Introducing Multicall3
A modern, efficient contract for aggregating results from multiple function calls
Deployed (almost) everywhere at 0xcA11bde05977b3631167028862bE2a173976CA11
Foundry and solidity best practices were recently released, strongly recommended reading through them
Ethereum development changes quickly so I suspect these will evolve over time. Feedback is definitely welcome
A few highlights below, read them all at:
Today is my last day at
@ScopeLift
. Working alongside
@BenDiFrancesco
and the team for the last ~3.5 years has been an incredible experience, and I'm grateful to have had the opportunity to work with them.
Next, I'm excited to announce that I'll be starting at
@OPLabsPBC
as a
Can someone make a dapp already that's just one big button that when you press it it finds the current pending transaction nonce in your wallet, and sends a self tx with a higher gas of the same nonce?
So many beginners struggling with pending transactions..
Introducing forge-std v1.0.0 🧵
Strongly recommend updating your forge-std versions ASAP, as there are changes that improve fuzzing so you might find some new failing tests.
Update with `forge update lib/forge-std`
Simulating
@ConvexFinance
`shutdownSystem` call, which unstakes from 61 pools and uses 16M gas:
-
@dapptools
errors with "resource exhausted"
-
@HardhatHQ
finishes after ~14 minutes
-
@TenderlyApp
finishes after ~15 seconds
- Foundry by
@gakonst
and co takes ~10 seconds
In case you're interested, Hardhat's console.sol contract has been deployed to mainnet 1535 times.
Combined, the deployments take up a total of about 567 kB and cost about 163M gas to deploy, which is $54k at current prices
1/ New `forge script` patterns unlocked thanks to
@devan_non
. No more passing private keys in the CLI:
1. `export PRIVATE_KEY=<key>` in `.env`
2. `uint256 privKey = vm.envUint("PRIVATE_KEY")`
3. `address deployer = vm.rememberKey(privKey)`
4. Deploy with `vm.broadcast(deployer)`
This feature seems to have went under the radar, so here's a guide to clean and simple fork tests with foundry.
No custom profiles, tailored file names/directory structure, or match flags needed 👇️
Pro tip: start a
@HardhatHQ
node by forking from an archive node, and you get debug_traceTransaction for free even if the node you forked from doesn’t support it
@AlchemyPlatform
gives free archive node data which is perfect for this
Hey Solidity devs and Multicall users:
@andreasbigger
and I are deploying Multicall3 soon. It's:
- cheaper to use
- backwards compatible
- will be deployed at the same address everywhere
But we want your feedback before we deploy!
Introducing solidity-generators.
A solidity library offering linspace, arange, and logspace methods to generate evenly spaced arrays.
Check it out here:
Just deployed to 6 new chains
Multicall3 is now deployed at the same address on 18 different chains. Is this a record? 👀
(thanks
@ahussein
for supplying the funds for the new deploys)
Introducing Multicall3
A modern, efficient contract for aggregating results from multiple function calls
Deployed (almost) everywhere at 0xcA11bde05977b3631167028862bE2a173976CA11
ok I need paradigm ctf. I can’t take this anymore. every day I am checking
@gakonst
twitter. every day, check twitter, no ctf. I can’t take this anymore. can
@paradigm
devs DO SOMETHING
PSA: Solidity, Foundry, & Hardhat now have a default EVM version of Shanghai
The Shanghai fork introduced the PUSH0 opcode & is supported on Mainnet, Goerli, & Sepolia
If deploying to L2s/other chains with solidity >=0.8.20, you must change the EVM version for contracts to work
We just released Solidity 0.8.20! 🚀
This latest version includes a range of improvements in the via-IR pipeline and improves the list of events exposed in the contract ABI, and, most importantly, support for Shanghai!
