Specification | Crates.io | Docs | Coverage |
---|---|---|---|
cw1 | |||
cw2 | |||
cw3 | |||
cw4 | |||
cw20 |
Utilities | Crates.io | Docs | Coverage |
---|---|---|---|
cw-controllers |
Contracts | Download | Docs | Coverage |
---|---|---|---|
cw1-subkeys | Release v0.13.4 | ||
cw1-whitelist | Release v0.13.4 | ||
cw3-fixed-multisig | Release v0.13.4 | ||
cw3-flex-multisig | Release v0.13.4 | ||
cw4-group | Release v0.13.4 | ||
cw4-stake | Release v0.13.4 | ||
cw20-base | Release v0.13.4 | ||
cw20-ics20 | Release v0.13.4 |
Note: cw721
and cw721-base
have moved to the new cw-nfts
repo and can be
followed there.
Note: most of the cw20-*
contracts besides cw20-base
have moved to the new
cw-tokens
repo and can be followed there.
This is a collection of specification and contracts designed for use on real networks. They are designed not just as examples, but to solve real-world use cases, and to provide a reusable basis to build many custom contracts.
If you don't know what CosmWasm is, please check out our homepage and our documentation to get more background. We are running public testnets you can use to test out any contracts.
Warning None of these contracts have been audited and no liability is assumed for the use of this code. They are provided to turbo-start your projects.
The most reusable components are the various cwXYZ specifications under packages
. Each one defines a standard
interface for different domains, e.g. cw20 for fungible tokens,
cw721 for non-fungible tokens,
cw1 for "proxy contracts", etc. The interface comes with a human description in the READMEs,
as well as Rust types that can be imported.
They contain no logic, but specify an interface. It shows what you need to implement to create a compatible contracts, as well as what interface we guarantee to any consumer of such contracts. This is the real bonus of specifications, we can create an escrow contract that can handle many different fungible tokens, as long as they all adhere to the cw20 specification.
If you have ideas for new specifications , please raise an issue or create a pull request on this repo.
We provide sample contracts that either implement or consume these specifications to both provide examples, and provide
a basis for code you can extend for more custom contacts, without worrying about reinventing the wheel each time. For
example cw20-base
is a basic implementation of a cw20
compatible contract that can be
imported in any custom contract you want to build on it.
CW1 Proxy Contracts:
cw1-whitelist
a minimal implementation ofcw1
mainly designed for reference.cw1-subkeys
a simple, but useful implementation, which lets us use a proxy contract to provide "allowances" for native tokens without modifying thebank
module.
CW3 Multisig:
cw3-fixed-multisig
a simple implementation of the cw3 spec. It is a multisig with a fixed set of addresses, created upon initialization. Each address may have the same weight (K of N), or some may have extra voting power. This works much like the native Cosmos SDK multisig, except that rather than aggregating the signatures off chain and submitting the final result, we aggregate the approvals on-chain.cw3-flex-multisig
builds on cw3-fixed-multisig, with a more powerful implementation of the cw3 spec. It's a multisig contract backed by a cw4 (group) contract, which independently maintains the voter set.
CW4 Group:
cw4-group
a basic implementation of the cw4 spec. It handles elected membership, by admin or multisig. It fulfills all elements of the spec, including raw query lookups, and is designed to be used as a backing storage for cw3 compliant contracts.cw4-stake
a second implementation of the cw4 spec. It fulfills all elements of the spec, including raw query lookups, and is designed to be used as a backing storage for cw3 compliant contracts. It provides a similar API to [cw4-group
], but rather than appointing members, their membership and weight are based on the number of staked tokens they have.
CW20 Fungible Tokens:
cw20-base
a straightforward, but complete implementation of the cw20 spec along with all extensions. Can be deployed as-is, or imported by other contracts.
To compile all the contracts, run the following in the repo root:
docker run --rm -v "$(pwd)":/code \
--mount type=volume,source="$(basename "$(pwd)")_cache",target=/code/target \
--mount type=volume,source=registry_cache,target=/usr/local/cargo/registry \
cosmwasm/workspace-optimizer:0.12.13
This will compile all packages in the contracts
directory and output the stripped and optimized wasm code under the
artifacts
directory as output, along with a checksums.txt
file.
If you hit any issues there and want to debug, you can try to run the following in each contract dir:
RUSTFLAGS="-C link-arg=-s" cargo build --release --target=wasm32-unknown-unknown --locked
One of the basic metrics of assurance over code quality is how much is covered by unit tests. There are several tools available for Rust to do such analysis and we will describe one below. This should be used as a baseline metric to give some confidence in the code.
Beyond code coverage metrics, just having a robust PR review process with a few more trained eyes looking for bugs is very helpful in detecting paths the original coder was not aware of. This is more subjective, but looking at the relevant PRs and depth of discussion can give an idea how much review was present.
After that, fuzzing it (ideally with an intelligent fuzzer that understands the domain) can be valuable. And beyond that formal verification can provide even more assurance (but is very time-consuming and expensive).
I recommend the use of tarpaulin: cargo install cargo-tarpaulin
To get some nice interactive charts, you can go to the root directory and run:
cargo tarpaulin -o html
and then xdg-open tarpaulin-report.html
(or just open
on MacOS).
Once you find a package that you want to improve, you can do the following to just analyze this package, which gives much faster turn-around:
cargo tarpaulin -o html --packages cw3-fixed-multisig
Note that it will produce a code coverage report for the entire project, but only the coverage in that package is the real value. If does give quick feedback for you if you unit test writing was successful.
See our Contributing Guidelines.
To generate a changelog we decided to use github-changelog-generator.
To install tool you need Ruby's gem
package manager.
$ gem --user install github_changelog_generator
And put $HOME/.gem/ruby/*/bin/
into your PATH.
Generating changelog file first time:
$ github_changelog_generator -u CosmWasm -p cw-plus
Appending next releases could be done adding --base
flag:
$ github_changelog_generator -u CosmWasm -p cw-plus --base CHANGELOG.md
If you hit GitHub's 50 requests/hour limit, please follow
this guide to create a token
key which you can pass using --token
flag.
There's also a convenience scripts/update_changelog.sh
, which can take a --since-tag parameter (to avoid processing
the entire history). It can also auto-detect the latest version tag for you, with --latest-tag.
This repo is licensed under Apache 2.0.
All specifications will always be Apache-2.0. All contracts that are meant to be building blocks will also be Apache-2.0. This is along the lines of Open Zeppelin or other public references.