trufflesuite / truffle-core Goto Github PK

🚨 You need to enable Continuous Integration on all branches of this repository. 🚨

To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because we are using your CI build statuses to figure out when to notify you about breaking changes.

Since we did not receive a CI status on the greenkeeper/initial branch, we assume that you still need to configure it.

If you have already set up a CI for this repository, you might need to check your configuration. Make sure it will run on all new branches. If you don’t want it to run on every branch, you can whitelist branches starting with greenkeeper/.

We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.

Issue

Upon 'revert' (as a result of require(false)) or 'invalid opcode' (as a result of assert(false)), Truffle gives different error messages when working with Ganache and when working with GETH.

When working with Ganache, the errors are:

• "VM Exception while processing transaction: revert"
• "VM Exception while processing transaction: invalid opcode"

When working with GETH, the errors (copied from /node_modules/truffle/build/cli.bundled.js) are:

• "Transaction: " + tx + " exited with an error (status 0) after consuming all gas.\n" + "Please check that the transaction:\n" + " - satisfies all conditions set by Solidity assert statements.\n" + " - has enough gas to execute the full transaction.\n" + " - does not trigger an invalid opcode by other means (ex: accessing an array out of bounds).";
• "Transaction: " + tx + " exited with an error (status 0).\n" + "Please check that the transaction:\n" + " - satisfies all conditions set by Solidity require statements.\n" + " - does not trigger a Solidity revert statement.\n";

This makes it hard on deploying a common infrastructure for testing contract behavior, namely, ensuring that an erroneous transaction is aborted and/or reverted.

Of course, since the specific phrases "revert" and "invalid opcode" are present in both cases (when working with Ganache and when working with GETH), it is feasible to have a common testing infrastructure.
The files assertRevert.js and assertJump.js by OpenZeppelin are a good example of it.

However, these two phrases ("revert" and "invalid opcode") can theoretically appear in a whole bunch of other error messages (in particularly, messages added by the user).

Therefore, IMO, larger phrases would be highly preferable.

For example, up until now, working with Ganache, I've been testing that the error message starts with:

• "VM Exception while processing transaction: revert"
• "VM Exception while processing transaction: invalid opcode"

Now, in order to keep my code compatible with GETH, I need to test that the error message includes:

• "revert"
• "invalid opcode"

More generally, a common set of error messages, regardless of the EVM used, would be ideal.

Thanks

Environment

• Operating System: Agnostic
• Truffle version: 4.1.3

During work on #87 and #110, the following error came up:

Problem

  1) EthPM integration "before each" hook: Create a fake EthPM host and memory registry for "successfully installs single dependency from EthPM":
base.js:225
     Error: Starting inspector on 127.0.0.1:39487 failed: address already in use
      at Object.done (P:\sand\truffle\dependencies\truffle-core\node_modules\ipfsd-ctl\src\exec.js:23:27)
      at Stream.listeners.done.once (P:\sand\truffle\dependencies\truffle-core\node_modules\ipfsd-ctl\src\exec.js:45:18)
      at Stream.f (P:\sand\truffle\dependencies\truffle-core\node_modules\once\once.js:25:25)
      at emitOne (events.js:116:13)
      at Stream.emit (events.js:211:7)
      at Socket.reemit (P:\sand\truffle\dependencies\truffle-core\node_modules\duplexer\index.js:70:25)
      at emitOne (events.js:121:20)
      at Socket.emit (events.js:211:7)
      at Pipe._handle.close [as _onclose] (net.js:554:12)

This happens because the mocha-test launches another process (ipfs daemon), and the node.js debugger is loosing it (can't handle this by default). This was tested with VSCode and Webstorm on win10.

Workaround

This is a know issue, with several workarounds (and possibly even a solutions) written over the years on the web.

The most official workaround/solution should be selected, documented and applied.

Timeouts in tests are hardcoded to 2 minutes which prevents running tests on slow private networks. Detailed description of the issues and a possible fix is available in Truffle Issue 261.

The tests for EthPM (https://github.com/trufflesuite/truffle-core/blob/develop/test/ethpm.js) are very finicky, most notably the test around dependencies. This causes CI to fail erroneously all the time.

This can likely be solved via mocks and/or test flags that disable this test in CI contexts

• I've asked for help in the Truffle Gitter before filing this issue.

