feat(KC): add foundry test file

[unknownunknown1]

Created a testfile that goes through all the functions in KlerosCore contract while also testing most of the functionality of the adjacent contracts (Sortition and DK). Ideally the latter will also need their own test files to test governance and modifiers etc, so I'll add them some time later.
Foundry itself needs to be installed separately. There is no option to put in into package.json
Some minor contract fixes along the way (e.g. changing the type for consistency, adding missing argument to event).
Most of the covered bugs were mentioned in this review
I revisited and updated the review document. One of the highlighted bugs (delayed stakes frontrun) is still present as I need further clarifications before fixing it since it requires some tricky logic change. I created a test specifically to explore this bug. It won't pass once the bug is fixed.
Note that I checked the solution mentioned in my review and it works, but I didn't implement it yet for the aforementioned reason

---

PR-Codex overview

This PR focuses on enhancing the Kleros arbitration system by adding new mock contracts for testing, updating dispute kit handling, and improving coverage reporting. It also refines error handling and introduces new functionality for managing stakes and courts.

Detailed summary

• Added SortitionModuleMock and KlerosCoreMock for testing.
• Updated dispute kit handling, including enabling and supporting dispute kits.
• Refined error messages for staking and court operations.
• Improved coverage reporting scripts.
• Enhanced tests for various functionalities, including court creation and stake management.
• Deprecated certain parameters in dispute creation functions.

The following files were skipped due to too many changes: contracts/test/foundry/KlerosCore.t.sol

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced mock contracts for testing (KlerosCoreMock and SortitionModuleMock) to facilitate easier testing scenarios.

• Bug Fixes

  • Enhanced error handling in the KlerosCoreBase and SortitionModuleBase contracts to provide clearer feedback on staking conditions.

• Documentation

  • Improved comments and documentation regarding juror selection and staking processes in various contracts for better clarity.

• Chores

  • Deprecated unused parameters and constants to streamline functionality and improve code maintainability.
  • Added a new script for generating and merging code coverage reports.
  • Updated workflow configuration for contracts testing with new security measures and testing tools.
  • Adjusted test cases for RNG contracts to ensure proper handling of asynchronous transactions.
  • Updated test suite for DisputeKitClassic to reflect changes in expected behavior during court creation.
  • Updated spell-check configuration to improve accuracy for specific terms relevant to the project.

[coderabbitai]

Walkthrough

The changes in this pull request involve updates to several contracts within the Kleros arbitration framework. Key modifications include changes to data types in event parameters, refinements in staking logic, enhancements in error handling, and the introduction of mock contracts for testing. Additionally, documentation improvements clarify the conditions under which jurors are drawn and the implications of their staking status. A deprecation notice for certain constants and parameters is also included, reflecting an evolution in the contract structure and functionality.

Changes

File Path	Change Summary
contracts/lib/forge-std	Updated subproject commit reference from 066ff16c5c03e6f931cd041fd366bc4be1fae82a to 8f24d6b04c92975e0795b5868aa0d783251cdeaa.
contracts/src/arbitration/KlerosCoreBase.sol	Changed _courtID parameter type in CourtCreated event from uint256 to uint96. Updated _setStake function logic for courtID validation. Added new error StakingZeroWhenNoStake.
contracts/src/arbitration/SortitionModuleBase.sol	Removed condition allowing staking with zero current stake at max court limit. Updated pnkWithdrawal handling for clarity. Enhanced error handling.
contracts/src/arbitration/dispute-kits/DisputeKitClassic.sol	Added comments to _postDrawCheck function for clarity on juror selection and minimum stake requirements. No changes to logic or signatures.
contracts/src/arbitration/dispute-kits/DisputeKitSybilResistant.sol	Added comments to _postDrawCheck function clarifying minimum stake checks. Minor comment adjustments for clarity. No changes to logic or signatures.
contracts/src/arbitration/interfaces/IDisputeKit.sol	Deprecated _nbVotes parameter in createDispute function with updated documentation.
contracts/src/libraries/Constants.sol	Added deprecation notice for NULL_DISPUTE_KIT constant. Introduced CannotStakeZeroWhenNoStake to StakingResult enum.
contracts/src/test/KlerosCoreMock.sol	Added mock contract with functions getCourtChildren and extraDataToCourtIDMinJurorsDisputeKit for testing purposes.
contracts/src/test/SortitionModuleMock.sol	Added mock contract with getSortitionProperties function for testing purposes.
contracts/test/arbitration/index.ts	Updated test case for DisputeKitClassic to expect [1] for _supportedDisputeKits during court creation.
.github/workflows/contracts-testing.yml	Updated workflow for contracts testing, including new steps for Foundry toolchain and specific versioning for actions.
contracts/.solcover.js	Modified coverage tool configuration to change the reporting format and adjust skipped files.
contracts/package.json	Added new script for running coverage reports.
contracts/scripts/coverage.sh	Introduced a script to automate the generation and merging of coverage reports from Forge and Hardhat.
cspell.json	Added new words to the spell-checking configuration for improved accuracy.
contracts/test/rng/index.ts	Added await tx.wait(); statements to various test cases to ensure proper handling of asynchronous transactions.

