Open source

.env.example

@@ -0,0 +1,4 @@
+PRIVATE_KEY=
+OP_SCAN_API_KEY=
+FTM_SCAN_API_KEY=
+ALCHEMY_API_KEY=

.gitattributes

@@ -0,0 +1 @@
+*.vy linguist-language=Python

.github/workflows/main.yml

@@ -0,0 +1,48 @@
+# This is a basic workflow to help you get started with Actions
+
+name: CI
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the master branch
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "test"
+  test:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v2
+        with:
+          submodules: recursive
+      - uses: actions/setup-node@v2
+      - name: Install dev dependencies
+        run: npm install
+
+      # Runs a single command using the runners shell
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: nightly
+
+      - name: Install deps
+        run: forge install
+
+      - name: Run tests
+        run: FOUNDRY_PROFILE=ci forge test
+
+      - name: slither-static-analysis
+        continue-on-error: true
+        uses: luisfontes19/slither-static-analysis-action@v0.3.4
+

.gitignore

@@ -0,0 +1,30 @@
+# for verify
+args.js 
+
+.env
+
+# Foundry
+cache/
+out/
+
+# JS
+node_modules/
+package-lock.json
+
+# Hardhat files
+cache_hardhat/
+artifacts/
+
+# Hardhat plugin files
+typechain-types/
+
+# Merkle generator
+scripts/generator/*json
+scripts/generator/*log
+
+*.go
+abi
+build
+scripts/xbribes
+# for verify
+Flattened.sol

.gitmodules

@@ -0,0 +1,15 @@
+[submodule "lib/ds-test"]
+	path = lib/ds-test
+	url = https://github.com/dapphub/ds-test
+[submodule "lib/forge-std"]
+	path = lib/forge-std
+	url = https://github.com/foundry-rs/forge-std
+[submodule "lib/solmate"]
+	path = lib/solmate
+	url = https://github.com/Rari-Capital/solmate
+[submodule "lib/openzeppelin-contracts"]
+	path = lib/openzeppelin-contracts
+	url = https://github.com/OpenZeppelin/openzeppelin-contracts
+[submodule "lib/LayerZero"]
+	path = lib/LayerZero
+	url = https://github.com/LayerZero-Labs/LayerZero

.solcover.js

@@ -0,0 +1,3 @@
+module.exports = {
+  skipFiles: ['test'],
+};

SECURITY.md

@@ -0,0 +1,38 @@
+## Bug Bounty Program
+
+Solidly has a Bug Bounty program to encourage security researchers to spend time studying the protocol in order to uncover vulnerabilities. We believe these researchers should get fairly compensated for their time and effort, and acknowledged for their valuable contributions.
+
+### Rules
+
+1. Bug has not been publicly disclosed.
+2. Vulnerabilities that have been previously submitted by another contributor or already known by the development team are not eligible for rewards.
+3. The size of the bounty payout depends on the assessment of the severity of the exploit. Please refer to the rewards [section](#rewards) below for additional details.
+4. Bugs must be reproducible in order for us to verify the vulnerability.
+5. Rewards and the validity of bugs are determined by the security team and any payouts are made at their sole discretion.
+6. Terms and conditions of the Bug Bounty program can be changed at any time.
+7. Details of any valid bugs may be shared with complementary protocols utilized in the ecosystem in order to promote ecosystem cohesion and safety.
+
+### Classifications
+
+- **Severe:** Highly likely to have a material impact on availability, integrity, and/or loss of funds.
+- **High:** Likely to have impact on availability, integrity, and/or loss of funds.
+- **Medium:** Possible to have an impact on availability, integrity, and/or loss of funds.
+- **Low:** Unlikely to have a meaningful impact on availability, integrity, and/or loss of funds.
+
+### Rewards
+
+- **Severe:** $20,000-$200,000
+- **High:** $5,000-$20,000
+- **Medium:** $1,000-$5,000
+- **Low:** $100-$1,000
+
+_Paid out in USD equivalent of USDC, DAI, or ETH._
+
+Actual payouts are determined by classifying the vulnerability based on its impact and likelihood to be exploited successfully, as well as the process working with the disclosing security researcher. The rewards above represent the _maximum_ that will be paid out for a disclosure.
+
+### Scope
+
+The scope of the Bug Bounty program;
+
+- ./contracts
+- excluding ./contracts/test/*