bug: Vuln Scan Fixes #3829
Merged
bug: Vuln Scan Fixes #3829
+197
−278
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…atches) for muls critical vulns
|
ALL CRITICAL, HIGH AND MEDIUM SOLVED! |
piotr-roslaniec
force-pushed
the
vuln-fix
branch
from
b897f64 to
9a800a8
Compare
Add workaround flag to main build and abigen commands to bypass runtime.stopTheWorld restrictions in github.com/fjl/memsize package.
Run make generate before go vet and staticcheck to ensure generated contract bindings exist before static analysis.
The client-vet and client-lint jobs should use committed generated contract files rather than attempting to regenerate them, which fails due to missing contract artifacts in CI environment. Restores pkg/chain/ethereum/threshold/gen/ files that were accidentally modified during troubleshooting.
Add explanatory comments to gen.go files and .gitignore to document why empty _address files are committed despite being gitignored. This prevents future confusion about the CI build requirements.
The abi/TokenStaking.go, cmd/TokenStaking.go, and contract/TokenStaking.go files were accidentally deleted in ba7a578 when adding the -checklinkname=0 flag. These generated files are committed to the repository and should not have been removed.
piotr-roslaniec
previously approved these changes
Oct 8, 2025
… module management Address CodeRabbit finding by removing manual 'go get' commands from Dockerfile that bypass Go module dependency resolution. This eliminates version inconsistencies and makes dependency management transparent and reproducible. Changes: - Remove RUN go get command from Dockerfile (lines 57-58) - Add tools.go with build-time dependencies for Ethereum bindings generation - Update go.mod and go.sum with proper transitive dependencies - Ensure all ethereum/go-ethereum submodule dependencies are tracked - Rely on existing 'go mod download' at line 37 for dependency fetching Dependencies properly managed: - github.com/ferranbt/fastssz (ethereum/go-ethereum/internal/era) - github.com/graph-gophers/graphql-go (ethereum/go-ethereum/graphql) - github.com/influxdata/influxdb-client-go/v2 (ethereum/go-ethereum/metrics) - github.com/influxdata/influxdb1-client (ethereum/go-ethereum/metrics) - github.com/peterh/liner (ethereum/go-ethereum/console/prompt) This ensures module-aware builds work correctly without anti-patterns while maintaining all required functionality for Ethereum contract generation. Resolves: CodeRabbit dependency management anti-pattern finding
piotr-roslaniec
force-pushed
the
vuln-fix
branch
from
d7a2673 to
807d467
Compare
|
@jose-blockchain Please take a look and merge at will |
piotr-roslaniec
merged commit b2c82c8
into
threshold-network:release/v2.2.0-prep
15 checks passed
This was referenced Oct 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Vuln Scan Fixes: Closes #3828
All Critical, High and Medium if possible.