📖:
💾:
The
@Uniswap
Seatbelt tool has a new check to warn about selfdestruct and delegatecall usage in contracts touched by a proposal, to reduce the likelihood of governance attacks like the recent Tornado Cash exploit
Here you can see warnings for a current
@compoundfinance
proposal
Stealth addresses are an affordable way to send and receive private payments, & they're live today
But for widespread adoption we need standardization to ensure seamless interoperability between tools and apps
That's why we've written two EIPs that we're looking for feedback on
forge-std v1.3.0 released 🥳
- `InvariantTest` helper contract
- Multicall3 address, interface, and `getTokenBalances` helper method
- StdChains provides access to chain alias
- New parseJson cheats and an `assumePayable` cheat
- New decimal assertions
This is a great tip. Here's how to do this with foundry:
1. Build with `forge build --extra-output ir` OR add `extra-output = ["ir"]` to your config
2. Run `cat ./out/<file>.sol/<contract>.json | jq -r .ir | perl -pe 's/\\n/\n/g' > ir.sol` (file is .sol for syntax highlighting)
Whenever I don’t understand something in solidity I run solc . —ir and the yul helps clarify what’s going on behind the scenes e.g. how does the storage slot of an array get pushed on the stack
🖥Introducing
A simple, customizable dashboard to display whichever Ethereum data is important to you.
Right now it only has some Dai stats, gas prices, and cDAI/cUSDC info.
If you want something added, let me know!
Built a simple Ethereum app template with Vue 3 +
@tailwindcss
that includes:
-
@ethersproject
+ Multicall for polling data
- Onboard by
@blocknative
for connecting wallets
- Dark mode via
@jj_ranalli
's Nightwind
- Vite for fast builds
Check it out here:
We modified
@AaveAave
's AToken implementation to support Flexible Voting so you can earn yield on governance tokens and continue participating in governance.
For example, you can supply UNI to Aave to earn yield, and still vote on
@Uniswap
proposals.
🥳Today, we're excited to share our Flexible Voting integration with
@AaveAave
, built with a grant from
@AaveGrants
.
🗳️For a DAO that adopts Flexible Voting, it's now possible to enable Governance participation even with tokens deposited to earn yield.
🔗
Here are a few more details behind the Compound bug from looking at a specific transaction.
Alternatively, this thread is a brief guide to debugging with
@dapptools
Compound Incident Analysis:
Compound upgraded their comptroller contract to which had a one letter bug on L1217.
This led to a reverse rug pull in which Comptroller is giving away more rewards to (past) Suppliers than expected. 🧵👇
I like the twitter threads where people read contracts and share their thoughts, so aggregating them in this thread here
Let me know of any others to add
forge-std v1.2.0 released!
- Fix StdChains to speed up via-ir compilation, use new `getChain` helper methods
- New cheats: turn off gas metering, default env var values, get file/folder metadata
- `bound` supports ints
- And more:
This is a great tip. Here's how to do this with foundry:
1. Build with `forge build --extra-output ir` OR add `extra-output = ["ir"]` to your config
2. Run `cat ./out/<file>.sol/<contract>.json | jq -r .ir | perl -pe 's/\\n/\n/g' > ir.sol` (file is .sol for syntax highlighting)
forge-std v1.5.6 just released, lots of new cheatcodes and stdCheats since the v1.5.0 release, and some great console.log helpers
You can find the release notes here:
In case you missed previous forge-std releases:
- v1.5.0:
- v1.4.0:
- v1.3.0:
And if you're still on a version before v1.3.0 you should update forge-std more frequently 😛
Request for simple CLI tool or web app: Input an ABI in any format, and output the ABI in various formats
- Solidity interface
- viem human readable
- ethers human readable
- JSON
- Minified JSON
If you do a web app, here's an example output format:
Deployed a long overdue update to
🌈 Improved
@WalletConnect
support (
@rainbowdotme
users should no longer have issues)
💰 EIP-1559 support so cancellations are cheaper (you'll get a refund if you overpay)
📝
@ensdomains
reverse resolution on login
forge-std v1.4.0 released:
- Test contracts now include invariant test helpers by default
- Create2 helpers methods added by
@0xkarmacoma
- When using StdChains, you can opt-in to not fallback to the default public RPCs thanks to
@hexonaut
This is why I still use MM, even though other wallets have slicker UX and nice features.
