Xeon Protocol v1

This repository contains the core contracts for v1 of Xeon Protocol including tests, and scripts. For the frontend, see the xeon-dapp repository.

Follow Us

Repo Status

Prerequisites

Directory Structure

• src - core solidity contracts.
• test - tests written in solidity.
• script - scripts written in solidity.

Setup

First, ensure Foundry is installed.

curl -L https://foundry.paradigm.xyz | bash
foundryup

If you don't have a local version of the repository, clone it:

git clone https://github.com/xeon-protocol/v1-core.git

Ensure you have the latest changes locally

git pull origin main

Install the dependency submodules using Forge:

forge install --no-commit foundry-rs/forge-std openzeppelin/openzeppelin-contracts uniswap/v2-core uniswap v3-core uniswap v3-periphery

The foundry.toml file is used to configure Foundry settings, manage RPC endpoints, and dependencies.

---

Foundry

Foundry is a toolkit for writing smart contracts, tests, and scripts in Solidity. It is made up of the following tools:

• forge is used to develop, test, and deploy smart contracts.
• cast allows you to interact with contracts, send transactions, and get chain data from the CLI.
• anvil is a local node.
• chisel is an integrated Solidity REPL.

For more information, check out the Foundry Book.

Forge

Forge is used to build, test, and deploy smart contracts.

Build

To build and compile all smart contracts, use:

$ forge build

Test

Tests are handled through test files, written in Solidity and using the naming convention Contract.t.sol

$ forge test

Gas Snapshots

Forge can generate gas snapshots for all test functions to see how much gas contracts will consume, or to compare gas usage before and after optimizations.

$ forge snapshot

Deploy

Deployments are handled through script files, written in Solidity and using the naming convention Contract.s.sol

You can run a script directly from your CLI

$ forge script script/MyContract.s.sol:MyContractScript --rpc-url <your_rpc_url> --private-key <your_private_key>

Unless you include the --broadcast argument, the script will be run in a simulated environment. If you need to run the script live, use the --broadcast arg

⚠️ CAUTION: Using --broadcast will initiate an onchain transaction, only use after thoroughly testing

$ forge script script/MyContract.s.sol:MyContractScript --rpc-url <your_rpc_url> --private-key <your_private_key> --chain-id 1 -vv --broadcast

Additional arguments can specity the chain and verbosity of the script

$ forge script script/MyContract.s.sol:MyContractScript --rpc-url <your_rpc_url> --private-key <your_private_key> --chain-id 1 -vv

Additionally, you can pass a private key directly into script functions to prevent exposing it in the command line (recommended).

⚠️ CAUTION: Ensure you are using a .env.local and a proper .gitignore to prevent leaked keys.

function run() public {
    vm.startBroadcast(vm.envUint('PRIVATE_KEY'));
    // rest of your code...
}

Then run the forge script command without the private key arg.

💡 When deploying a new contract, use the --verify arg to verify the contract on deployment.

Product Management

Contributing

If you are a developer looking to contribute, please take a look at the guidelines in CONTRIBUTING first, then feel free to look at open issues or open a new one.

If you are an Solidity developer and are interested in auditing our contracts, you can submit an audit by using the form here.

Security

For any security-related concerns, please refer to the SECURITY policy. This repository is subject to a bug bounty program per the terms outlined in the aforementioned policy.

For vulnerability hunters, please see our Bug Bounty Program.

License

The primary license for core Xeon Protocol contracts (XeonHedging.sol + XeonStaking.sol) is the Business Source License 1.1 (BUSL-1.1), see LICENSE.md.

However, there are some exceptions:

• Several files in contracts/script and contracts/test are licensed under GPL-3.0-or-later (see: LICENSE-GPL.md) or remain unlicensed (per their SPDX headers).