Skip to content

WIP mint burn pre fills#1358

Draft
fusmanii wants to merge 15 commits intousdfreev2-implv3from
mint-burn-pre-fill
Draft

WIP mint burn pre fills#1358
fusmanii wants to merge 15 commits intousdfreev2-implv3from
mint-burn-pre-fill

Conversation

@fusmanii
Copy link
Contributor

@fusmanii fusmanii commented Mar 10, 2026

No description provided.

bmzig and others added 15 commits February 20, 2026 11:24
@bmzig
chore: redeploy Tempo with fresh Sp1Helios contract (#1324)
dc57650 
* chore: redeploy Tempo with fresh Sp1Helios contract

Signed-off-by: bennett <bennett@umaproject.org>

* commetns

Signed-off-by: bennett <bennett@umaproject.org>

* prompt sp1 deployment

Signed-off-by: bennett <bennett@umaproject.org>

---------

Signed-off-by: bennett <bennett@umaproject.org>
@fusmanii @claude @github-actions
docs: Add architecture section to CLAUDE.md (#1318)
e30a7a0 
* docs: Add architecture section to CLAUDE.md

Added comprehensive Architecture section covering core contracts (HubPool, SpokePool, Chain Adapters), key roles (Depositor, Relayer, Data Worker, Disputer, LP), protocol flow, cross-chain ownership model, supported chains, and key libraries.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>

* docs: Incorporate review feedback on Architecture section

- Note depositor is end user with multiple entry points (deposit/sponsored/gasless)
- Add relayer competition details (speed and inventory management)
- Expand data worker description to include validation and performance characteristics
- Add depositor fee setting and relayer profitability evaluation details
- Explain pricing communication via API services or exclusive relayers

Co-authored-by: Faisal Usmani <fusmanii@users.noreply.github.com>

* docs: Trim Supported Chains and remove Key Libraries from CLAUDE.md

Replace hardcoded chain list with pointer to broadcast/deployed-addresses.md
and remove the Key Libraries section to keep the doc concise.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* scripts/test feedback

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>

* improve linting

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>

* add  to paths

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>

* update refferences

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>

---------

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Faisal Usmani <fusmanii@users.noreply.github.com>
@fusmanii
chore: Add pre-commit hook check in CI (#1332)
2f80d4b 
* chore: Add pre-commit hook check in CI

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>

* combine with lint job

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>

---------

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>
@fusmanii @claude
chore: rename deployments.json to legacy-addresses.json and simplify …
8638b84 
…README (#1333)

Replace the manually-maintained deployments/README.md address tables with a
pointer to broadcast/deployed-addresses.json as the source of truth. Rename
deployments/deployments.json to legacy-addresses.json to reduce redundancy
and clarify its legacy Hardhat role. Update all references across the codebase.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@grasphoper
improve (#1321)
f3310b1 
Signed-off-by: Ihor Farion <ihor@umaproject.org>
@tbwebb22
chore: Add prettier check to CI (#1303)
3e53c57 
* add prettier to ci

Signed-off-by: Taylor Webb <tbwebb22@gmail.com>

* format contracts

Signed-off-by: Taylor Webb <tbwebb22@gmail.com>

* update prettier versions

Signed-off-by: Taylor Webb <tbwebb22@gmail.com>

* reformat ts and js files

Signed-off-by: Taylor Webb <tbwebb22@gmail.com>

* trailing comma

---------

Signed-off-by: Taylor Webb <tbwebb22@gmail.com>
@dohaki
chore: deploy periphery contracts to chosen testnets (#1304)
0b525b4
@grasphoper
improve: typos in comments (#1335)
eaf5baf 
* typos

Signed-off-by: Ihor Farion <ihor@umaproject.org>

* add from #1256

Signed-off-by: Ihor Farion <ihor@umaproject.org>

---------

Signed-off-by: Ihor Farion <ihor@umaproject.org>
@bmzig
chore: bump constants (#1341)
b90f2b5 
* chore: bump constants

Signed-off-by: bennett <bennett@umaproject.org>

* update

Signed-off-by: bennett <bennett@umaproject.org>

* manually back out changes

Signed-off-by: bennett <bennett@umaproject.org>

* update

Signed-off-by: bennett <bennett@umaproject.org>

---------

Signed-off-by: bennett <bennett@umaproject.org>
@fusmanii
chore: Deploy Spoke Pool Periphery (#1347)
c02b587 
* chore: Deploy Spoke Pool Periphery

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>

* undo address change

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>

* the rest of the peripheries

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>

* version

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>

---------

Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>
@grasphoper
support CREATE2 (#1354)
a915f09 
Signed-off-by: Ihor Farion <ihor@umaproject.org>
@fusmanii
WIP mint burn pre fills
e339f0e 
Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>
@fusmanii
Merge branch 'master' of github.com:across-protocol/contracts into mi…
ed1b77e 
…nt-burn-pre-fill
@fusmanii
move prefund/prefill to oft handle
c3732c0 
Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>
@fusmanii
Merge branch 'usdfreev2-implv3' of github.com:across-protocol/contrac…
2f2eee6 
…ts into mint-burn-pre-fill
@socket-security
Copy link

socket-security bot commented Mar 12, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
Critical CVE: npm form-data uses unsafe random function in form-data for choosing boundary

CVE: GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary (CRITICAL)

Affected versions: < 2.5.4; >= 3.0.0 < 3.0.4; >= 4.0.0 < 4.0.4

Patched version: 2.5.4

From: ?npm/form-data@2.5.1

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/form-data@2.5.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Critical
Critical CVE: npm form-data uses unsafe random function in form-data for choosing boundary

CVE: GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary (CRITICAL)

Affected versions: < 2.5.4; >= 3.0.0 < 3.0.4; >= 4.0.0 < 4.0.4

Patched version: 3.0.4

From: ?npm/form-data@3.0.1

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/form-data@3.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrice32 mrice32 Awaiting requested review from mrice32 mrice32 will be requested when the pull request is marked ready for review mrice32 is a code owner

@nicholaspai nicholaspai Awaiting requested review from nicholaspai nicholaspai will be requested when the pull request is marked ready for review nicholaspai is a code owner

@chrismaree chrismaree Awaiting requested review from chrismaree chrismaree will be requested when the pull request is marked ready for review chrismaree is a code owner

@Reinis-FRP Reinis-FRP Awaiting requested review from Reinis-FRP Reinis-FRP will be requested when the pull request is marked ready for review Reinis-FRP is a code owner

@md0x md0x Awaiting requested review from md0x md0x will be requested when the pull request is marked ready for review md0x is a code owner

@pxrl pxrl Awaiting requested review from pxrl pxrl will be requested when the pull request is marked ready for review pxrl is a code owner

@bmzig bmzig Awaiting requested review from bmzig bmzig will be requested when the pull request is marked ready for review bmzig is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@fusmanii @bmzig @grasphoper @tbwebb22 @dohaki