Security is the most important feature, and without something like LavaMoat it just seems too easy for wallets to get compromised by supply chain attacks.
MetaMask 🦊 is an amazing app for many reasons.
One reason I like especially is that even though it works just fine, the window object of the app is (almost) unusable!
If you're into Browser JavaScript security, come learn about what we call "scuttling" - by LavaMoat 🌋
Well..
This repo is currently the gold standard in how to setup and run invariant tests with foundry
Awesome work by
@lucasmanuel_eth
and the
@maplefinance
team
Invariant testing is a relatively new framework in Foundry, so I would encourage developers to check out our invariants directory and ask questions/give feedback:
cc
@gakonst
@msolomon44
@brockjelmore
@joshie_sh
First set of charts is up on 📈
Price histories for DAI, ETH, MKR, USDC, and BAT now available.
More charts will be added soon using the same format, so get your feedback in now!
New release of the `foundry-rs/foundry-toolchain` action automatically caches all RPC queries in your CI workflows.
Make sure to set a fuzz seed if your fuzz tests make RPC calls.
Big thanks to
@PaulRBerg
for implementing 🙌
🎨 New `StdStyle` library to easily add colors and styles to your console
- console2.log(("my red string"))
- console2.log((StdStyle.bold("my blue bold string")))
Introducing EIP-5744: A simple interface for tokens that are initially non-fungible and become fungible after a period of time (or once some other criteria is met).
Feedback appreciated!
Truffle was responsible for a lot of the things we take for granted when writing tests these days: fork tests, impersonating accounts, snapshot/reverts, and more.
Amazing to see how far we've come since then. Thank you
@trufflesuite
🫡
No sugar coating this, it's been a challenging few months. The Truffle Suite will be sunsetting over the next 90 days.
To all the developers who've supported us, thank you! It's been an absolute joy to strive with you & the Ethereum ecosystem for the past 6 years. 🧵
Introducing CreateX.
I've wanted something like this for a long time, so a big thank you to
@pcaversaccio
for leading this effort.
Please give the thread a read, review the contract, and share some feedback before we deploy to production!
1/👋 gm to the first of its kind: CreateX – A Trustless, Universal Contract Deployer
A factory contract to make easier & safer usage of the CREATE & CREATE2 EVM opcodes as well as of CREATE3-based (i.e. w/o an initcode factor) contract creations.
Here's a list of various Ethereum security-related resources and tools, including:
- General, high-level guidelines and vulnerability lists
- In-depth explanations of certain topics and vulnerabilities
- Security tools and useful libraries
This is a periodic reminder that `PUSH0` is not yet supported by Optimism or Arbitrum. Please set the `evm_version` to `paris` if you deploy on those chains! If you're not sure about the opcode differences, check out (spearheaded by
@msolomon44
).
Foundry fuzzer just got some big improvements thanks to
@AlexKEuler
🔥
- better random uint generation finds more failures:
- `vm.assume(bool)` cheat code so you can discard fuzz runs that don't meet given criteria:
If you want to do this on the command line, cast currently has:
- `cast admin` for EIP-1967 admin
- `cast implementation` for EIP-1967 implementation
- `cast storage` to read an arbitrary slot
Querying storage slots can be a hassle, especially if you are dealing with proxies
Even Etherscan's "Read Contract" doesn't work
✨ That's why I built this tool:
We're announcing two tools today: scopelint, and our Foundry template.
Check out the quoted tweet and the project READMEs for details, and a summary thread is below.
We get to work with great teams across many projects.
As a result, we see the best practices in smart contract development evolve.
Today we're releasing two tools to help share those learnings: scopelint (our opinionated linter) & our Foundry template.
Updated Multicall3 documentation is complete, there's two main updates:
- Better documentation + examples in the repo README at
- Sortable, filterable deployment addresses and ABI in various formats at
Huge thanks to Optimism RPGF badgeholders for supporting Multicall3!
A common request is better docs/examples, so to say thank you I'll finally do that.