Possibly related PRs

• Renamed DisputeRequest._arbitrableDisputeID into _arbitratorDisputeID #1711: The renaming of DisputeRequest._arbitrableDisputeID to _arbitratorDisputeID is directly related to the changes in the main PR, which also involves updates to dispute-related identifiers.
• chore(web): better-error-display-and-evidence-search #1762: The introduction of the parseWagmiError function for improved error handling in components like StakeWithdrawButton and SubmitDisputeButton aligns with the main PR's focus on enhancing user experience and error reporting.
• feat(web): new-stake-flow #1775: The modifications in the StakePanel and related components to streamline props and enhance functionality are relevant to the main PR's goal of improving the staking flow.
• feat: improved overview page, evidence page, voting history page, rem… #1779: The overall enhancements to various components, including layout and styling improvements, are consistent with the main PR's objectives of refining the user interface and experience.

Suggested labels

Type: Feature🗿, Type: Toolchain ⚒️, Type: Maintenance :construction:

Suggested reviewers

• kemuru
• alcercu

Poem

In the realm of code where rabbits play,
Changes hop in a bright array.
Staking rules now clearer,
Mock contracts bring cheer,
Kleros evolves, come what may! 🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fed3d93 and 0220cc2.

📒 Files selected for processing (1)

• .github/workflows/contracts-testing.yml (2 hunks)

🧰 Additional context used

🪛 yamllint (1.35.1)

.github/workflows/contracts-testing.yml

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 46-46: trailing spaces

(trailing-spaces)

---

[error] 50-50: trailing spaces

(trailing-spaces)

---

[error] 75-75: trailing spaces

(trailing-spaces)

🔇 Additional comments (4)

.github/workflows/contracts-testing.yml (4)

47-49: LGTM: Secure configuration with recursive submodules

The checkout configuration is properly secured with a pinned commit hash and includes recursive submodules, which is necessary for Foundry testing.

---

Line range hint 52-62: LGTM: Robust caching strategy

The caching configuration is well-structured with:

• Proper version pinning
• Cache versioning through secrets
• Comprehensive path coverage

🧰 Tools

🪛 yamllint (1.35.1)

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 46-46: trailing spaces

(trailing-spaces)

---

[error] 50-50: trailing spaces

(trailing-spaces)

---

64-67: Verify workspace dependencies

The installation steps look correct, but let's verify the workspace setup.

✅ Verification successful

Workspace configuration is correctly set up

The verification confirms:

• The root package.json correctly includes "contracts" in its workspaces configuration
• The @kleros/kleros-v2-contracts package exists with proper configuration and dependencies

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the yarn workspace configuration

# Check if package.json exists and contains the workspace configuration
cat package.json | jq '.workspaces'

# Check if the workspace package exists
fd -t f "package.json" -x cat {} \; | jq 'select(.name=="@kleros/kleros-v2-contracts")'

Length of output: 5628

---

72-80: Verify coverage command configuration

The coverage setup looks good, but let's verify the coverage command exists in the workspace.

