Сендвичер продает абсолютно все свои SOL (10к) и покупает USDT. Тут курс очень плохой, 1 SOL = 40$, так как в пуле не так много ликвидности.

Почему он это делает? Так как следующей по мнению сендвичера идет транзакция

Transaction 25eQDrv4NkLwQsFYMGpi5d1cZ5w6A7TrWDJvBkXZrMHGd5JrnF447cTE9EtGZDu8N5yLQ8hLHDkcEpnHwAGeQeKq (продажа 491 СОЛ)

То есть логика такая: есть большая продажа СОЛ. Я продам все свои, потом продаст жертва, потом я откуплю назад.

До этого момента все идет по плану сендвичера.

Но затем должна идти закрывающая транзакция сендвича - откуп 10к SOL обратно по более интересной цене (и тем самым прирост USDT).

Вместо этого борец с сендвичем сделал в бандле следующее Transaction 1SPzaZU2AhmT78EAV8u3WGybm26upVBuyZfpbo698JryVDfoyLYKJVD2rRdU2Q81heQFbvZqTbhu64E27EhofJ7

Занял 400к во флеш-лоане. Использовал их чтобы купить 10к сол по выгодной цене, вернул в протокол 10633 СОЛ. (Я думаю в маргинфи есть какой-то оракл позволяющий возвращать не в той же валюте что брал лоан, иначе я не понимаю как это работает, то есть типа он должен был вернуть НЕ МЕНЕЕ 2000 СОЛ, вернул 10к, ну окей, 8000 останутся на балансе юзера).

The problem is though, that it comes usually bundled with hardhat-upgrades module by OpenZeppelin which hides the process. In this article I'm going to show what is the minimal amount of steps needed to deploy UUPS proxy from foundry.

First thing to do is to add a module (if you haven't already) for openzeppelin contracts.

$ forge i https://github.com/OpenZeppelin/openzeppelin-contracts.git

I will be working with my real contract, which overall looks like:

contract ENGCReferalProgram is Initializable,
                               UUPSUpgradeable,
                               OwnableUpgradeable {
    // ...
    function _authorizeUpgrade(
        address newImplementation
    )internal virtual override onlyOwner {}
}

And I'm going to write a test, which deploys this proxy in its setUp method. It is actually pretty easy.

// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.13;

import "forge-std/Test.sol";

import {ENGCReferalProgram} from "../src/ReferalProgram.sol";
import {IENGC} from "../src/IENGC.sol";

import "openzeppelin-contracts/contracts/proxy/ERC1967/ERC1967Proxy.sol";


contract ReferalProgramTest is Test {
    ENGCReferalProgram public rp;

    function setUp() public {
        ENGCReferalProgram impl = new ENGCReferalProgram();
        ERC1967Proxy proxy = new ERC1967Proxy(address(impl), "");
        rp = ENGCReferalProgram(address(proxy));
        rp.initialize();
        rp.setNftContractAddress(IENGC(address(this)));
    }

    function testChangeImpl() public {
        addNodesToRoot();
        ENGCReferalProgram impl2 = new ENGCReferalProgram();
        rp.upgradeTo(address(impl2));
        assertEq(rp.getTokenLevel(0xffffff), 3);
    }

    function testFailChangeImpl() public {
        ENGCReferalProgram impl2 = new ENGCReferalProgram();
        vm.prank(0x094BAfcb40a0226d210E51E9ee4dA0FbFe99D326);
        rp.upgradeTo(address(impl2));
    }

If you want to get more into details on how to pass parameters to initializers etc. you can find more detail here.