The Contributing.md document tells you to use the git@github protocol for fetching repos. Every time I use that protocol I get a permission denied error:

reselect-tree:
Cloning into 'dependencies/reselect-tree'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I tried to go around it by using the "https://" URL for the main repo. I was able to clone that repo but ran into the exact same problem again when I executed the meta utility to get the dependent repos, because that utility also uses the git@github protocol. I'm running Ubuntu Bionic Beaver 18.04 LTS, fully patched.

GithubExamples.initialize() is directly coupled to raw.githubusercontent.com, the "examples" are downloaded from there.

It should be possible to load the examples from the local file-system (e.g. offline-work, test-sequences etc.).

This should be either implemented directly into ethpm or as a quick workaround for the current problems within #87.

• I've asked for help in the Truffle Gitter before filing this issue.

Issue

Testrpc develop and testing nodes define hardcoded accounts addresses and balances

Steps to Reproduce

See lines https://github.com/trufflesuite/truffle-core/blob/develop/lib/commands/develop.js#L51-L66

Expected Behavior

Testrpc accounts should be customizable as in ethereumjs-testrpc

Environment

• Truffle version: Truffle 4.0.5
• Ethereum client: Truffle

People behind a proxy or in the wilderness cannot use truffle init because it calls out to Github over https. We should store the project template here and modify unbox to accept a local path. This would be helpful for scenario tests at the main repo as well since it would make it easier to build more complex mocks and run against them.

Lets say a == [1,2] and b == [3, 4], you would expect Assert.notEqual(a, b, "a not equal to b"); to return true since they are not equal to each other. However, due to the way that this case is handled, the function incorrectly treats them as equal.

Here is a short test case to illustrate the point. Below, the testEqual_GOOD does the right thing and asserts, while the testNotEqual_BAD throws an assert even though the two arrays are clearly not equal (but have the same length). Notice that if the arrays are of different lengths - everything is a-ok testNotEqual_GOOD.

	int[] a;
	int[] b;
	int[] c;
	function beforeAll() public {
		a.push(1);
		a.push(2);
		b.push(3);
		b.push(4);
		c.push(5);
	}

	// Should assert and it does.
	function testEqual_GOOD() public {
		Assert.equal(a, b, "a and b are equal"); 
	}

	// Should not assert (a and b are in fact not equal).
	function testNotEqual_BAD() public {
		Assert.notEqual(a, b, "a and b are not equal");
	}

	// Should not assert (a and c are in fact not equal).
	function testNotEqual_GOOD() public {
		Assert.notEqual(a, c, "a and c are not equal");
	}

This error occurs due to the fact that you guys employ a negation trick on the call to _report for these cases since the variable r captures the equality of the lengths of the arrays being compared. If the lengths do not match, this works great. The bug lives in the code where on a match (not equal is true) - the code sets r to true which is later negated.

Here is the output from truffle test:

    1) testEqual_GOOD

    Events emitted during test:
    ---------------------------

    TestEvent(result: <indexed>, message: a and b are equal)

    ---------------------------
    2) testNotEqual_BAD

    Events emitted during test:
    ---------------------------

    TestEvent(result: <indexed>, message: a and b are not equal)

    ---------------------------
    ✓ testNotEqual_GOOD (38ms)


  1 passing (631ms)
  2 failing

  1) Test testEqual_GOOD:
     Error: a and b are equal

  2) Test testNotEqual_BAD:
     Error: a and b are not equal

This function is also broken in the case where the first element of two equal-sized arrays are the same due to the early exit condition. This is the code as is today:

    function notEqual(int[] arrA, int[] arrB, string message) public returns (bool) {
        var r = arrA.length == arrB.length;
        if (r) {
            for (uint i = 0; i < arrA.length; i++) {
                if (arrA[i] == arrB[i]) {
                    r = true;
                    break;
                }
            }
        }
        _report(!r, message);
    }

So if a = [1,2] and b = [1,4] - it will consider them equal and throw an assert when checking notEqual.

Seeing some weirdness in the EthPM tests. We should probably check this output in a unit somewhere.

Issue

When executing truffle test, it immediately invokes truffle deploy.

It is not really clear why truffle test is to be preceded by truffle deploy, since these two functionalities are essentially designated for two different goals.

Moreover, for Ganache users, it appears to be in contrast with the specification in the docs, which state:

Truffle provides a clean room environment when running your test files. When running your tests against Ganache or Truffle Develop, Truffle will use advanced snapshotting features to ensure your test files don't share state with each other. When running against other Ethereum clients like go-ethereum, Truffle will re-deploy all of your migrations at the beginning of every test file to ensure you have a fresh set of contracts to test against.

