Skip to content

proposal checking scripts and 1st proposal for mainnet-evm #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: dev
Choose a base branch
from
Open

proposal checking scripts and 1st proposal for mainnet-evm #92

wants to merge 5 commits into from

Conversation

@afostr
Copy link
Contributor

@afostr afostr commented Oct 31, 2025

No description provided.

@mssabr01
Copy link
Contributor

mssabr01 commented Nov 6, 2025

do security review

@github-actions
Copy link

github-actions bot commented Nov 6, 2025

🔍 Security Review Report

Click to expand security review details 
Fetching pull request(s) from github...
https://github.com/shardeum/shardeum-evm/pull/92
https://github.com/shardeum/shardeum-evm/pull/92
Processing PR 1/1: https://github.com/shardeum/shardeum-evm/pull/92
Code review...
                                    Summary                                     

feat: Added gov proposal helper scripts                                         

This pull request introduces helper scripts designed to compare on-chain        
governance and minting parameters with local proposal files. This tooling aims  
to reduce errors during the creation and submission of governance proposals.    
Additionally, two example proposal JSON files are included.                     

The changes consist of adding two shell scripts and two JSON configuration      
files. The scripts are intended for developer/operator use to verify proposal   
parameters before submission. The JSON files serve as examples for governance   
proposals.                                                                      

                                List of changes                                 

 1 proposals/example-mint-proposal.json: Link to file                           
    • Added a new JSON file containing an example proposal for updating the     
      x/mint module parameters on-chain.                                        
 2 proposals/gov-vote-time-proposal.json: Link to file                          
    • Added a new JSON file containing an example proposal for updating the     
      x/gov module parameters, specifically related to voting periods.          
 3 scripts/compare_gov_params.sh: Link to file                                  
    • Added a new shell script to query current x/gov parameters from a         
      specified network and compare them against a local proposal file.         
 4 scripts/compare_mint_params.sh: Link to file                                 
    • Added a new shell script to query current x/mint parameters from a        
      specified network and compare them against a local proposal file.         

                          Overall Security Assessment                           

The review focused on the newly added shell scripts and configuration files. The
shell scripts are developer utilities and are designed to be run in a trusted   
environment. They handle user-provided input, such as file paths and network    
URLs. The JSON files are static configuration data.                             

The analysis confirms that the scripts are written with security best practices 
in mind, particularly regarding command injection. There are no hardcoded       
secrets or other significant security vulnerabilities identified in this pull   
request.                                                                        

                               Security Findings                                

No vulnerabilities were found.                                                  

                               Security Concerns                                

There are no significant security concerns with this change. The added scripts  
are intended for use by developers or node operators who are expected to run    
them in a controlled environment. The scripts correctly quote user-supplied     
variables ($NODE, $CHAIN_ID, $PROPOSAL_FILE), which effectively mitigates       
command injection risks.                                                        

                                     Resume                                     

The pull request introduces helpful tooling for governance operations and       
includes relevant examples. The code has been reviewed, and no security         
vulnerabilities or major logical issues have been identified. The changes are   
considered safe to merge.                                                       

NO MAJOR SECURITY CONCERNS FOUND                                                
Done

Generated by argus-agent security review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aniketdivekar aniketdivekar aniketdivekar approved these changes

@devendra-shardeum devendra-shardeum devendra-shardeum left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@afostr @mssabr01 @aniketdivekar @devendra-shardeum