// SPDX-License-Identifier: GPL-3.0

pragma solidity >=0.7.0 <0.9.0;

abstract contract A {
    event E(int);

    function Hello() external virtual;
    function Hello2() external virtual;
}

contract B is A {
    function Hello() public override virtual {
        emit E(2);
    }
    function Hello2() public override virtual {
        emit E(2);
    }
}

contract C is A {
    function Hello() public override virtual {
        emit E(3);
    }
    function Hello2() public override virtual {
        emit E(3);
    }
}

contract D is B, C {
    function Hello() public override(B, C) {
        super.Hello();
    }
    function Hello2() public override(C, B) {
        super.Hello2();
    }
}

contract D2 is C, B {
    function Hello() public override(B, C) {
        super.Hello();
    }
    function Hello2() public override(C, B) {
        super.Hello2();
    }
}

contract D3 is C, B {
    function Hello() public override(B, C) {
        B.Hello();
        C.Hello();
    }
    function Hello2() public override(C, B) {
        C.Hello2();
        B.Hello2();
    }
}

And results (printing events):

D.Hello
["0x0000000000000000000000000000000000000000000000000000000000000003"] 
D.Hello2
["0x0000000000000000000000000000000000000000000000000000000000000003"] 
D2.Hello
["0x0000000000000000000000000000000000000000000000000000000000000002"] 
D2.Hello2
["0x0000000000000000000000000000000000000000000000000000000000000002"] 
D3.Hello
["0x0000000000000000000000000000000000000000000000000000000000000002","0x0000000000000000000000000000000000000000000000000000000000000003"] 
D3.Hello2
["0x0000000000000000000000000000000000000000000000000000000000000003","0x0000000000000000000000000000000000000000000000000000000000000002"]

If you are familiar with Python, this is confusing, as in Python super() traverses the whole hierarcy:

class A:
    def Hello(self):
        print("A")

class B(A):
    def Hello(self):
        print("B")
        super().Hello()

class C(A):
    def Hello(self):
        print("C")
        super().Hello()

class D(B,C):
    def Hello(self):
        print("D")
        super().Hello()

class D2(C,B):
    def Hello(self):
        print("D2")
        super().Hello()

D().Hello()
D2().Hello()

Running...

D
B
C
A

D2
C
B
A

So, in this article I'm going to explain how to use our ansible playbook instead of just following instruction from official NEAR's github. This article assumes you knowledge of ansible and that you have it installed.

The first step is to checkout our repo:

git clone https://github.com/ValiDAO/nodes.git

Change the directory:

cd nodes/near

And run the scenario:

ansible-playbook -l your-server.fr install.yml

Once it is ready, your server has a node setup and running, but at the moment it is not connected to your wallet. So the next step is to register on https://wallet.shardnet.near.org/ . Once it is there, return back to your node and run:

source ~/.bashrc && near login

This will give you the link, which you should enter to your browser, allow your wallet to sign it, and once it is ready, you will see a browser redirected to 127.0.0.1 and giving an error. It is all as expected, don't worry. Return back to the terminal and put your login to the terminal (e.g. validao.shardnet.near). Once done, some extra steps need to be done. We intentionally haven't automated them, as human supervising and check is important on this stage.

./near_create_pool.sh

It will do everything automatically, but will ask you to confirm everything it does. So, if everything is good, press Enter.

./near_stake.sh

This will stake some coins to your pool. The script will ask you for amount. Insert something like 350 and press Enter.

Actually that's it! Congratulations.

There are some helper scripts which are included to the playbook as well:

near_restart_after_hardwork.sh it does exactly what it says. Prepares your node to restart after a cluster hardfork.

echo "deb [trusted=yes] http://packages.o1test.net $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/mina.list
sudo apt-get update
sudo apt-get install -y curl unzip mina-mainnet=1.3.0-9b0369c

• Paste you file (make sure to replace your file data between `{` and `}`):

echo '{"box_primitive":"xsalsa20poly1305","pw_primitive":"argon2i","nonce":"8jGJ2KTrG2xqbJCozj4vbjKhZZKBhXKfaNDLRN4","pwsalt":"BYHxrJLkYo5TmDLp5RgP3VqbW6Py","pwdiff":[134217728,6],"ciphertext":"AQyvFhBG9DQ9VA8f1MXrKfHqfzDFoiFNMxabHJf2EQq2rbYpkBC5sYfPaKGdDEmM5roAbkFGC"}' > ~/mina.wallet && chmod 500 ~/mina.wallet

mina advanced dump-keypair --privkey-path ~/mina.wallet
# Public key: B62qm9kEyE3vZMGamvSQXURx1NXEFjCx4C1SQAjV9KX9mj9ESb78KC1
# Private key: EKFCHutVbp2sG6NgMybGfSCdurXfLRPw8qqpGHS4VCEdzRHxEmu5

• Now we have a private key, use it in AURO:

Give it a name, select "Private key", Paste it from the above step (EKFCHutVbp2sG6NgMybGfSCdurXfLRPw8qqpGHS4VCEdzRHxEmu5).