The implementation of this can be found in file /node_modules/truffle/build/cli.bundled.js:

var Test = {
  run: function(options, callback) {
    ...
    this.getAccounts(web3).then(function(accs) {
      ...
    }).then(function(paths) {
      ...
      return self.performInitialDeploy(config, test_resolver);
    }).then(function() {
      ...
      return self.defineSolidityTests(mocha, testContracts, dependency_paths, runner);
    }).then(function() {
      ...
      return self.setJSTestGlobals(web3, accounts, test_resolver, runner);
    }).then(function() {
      ...
    }).catch(callback);
  },
  ...
  performInitialDeploy: function(config, resolver) {
    return new Promise(function(accept, reject) {
      Migrate.run(config.with({
        reset: true,
        resolver: resolver,
        quiet: true
      }), function(err) {
        if (err) return reject(err);
        accept();
      });
    });
  },
  ...
  setJSTestGlobals: function(web3, accounts, test_resolver, runner) {
    return new Promise(function(accept, reject) {
      ...
      var template = function(tests) {
        this.timeout(runner.TEST_TIMEOUT);

        before("prepare suite", function(done) {
          this.timeout(runner.BEFORE_TIMEOUT);
          runner.initialize(done);
        });

        beforeEach("before test", function(done) {
          runner.startTest(this, done);
        });

        afterEach("after test", function(done) {
          runner.endTest(this, done);
        });

        tests(accounts);
      }
      ...
    });
  }
};

As you can see, function run first calls performInitialDeploy and then calls setJSTestGlobals, which ultimately invokes tests(accounts).

Environment

• Truffle version: 4.1.3
• Ethereum client: Ganache 6.1.0

• [Yes ] I've asked for help in the Truffle Gitter before filing this issue.

Issue

Truffle injects customer provider instance even if the network is not specified for example.
This repo was chosen because this is where Environment.js is located.
I think is due to Environment.js loading all networks instead of specifying a specific network to load

Steps to Reproduce

you have network1 {provider: custom} network2 default you will find that both instances are projected even if network2 was chosen.

Expected Behavior

This shouldn't be the case custom provider should be injected only if specified in this case all custom providers are injected and that causes different problems in the long run.

Actual Results

Environment

• Operating System: Ubunto 17.01
• Truffle version:v4.0.1
• Ethereum client: Web3ZeroEngine
• node version: 8.8.1
• npm version: 5.5.1

• I've asked for help in the Truffle Gitter before filing this issue.

Issue

False error message is shown when using the --dry-run flag. For example:

> truffle migrate --network rat --dry-run
Using network 'rat' (dry run).

tx has a higher gas limit than the block

That last line: tx has a higher gas limit than the block puzzled me for a while.
It turns out to be a spurious error message or warning.

Steps to Reproduce

add the --dry-run option on a migrate call.

Expected Behavior

Tell the user if the call would work. Or, if the call would not work, tell the user why.

Actual Results

It seems that --dry-run gives no gas or changes the gas. Anyway, it seems that an error message related to how --dry-run itself is implemented is what is shown to the user.

It's kind of confusing.

Environment

• Operating System: Mac OS
• Truffle version: 4.0.1
• Ethereum Node: Geth 1.7.2-stable-1db4ecdc
• Ethereum client: [email protected]
• node version: 8.9.0
• npm version: 5.5.1

• 🚨 This is an issue with critical security vulnerabilities.

Issue

The issue is various security vulnerabilities found in truffle-core > mocha.

Reference: #942

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ critical      │ Command Injection                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ growl                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ truffle-solidity-loader [dev]                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ truffle-solidity-loader > solidity-parser > mocha > growl    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/146                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ critical      │ Command Injection                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ growl                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ truffle-solidity-loader [dev]                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ truffle-solidity-loader > truffle > mocha > growl            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/146                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ critical      │ Command Injection                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ growl                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ truffle-solidity-loader [dev]                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ truffle-solidity-loader > truffle > solidity-parser > mocha  │
│               │ > growl                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/146                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimatch                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ truffle-solidity-loader [dev]                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ truffle-solidity-loader > solidity-parser > mocha > glob >   │
│               │ minimatch                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/118                       │
└───────────────┴────────────────────────────────────────────────

[!] 29 vulnerabilities found - Packages audited: 29850 (29706 dev, 267 optional)
    Severity: 22 low | 1 moderate | 3 high | 3 critical

Steps to Reproduce

npm install truffle
npm audit

Expected Behavior

Not to have Command Injection vulnerabilities.

