with variable token number.
To build the Pool program, use the normal build command for Solana programs:
cargo build-bpf
To deploy the pool program:
- Check that the
TOKEN_COUNT
const is set to the number of constituent tokens you want the pool program to initialize - Build the program:
cargo build-bpf
- Deploy the program using:
solana program deploy --program-id <path_to_keypair> ./target/deploy/pool.so
- To adjust the number of constituent tokens for the Pool Program, adjust the
TOKEN_COUNT
const insrc/lib.rs
then rebuild and deploy the program to a new program_id
Kudelski audit completed Dec 13th, 2021
Pools with 4 Tokens: SWiMBJS9iBU1rMLAKBVfp73ThW1xPPwKdBHEU2JFpuo
Pools with 6 Tokens: SWiMDJYFUGj6cPrQ6QYYYWZtvXQdRChSVAygDZDsCHC
cd swim/pool
# run all tests
cargo test-bpf -- --show-output
# run all tests with suppressed noisy logs
cargo test-bpf -- --show-output --nocapture --test-threads=1 2>&1 | ./sol_spam_filter.py
# run specific test
cargo test-bpf -- --test test_pool_init --show-output
# install Soteria
cd ~
sh -c "$(curl -k https://supercompiler.xyz/install)"
# Depending on your system, you may need to change your PATH environment variable to include soteria
export PATH=$PWD/soteria-linux-develop/bin/:$PATH
docker run -v $PWD/:/workspace -it greencorelab/soteria:0.1.0 /bin/bash
# check vulnerabilities in selected library codes
soteria .
# check vulnerabilities in all library codes
soteria -analyzeAll .
The honggfuzz library is incompatable with macOS big sur and above (as of 11/01/2021). The workaround is to run the fuzzing tests within a docker container and was based on the solution found here
# 1. build docker container (only have to do this one time)
$ docker build -t pool .
# 2. run docker container
# $ docker run -it --security-opt seccomp=unrestricted -v $(pwd):/app/ pool bash
$ docker run -it --privileged -v $(pwd):/app/ pool bash
# should be in the docker container now
$ cd fuzz
$ BPF_OUT_DIR="/app/target/deploy" HFUZZ_RUN_ARGS="-t 100 -N 1000 -Q " cargo hfuzz run pool_fuzz
# redirect output to files
$ BPF_OUT_DIR="/app/target/deploy" HFUZZ_RUN_ARGS="-t 100 -N 500 -Q -d -v" cargo hfuzz run pool_fuzz > test_output.txt 2>&1
# -t = timeout in seconds
# -n = number of threads
# -N = number of iterations
# --exit_upon_crash
# run fuzz debugger
# file for fuzz can be found in /app/fuzz/hfuzz_workspace/pool_fuzz/HONGGFUZZ.REPORT.TXT
$ BPF_OUT_DIR="/app/target/deploy" cargo hfuzz run-debug pool_fuzz 'hfuzz_workspace/pool_fuzz/SIGABRT.PC.7f3088fedce1.STACK.19a84c71ce.CODE.-6.ADDR.0.INSTR.mov____0x108(%rsp),%rax.fuzz'
If you encounter fatal error: ld terminated with signal 9
during the docker build
or docker run
stage, in Docker Desktop go to "Preferences" -> "Resources" and increase the memory and swap. Then try again.
Use at your own risk. Swim Protocol Foundation, and its representatives and agents disclaim all warranties, express or implied, related to the application you are accessing, and are not liable for any transactions you conduct thereon or losses that may result therefrom. US Persons are not permitted to access or use this application.