Done. Don't forget to shut down the VPS you rented.

Please send any donations to support 🇺🇦

I've decided to check what's going on in Solana infrastructure.

Both Tether and Centre has their token on Solana: https://raw.githubusercontent.com/solana-labs/token-list/main/src/tokens/solana.tokenlist.json , exchanges to support them, there are gateways etc. I think they are legit.

From the abovementioned document we can get the "tokenIDs" of USDT/USDC.

Es9vMFrzaCERmJfrF4H2FYD4KCoNkY11McCe8BenwNYBand EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v

Now, we can see that both of these addresses are owned by TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA

TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DAis a smart contract on solana to deal with tokens. In contrast to Ethereum, where everyone have their own contract, in Solana you can write you own contract or reuse the standard one. Both are using the standard one. Checking its code it is easy to see, that the issuer of a token is capable of freezing the account. Funds are not safu :(

Сама информация о контракте появилась часа за 2 до начала, а с учетом переноса, часов за 5. Просто был трансфер 16kk $GEL и стало понятно куда.

Когда мы узнали адрес контракта стало возможно прочитать, что он позволяет делать, прямо в etherscan.

Видно много-много точек взаимодействия с контрактом, все они явно имеют названия связанные с сейлом. Но нас интересует конечно же buyDolphin

"Дальше дело техники - жмем Connect to web3 и взаимодействуем, токен наш!". Так говорят нам знатоки.

А что писать в поле signature?

На этом простой учебник о взаимодействии со смарт-контрактами заканчивается и начинается методичка по криптографии.

Помочь ответить на вопрос что такое signature мне смог другой метод isDolphin. Он тоже принимает на вход этот аргумент но для работы с ним не нужно платить комиссии.

Посмотрим код базового контракта:

Эта функция проверяет, дельфин ли вы. Для этого мы проверяем, что signer - это тот, кто подписал ваш адрес и получил в результате signature. Другими словами, на их стороне, в процессе подготовки контракта, ими был создан signer. Он для каждого из ключей в whitelist создал signature, причем таким образом, что имея адрес ключа и signature можно проверить что signature создана signer-ом. Если ты не signer, то создать такую же ты не можешь. Только проверить.

Сама идея sorbet платформы в том, что signature становится известной строго в указанное время. И только после этого, предоставляя правильный signature, мы можем вызывать методы контракта. Можно ли было узнать signature до начала сейла? И вот тут кроется главный фейл сегодняшнего дня. Кажется, что можно было. Если вы видели, что ваш статус ОК, и вы в вайтлисте и дельфин, значит вы уже провзаимодействовали с контрактом.

То есть уже можно было кидать транзакции на покупку. И вот даже есть один кандидат, сделавший все довольно заранее. Подставляя его адрес и сигнатуру видим, что он все понял.

Собственно, исходя из этого можно понять что те, кто уделил час времени такому анализу вполне могли войти в блоки первыми сделав вид что входят за первые 2 секунды, готовясь на самом деле заблаговременно. Да же?

Ну и напоследок простой контракт чтобы продемонстрировать как работает signature. Разработал его в remix по-быстрому.

Подставляем вот такие параметры

{ "address _address": "0x7D852B24Ea94504F03743289131034bFb5DB954d", "bytes signature": "0xf14c4b5004d205155cb1a722b4e0424decd4f89f82e4bc70020f12db16312edf32042e759d978cdbb5c9cbd713d777e0dff4d96917c2f370d06f73d8da1a17d51c" }

получаем вычисленный адрес signer { "0": "address: 0x1aF41728737f8bC40E9eA1a9E1A3b19F4Db3Bdf9" }. Это собственно адрес разработчика контракта GEL.