Actual Results

There are Command Injection vulnerabilites.

Environment

• Operating system (Ubuntu 18.04)
• Truffle version (Truffle v4.1.9 (core: 4.1.9)):
• node version (v8.11.1):
• npm version (6.0.1):

• I've asked for help in the Truffle Gitter before filing this issue.

Issue

I'm deploying some contracts to rinkeby via geth/truffle, but see the following whenever I try to deploy:

➜  lsankar git:(master) ✗ truffle migrate --reset --compile-all --network rinkeby
... (contract names redacted)
Writing artifacts to ./build/contracts

Using network 'rinkeby'.

Running migration: 1_initial_migration.js
  Deploying Migrations...
  ... 0x10a02c7ab65b43e3d6940ac1f08d2afcd56660a11bfee8df042699c47ac2bed8

What's strange is that that first migration seems to create its contract properly; it actually shows up on etherscan. Because the command hangs though, I can't run all of my migrations!

Normally this wouldn't be an issue as I'd just split my migrations up and run them individually, but I have a few linked contracts (via deployer.link), so this wouldn't actually work here...

Steps to Reproduce

Geth cmd:
geth --syncmode=fast --datadir=./chaindata --rinkeby --rpc --rpcapi eth,net,web3,personal,admin

truffle.js:

module.exports = {
  networks: {
    development: {
      host: "127.0.0.1",
      port: 7545,
      network_id: "*", // match any network
    },

    // via geth
    rinkeby: {
      host: "127.0.0.1",
      port: 8545,
      network_id: "4", // Rinkeby
      from: "0x96470e37772648882b94adefc1e99f4564b45d90",
      gas: 4700000,
    }
  }
};

migrate cmd:
truffle migrate --reset --compile-all --network rinkeby

And, I manually unlocked the address in question via the geth console.

Environment

• Operating System: macOS 10.13.3
• Truffle version: 4.0.6
• Ethereum client: geth 1.6.7-stable-ab5646c5
• node version: 8.9.0
• npm version: 5.8.0

Work on issue #87 has uncovered that the sporadic test-failures (2nd EthPM test) are not network related. The final cause of the timeout:

• https://github.com/trufflesuite/ethpm-js/blob/master/lib/preflight.js#L43
• https://github.com/trufflesuite/ethpm-js/blob/master/lib/hosts/ipfshost.js#L60

The wget.request from ipfshost causes the test timeout (default at 15s). Setting an earlier timeout: 10000 for the wget.request a few lines aboves about confirms this.

IPFS server: problem is not with the IPFS local server, as the relevant URI gives a normal response from a browser (during the timeout period).

IPFS host: possibly the ipfs client/host code is responsible (hidden errors like connection-resets etc.)

Possible Solutions

• Provide a debugging method (IDE debugger and console.log statements seem to reach their limits in this deeply nested promise code) and spot the cause. This can lead to a "debug hell" and an "activity trap".
• Replace the ipfs subsystem with alternative implementations. This can lead to success with relative low effort.
• Replace the ipfs subsystem completely (for the tests, if applicable). This should be avoided, as ipfs needs to be used anyway, so the code must be stabilized.

@gnidan's review of #90 noticed that we rely on an internal web3 module (web3/lib/solidity/coder.js) for log decoding that will be absent or elsewhere in web3 1.0.

Investigate replacing this with a dedicated abi utility package (or our own code) located in truffle-solidity-utils.

Possible candidate: ethjs-abi

SolidityCoder appears in:

• testing/testrunner.js
• testing/soliditytest.js

Issue

On Win10 with node 8.9.3, the test compiles contract and dependencies after an update fails.

This was fixed but then later reverted, see #50.

Steps to Reproduce

cd  truffle-core
npm test

Workaround

Apply the change mentioned in #50

Possible Overall Solution

• Specify Truffle minimum required version of node.js
• Look what is causing the error, using the lowest required node.js version
• Possibly adjust CI node.js version

Issue

While trying to run a test in solidity it throws the error message: "TypeError: path must be a string or Buffer".

