Home

Awesome

CosmWasm Plus

CircleCI

SpecificationCrates.ioDocsCoverage
cw1cw1 on crates.ioDocscodecov
cw3cw3 on crates.ioDocscodecov
cw4cw4 on crates.ioDocscodecov
cw20cw20 on crates.ioDocscodecov
ContractsDownloadDocsCoverage
cw1-subkeysRelease v0.13.4Docscodecov
cw1-whitelistRelease v0.13.4Docscodecov
cw3-fixed-multisigRelease v0.13.4Docscodecov
cw3-flex-multisigRelease v0.13.4Docscodecov
cw4-groupRelease v0.13.4Docscodecov
cw4-stakeRelease v0.13.4Docscodecov
cw20-baseRelease v0.13.4Docscodecov
cw20-ics20Release v0.13.4Docscodecov

Note: cw2 and controllers have been moved to the cw-minus repo and can be followed there.

Note: cw721 and cw721-base have moved to the new cw-nfts repo and can be followed there.

Note: most of the cw20-* contracts besides cw20-base have moved to the new cw-tokens repo and can be followed there.

This is a collection of specification and contracts designed for use on real networks. They are designed not just as examples, but to solve real-world use cases, and to provide a reusable basis to build many custom contracts.

If you don't know what CosmWasm is, please check out our homepage and our documentation to get more background. We are running public testnets you can use to test out any contracts.

Warning None of these contracts have been audited and no liability is assumed for the use of this code. They are provided to turbo-start your projects.

Specifications

The most reusable components are the various cwXYZ specifications under packages. Each one defines a standard interface for different domains, e.g. cw20 for fungible tokens, cw721 for non-fungible tokens, cw1 for "proxy contracts", etc. The interface comes with a human description in the READMEs, as well as Rust types that can be imported.

They contain no logic, but specify an interface. It shows what you need to implement to create a compatible contracts, as well as what interface we guarantee to any consumer of such contracts. This is the real bonus of specifications, we can create an escrow contract that can handle many different fungible tokens, as long as they all adhere to the cw20 specification.

If you have ideas for new specifications , please raise an issue or create a pull request on this repo.

Contracts

We provide sample contracts that either implement or consume these specifications to both provide examples, and provide a basis for code you can extend for more custom contacts, without worrying about reinventing the wheel each time. For example cw20-base is a basic implementation of a cw20 compatible contract that can be imported in any custom contract you want to build on it.

CW1 Proxy Contracts:

CW3 Multisig:

CW4 Group:

CW20 Fungible Tokens:

Compiling

To compile all the contracts, run the following in the repo root:

docker run --rm -v "$(pwd)":/code \
  --mount type=volume,source="$(basename "$(pwd)")_cache",target=/target \
  --mount type=volume,source=registry_cache,target=/usr/local/cargo/registry \
  cosmwasm/optimizer:0.16.0

This will compile all packages in the contracts directory and output the stripped and optimized wasm code under the artifacts directory as output, along with a checksums.txt file.

If you hit any issues there and want to debug, you can try to run the following in each contract dir: RUSTFLAGS="-C link-arg=-s" cargo build --release --target=wasm32-unknown-unknown --locked

Quality Control

One of the basic metrics of assurance over code quality is how much is covered by unit tests. There are several tools available for Rust to do such analysis and we will describe one below. This should be used as a baseline metric to give some confidence in the code.

Beyond code coverage metrics, just having a robust PR review process with a few more trained eyes looking for bugs is very helpful in detecting paths the original coder was not aware of. This is more subjective, but looking at the relevant PRs and depth of discussion can give an idea how much review was present.

After that, fuzzing it (ideally with an intelligent fuzzer that understands the domain) can be valuable. And beyond that formal verification can provide even more assurance (but is very time-consuming and expensive).

Code Coverage

I recommend the use of tarpaulin: cargo install cargo-tarpaulin

To get some nice interactive charts, you can go to the root directory and run:

cargo tarpaulin -o html and then xdg-open tarpaulin-report.html (or just open on MacOS).

Once you find a package that you want to improve, you can do the following to just analyze this package, which gives much faster turn-around:

cargo tarpaulin -o html --packages cw3-fixed-multisig

Note that it will produce a code coverage report for the entire project, but only the coverage in that package is the real value. If does give quick feedback for you if you unit test writing was successful.

Contributing

See our Contributing Guidelines.

Generating changelog

To generate a changelog we decided to use github-changelog-generator.

To install tool you need Ruby's gem package manager.

$ gem --user install github_changelog_generator

And put $HOME/.gem/ruby/*/bin/ into your PATH.

Generating changelog file first time:

$ github_changelog_generator -u CosmWasm -p cw-plus

Appending next releases could be done adding --base flag:

$ github_changelog_generator -u CosmWasm -p cw-plus --base CHANGELOG.md

If you hit GitHub's 50 requests/hour limit, please follow this guide to create a token key which you can pass using --token flag.

There's also a convenience scripts/update_changelog.sh, which can take a --since-tag parameter (to avoid processing the entire history). It can also auto-detect the latest version tag for you, with --latest-tag.

License

This repo is licensed under Apache 2.0.