Полезное знание.

Пишите если думаете что мы можем сотрудничать. smartlemon@protonmail.com

• if you can send tokens to accounts
• if you are inside of a program, can you query account's funds.

Answers are: yes, you can send tokens to accounts, if they are not executable, this is pretty important. And yes.

So, I've transferred some funds straight from my wallet to the account I created by createAccountrequest , it worked. It is really straighforward, so I am not attaching the code.

Now inside of the contract: msg!("lamports={}", account.lamports.borrow()); does the thing.

If you don't know about solitidy, you are blessed, because solana is so different that it took me really a long time to understand it. Try to forget everything as much as you can.

So, the first thing we did yesterday, was creating a program account. What it means exactly - we have asked Solana to create a storage, where we placed the executable of our code. As a reminder:

solana program deploy $HOME/example-helloworld/dist/program/helloworld.so --program-id dist/program/helloworld-keypair.json

Generally, it is a storage for ./a.out. Today we are going to create a "file" (it is called account) for the user's specific needs. Each user will have their own files. Then we will give to our ./a.out (main executable) a write access to our user's file. 3, 2, 1, GO!

So, the first part is to generate an account from the client side, transfer some value (called lamports) to it, and then transfer an ownership to this account to the program.

// This is our account address, randomly generated.
const keypair = solanaWeb3.Keypair.generate();
const instruction = solanaWeb3.SystemProgram.createAccount({
    keys: [
        { pubkey: solana.publicKey, isSigner: true, isWritable: true },
        { pubkey: keypair.publicKey, isSigner: true, isWritable: true },
    ],
    fromPubkey: solana.publicKey,
    newAccountPubkey: keypair.publicKey,
    lamports: 10000000,
    space: 10000,
    programId: new solanaWeb3.PublicKey("3cbqMCdkwiTbWyCv3i7gss8STqGw6ggzvg8ztt5msnD4"),
});
// ^^^^^ programId is an owner of the account,
//       keys is an array of keys whose signatures are required to perform
//       this operation, this is our wallet (as some funds will be transferred)
//       and the account, as it's ownership will be transferred.

const bh = (await connection.getRecentBlockhash()).blockhash;
const transaction = new solanaWeb3.Transaction({
    feePayer: window.solana.publicKey,
    recentBlockhash: bh,
});
transaction.add(instruction);

// Walled signature is generated by the line after the next one.
// And the next line is to sign a transaction by the account's key.
transaction.partialSign(keypair);
const signedTransaction = await window.solana.signTransaction(transaction);

await connection.sendRawTransaction(signedTransaction.serialize());

// Checking we have it...
const acc = await connection.getAccountInfo(keypair.publicKey);
console.log(acc);

That's it for today!

Part 3

So, the first thing to do is to install Solana.

sh -c "$(curl -sSfL https://release.solana.com/v1.7.11/install)"

from the official guide. And update PATH accordingly.

Then let's download the hello-world example. I'm not going to follow it though. Because it uses server-side JavaScript client, and I want to have a browser-side client.

So, skipping CLI part of a readme, straight to building the on-chain part:

npm run build:program-rust

While it is building, let's have a look what we actually have there.

The on-chain program starts with some imports and entrypoint specification. Straightforward.

Ok, we are ready do deploy. So, at first we need to start a local Solana "cluster", consisting of our own host. I did that by launching solana-test-validator in tmux.