Steps to Reproduce

File: TestWakeUp.sol

pragma solidity ^0.4.19;
import "truffle/Assert.sol";
constract TestWakeup {
  function testSleeping() public {
    Assert.equal(1, 1, "I should be sleeping");
  }
}

After triagging the issue is in the orderTestContractFunctions , at this line

async.each(contracts, function(contract, finished) {
        var file = file_hash[contract.contract_name];

Here file is null.

My issue was I've named my contract with the wrong caption "TestWakeUp" vs "TestWakeup".

Expected Behavior

A nice error message indicating the test has an invalid name.

Actual Results

The test fails to compile and run.

    at Object.fs.readFile (fs.js:358:11)
    at Object.ordered_abi (C:\Users\\AppData\Roaming\npm\node_modules\truffle\build\cli.bundled.js:203860:8)
    at C:\Users\nomnom\AppData\Roaming\npm\node_modules\truffle\build\cli.bundled.js:318977:23
    at C:\Users\nomnom\AppData\Roaming\npm\node_modules\truffle\build\cli.bundled.js:31984:20
    at Object.async.forEachOf.async.eachOf (C:\Users\nomnom\AppData\Roaming\npm\node_modules\truffle\build\cli.bundled.js:32036:13)
    at Object.async.forEach.async.each (C:\Users\nomnom\AppData\Roaming\npm\node_modules\truffle\build\cli.bundled.js:32012:22)
    at C:\Users\nomnom\AppData\Roaming\npm\node_modules\truffle\build\cli.bundled.js:318972:13
    at new Promise (<anonymous>)
    at Object.orderTestContractFunctions (C:\Users\nomnom\AppData\Roaming\npm\node_modules\truffle\build\cli.bundled.js:318964:12)
    at C:\Users\nomnom\AppData\Roaming\npm\node_modules\truffle\build\cli.bundled.js:318879:19

Environment

• Operating System: Windows 7 x64
• Truffle version: Truffle v4.0.4 (core: 4.0.4)
• Ethereum client: Ganache CLI v6.0.3 (ganache-core: 2.0.2)
• node version: node v8.9.0
• npm version: npm v5.6.0

Issue

On Win10 with node 8.9.3, the test successfully installs single dependency from EthPM fails.

This should be related to this issue:

ipfs-inactive/js-ipfs-http-client/issues/623

Steps to Reproduce

cd  truffle-core
npm test

Error

  Error: events.js:183
        throw er; // Unhandled 'error' event
        ^

  Error: spawn P:\sand\truffle\dependencies\truffle-core\node_modules\ipfsd-ctl\node_modules\go-ipfs-dep\go-ipfs\ipfs ENOENT
      at _errnoException (util.js:1024:11)
      at Process.ChildProcess._handle.onexit (internal/child_process.js:190:19)
      at onErrorNT (internal/child_process.js:372:16)
      at _combinedTickCallback (internal/process/next_tick.js:138:11)
      at process._tickCallback (internal/process/next_tick.js:180:9)
      at startup (bootstrap_node.js:187:16)
      at bootstrap_node.js:608:3

      at Object.done (node_modules\ipfsd-ctl\src\exec.js:23:27)
      at Stream.listeners.done.once (node_modules\ipfsd-ctl\src\exec.js:45:18)
      at Stream.f (node_modules\once\once.js:25:25)
      at Socket.reemit (node_modules\duplexer\index.js:70:25)
      at Pipe._handle.close [as _onclose] (net.js:554:12)

I'm trying to make my own custom build of the truffle-core repo. I've forked the repo and made a Node.JS configuration in IntelliJ's WebStorm IDE. When I run "npm start" I get the following exception:

internal/modules/cjs/loader.js:596
    throw err;
    ^

Error: Cannot find module '/home/robert/Documents/GitHub/ME/truffle-core/run'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:594:15)
    at Function.Module._load (internal/modules/cjs/loader.js:520:25)
    at Function.Module.runMain (internal/modules/cjs/loader.js:744:10)
    at startup (internal/bootstrap/node.js:238:19)
    at bootstrapNodeJSCore (internal/bootstrap/node.js:572:3)
Waiting for the debugger to disconnect...

What do I need to do to get a runnable/debuggable environment using this repo?

Box.sandbox() is directly coupled to github, the "boxes" (project templates) are downloaded from there.

It should be possibly to load boxes from the local file-system (e.g. offline-work, test-sequences etc.).

This should be either implemented directly into truffle-box, or as a quick workaround for the current problems within #87.