I'm planning to add rust/solidity/typescript/python examples, but if you have any special requests let me know here
Ok next pro tip: run your troublesome
@HardhatHQ
transaction against a local node (`yarn hardhat node`), then use seth from
@dapptools
to see a trace or step-through debug that local transaction
(You'll need to bundle source yourself if you want function names or a source map)
Holy freaking shit. This changes everything. How is this not more wildly known.
@HardhatHQ
what else are you hiding from us?
This gives new life to Remix's and Truffle's step through debuggers. Hardhat is great but it doesn't have a step through debugger.
I've been using this
@HardhatHQ
extension for ~2 weeks and it's working great in foundry projects
No remappings file needed, absolute and relative paths both supported, forge fmt support included
Definitely recommend it👌
looks like the hardhat solidity vscode extension supports foundry projects now
it's 100x better than the "normal" one
and if you're working in the seaport repo - it's your only option, since one of the test contracts completely breaks the other ext lmao
Seatbelt now supports
@OpenZeppelin
style governors.
In case you're not familiar with Seatbelt, it's a collaboration between
@Uniswap
and
@ScopeLift
to make governance safer.
It simulates proposals and generates human-readable reports explaining them
Potential hot take: Use fork tests liberally, always prefer them to mocks.
Mocks are required in web2 development, where you have no choice but to mock API responses. But in web3 development everything is on-chain, so just fork the chain instead of risking a buggy mock.
1/ Excited to announce the launch of
@UseFloatify
Floatify makes it easy to go from USD sitting in your bank account to earning 5-10% interest on
@compoundfinance
. No Ethereum knowledge required
Give it a try at and let me know your thoughts!
Two great new forge features, make sure to foundryup and update forge-std:
🐛 Set breakpoints in the debugger (h/t
@franfraneth
)
☎️ Expect no calls to be made, or expect many calls to be made (h/t reubenr0d)
Full release notes:
Stealth addresses have been live on
@UmbraCash
for ~2 years, with >65k published public keys & >$100M in private payments sent
To increase adoption & improve flexibility, we want to standardize how stealth addresses work—this is what ERC-5564 aims to do
The Ethereum ecosystem badly needs an audited, dependency free JS secp256k1 library.
@paulmillr
's noble-secp256k1 library can fill that need.
Please consider donating for an audit. We rely heavily on it for
@UmbraCash
& have donated $1000 to the cause
🔗
@PaulRBerg
Easiest way to deploy a contract at a deterministic address on all EVM chains in a forge script: `foo = new Foo{salt: salt}(constructorArgs)`
The presence of the salt arg tells forge to deploy using create2 via this deployer
@0xkarmacoma
@PatrickAlphaC
@PayPal
@finestonematt
Ah yea you're right, just diffed them and the code in all three (current implementation, prior implementation, and that linked paxos implementation) are all pretty much identical with the exception of naming/revert strings
The original Multicall repo seems to be unmaintained in that PRs for deployments on other networks are ignored
So I've forked it, added
@optimismPBC
and
@arbitrum
Multicall deployments, and will continue to update the repo as PRs for new deploys come in
Loved hearing this about the
@gitcoin
grants zkSync checkout UX, so figured I'd share some fun history about how we achieved that UX when we first rolled out zkSync checkout in September 2020
🚨 Solidity devs, we need to have a heart-to-heart. The overuse of modifiers in Solidity is an anti-pattern 🙈
One day, we'll cringe, looking back at our code. Here's why:
The fork feature of ganache-cli by the
@trufflesuite
team seems to be an overlooked but extremely useful feature for smart contract development. Here's a tutorial for anyone unfamiliar with it
.
@msolomon44
has put together a great CI security setup in his Foundry template.
1. Run Slither but don't fail CI on error
2. Upload the Slither results to GitHub Code Scanning
3. Review using the UI; dismissed alerts will be remembered by GitHub
@pedrouid
@VitalikButerin
Venus also has a few other major benefits compared to Mars:
- Similar gravity to Earth
- Easier to travel to
- A lot more solar energy for power
- Much thicker atmosphere for radiation protection
That’s not to say it’s easier to colonize, though