Now, it is useful to familiarize yourself with your wallet id, which can be obtained in this way:

$ solana config get
Config File: $HOME/.config/solana/cli/config.yml
RPC URL: http://localhost:8899
WebSocket URL: ws://localhost:8900/ (computed)
Keypair Path: $HOME/.config/solana/id.json
Commitment: confirmed

$ solana-keygen pubkey $HOME/.config/solana/id.json # Keypair Path
9FRakBFwajAdRhfqwLFWAWUuEySs7rcRviMA5xnrHqST

By default your key does not have any money, but because the cluster is yours, you can fund it 💸💷🤑

$ solana airdrop 100
$ solana balance
100 SOL

Now we have enough resources to deploy the application. The built process has already generated a random "account" for our program. Account is just an "address" of a program, it's ID, or whatever. It is a random ID which Solana and other participants will use to refer to our program. This is how to get it:

$ solana-keygen pubkey dist/program/helloworld-keypair.json
3cbqMCdkwiTbWyCv3i7gss8STqGw6ggzvg8ztt5msnD4

And now we can deploy our binary, and assign it that program ID.

$ solana program deploy $HOME/example-helloworld/dist/program/helloworld.so --program-id dist/program/helloworld-keypair.json
Program Id: 3cbqMCdkwiTbWyCv3i7gss8STqGw6ggzvg8ztt5msnD4

Great!. Something has happened. Now, let's have some fun.

First thing is to forward your ports, because my Solana runs on a remote host, and there is no way to setup a custom RPC address, only "localhost" in the wallet.

(localhost) $ ssh -L 8899:127.0.0.1:8899 MY.IP.ADD.RESS

BTW. Wallet. Just install Phantom wallet in your browser. Set network to be 127.0.0.1:8899 and import your key (private key is a contents of $$HOME/.config/solana/id.json) on your remote host.

Sorry, guys, can not resist a temptation:

Airdrop 100 makes you feel happy :) Haha!

So, we are almost there. The last thing to do is to make a JavaScript call to your on-chain program.

Some trivial JavaScript to make it work was:

<html>
        <head>
                <script src="https://unpkg.com/@solana/web3.js@latest/lib/index.iife.js"></script>
        </head>
        <body>
                <button id="btn-connect" disabled>Connect</button>
                <span id="connection-status"></span>|
                <button id="btn-send" disabled>Send</button>
                <script type="text/javascript">
window.addEventListener('load', function() {
        const btn_connect = window.document.getElementById("btn-connect");
        btn_connect.disabled = false;
        btn_connect.addEventListener('click', () => {
                const connection_status = window.document.getElementById("connection-status");
                connection_status.innerHTML = "Connecting";
                window.solana.on("connect", () => {
                        connection_status.innerHTML = `Connected as ${solana.publicKey.toString()}`;
                        const btn_send = document.getElementById("btn-send");
                        btn_send.disabled = false;
                        btn_send.addEventListener('click', async () => {
                                const connection = new solanaWeb3.Connection("http://127.0.0.1:8899");
                                const instruction = new solanaWeb3.TransactionInstruction({
                                        keys: [{pubkey: new solanaWeb3.PublicKey("9FRakBFwajAdRhfqwLFWAWUuEySs7rcRviMA5xnrHqST"), isSigner: false, isWritable: true}], // All instructions are hellos
                                        programId: new solanaWeb3.PublicKey("3cbqMCdkwiTbWyCv3i7gss8STqGw6ggzvg8ztt5msnD4"),
                                        // data: Buffer.alloc(0),
                                });
                                const bh = (
                                              await connection.getRecentBlockhash() ).blockhash;
                                console.log(bh);
                                const transaction = new solanaWeb3.Transaction({
                                        feePayer: window.solana.publicKey,
                                        recentBlockhash: bh,
                                });
                                transaction.add(instruction);
                                const signedTransaction = await window.solana.signTransaction(transaction);
                                await connection.sendRawTransaction(signedTransaction.serialize());
                                alert('done');
                        });
                });
                window.solana.connect();
        });
});
                </script>
        </body>
</html>

Sorry for the codestyle, it is really highly experimental.

I found those resources very useful:

• https://solana-labs.github.io/solana-web3.js/classes/Transaction.html
• https://github.com/phantom-labs/docs/blob/866e96237d8b2addcd5a58dc31b314237b40ea4f/integrating/sending-a-transaction.md

Hope you found your answers here!

The second part is ready!