✅ Verification successful

Coverage configuration is properly set up

The coverage setup is correctly configured:

• The coverage script exists and points to scripts/coverage.sh
• The script handles both Hardhat and Foundry coverage generation
• Coverage artifacts are properly managed:
  • Cleans previous coverage data
  • Generates separate reports for Hardhat and Foundry
  • Merges and filters the reports
  • Outputs to contracts/coverage directory
• The coverage directory is properly gitignored

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the coverage command configuration

# Check if the coverage script exists in package.json
fd -t f "package.json" -p "contracts" -x cat {} \; | jq '.scripts.coverage'

# Check if the coverage output directory is gitignored
fd -H -t f ".gitignore" -x grep -l "coverage" {} \;

Length of output: 211

---

Script:

#!/bin/bash
# Check the content of coverage script and gitignore patterns
echo "=== Coverage Script Content ==="
fd "coverage.sh" -p "contracts/scripts" -x cat {} \;

echo -e "\n=== Gitignore Patterns ==="
fd ".gitignore" -p "contracts" -x cat {} \;

Length of output: 2117

🧰 Tools

🪛 yamllint (1.35.1)

[error] 75-75: trailing spaces

(trailing-spaces)

---

[error] 78-78: trailing spaces

(trailing-spaces)

---

[error] 79-79: trailing spaces

(trailing-spaces)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[netlify]

✅ Deploy Preview for kleros-v2-university ready!

Name	Link
🔨 Latest commit	0220cc2
🔍 Latest deploy log	https://app.netlify.com/sites/kleros-v2-university/deploys/6762cc80a8fccf0008434616
😎 Deploy Preview	https://deploy-preview-1765--kleros-v2-university.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[netlify]

✅ Deploy Preview for kleros-v2-neo ready!

Name	Link
🔨 Latest commit	0220cc2
🔍 Latest deploy log	https://app.netlify.com/sites/kleros-v2-neo/deploys/6762cc808c4c890007495681
😎 Deploy Preview	https://deploy-preview-1765--kleros-v2-neo.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[netlify]

✅ Deploy Preview for kleros-v2-testnet ready!

Name	Link
🔨 Latest commit	0220cc2
🔍 Latest deploy log	https://app.netlify.com/sites/kleros-v2-testnet/deploys/6762cc80399c8500089ad771
😎 Deploy Preview	https://deploy-preview-1765--kleros-v2-testnet.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (4)

contracts/src/test/SortitionModuleMock.sol (1)

3-9: Consider adding implementation details to documentation

While the authorship is documented, it would be helpful to add:

• A brief description of what properties are exposed and why
• Example usage in tests

contracts/src/test/KlerosCoreMock.sol (1)

3-7: Consider enhancing documentation

While the purpose is documented, it would be helpful to add:

• Description of each getter function's purpose
• Example test scenarios where these functions are useful

contracts/src/libraries/Constants.sol (1)

12-12: Consider removing deprecated constant

Since NULL_DISPUTE_KIT is deprecated and its purpose (forest structure) is no longer used, consider removing it in a future update to prevent confusion.

contracts/src/arbitration/dispute-kits/DisputeKitSybilResistant.sol (1)

623-626: LGTM: Comprehensive documentation of minStake behavior

The added documentation excellently explains the minStake checking behavior and its implications. It properly documents an edge case where jurors might be drawn with less than minStake, while explaining why this is acceptable due to insolvency checks.

Consider adding a code example to illustrate the edge case:

 /// Note that we don't check the minStake requirement here because of the implicit staking in parent courts.
 /// minStake is checked directly during staking process however it's possible for the juror to get drawn
 /// while having < minStake if it is later increased by governance.
 /// This issue is expected and harmless since we check for insolvency anyway.
+/// Example:
+/// 1. Juror stakes 100 tokens (minStake = 100)
+/// 2. Governance increases minStake to 150
+/// 3. Juror can still be drawn as insolvency check ensures sufficient stake for voting

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 49932e2 and f0e4fa4.

📒 Files selected for processing (10)

• contracts/lib/forge-std (1 hunks)
• contracts/src/arbitration/KlerosCoreBase.sol (7 hunks)
• contracts/src/arbitration/SortitionModuleBase.sol (2 hunks)
• contracts/src/arbitration/dispute-kits/DisputeKitClassic.sol (1 hunks)
• contracts/src/arbitration/dispute-kits/DisputeKitSybilResistant.sol (1 hunks)
• contracts/src/arbitration/interfaces/IDisputeKit.sol (1 hunks)
• contracts/src/libraries/Constants.sol (2 hunks)
• contracts/src/test/KlerosCoreMock.sol (1 hunks)
• contracts/src/test/SortitionModuleMock.sol (1 hunks)
• contracts/test/arbitration/index.ts (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• contracts/lib/forge-std
• contracts/src/arbitration/dispute-kits/DisputeKitClassic.sol

🔇 Additional comments (13)

contracts/src/test/SortitionModuleMock.sol (1)

18-22: LGTM! Safe implementation of test utility

The getter function safely exposes read-only access to internal tree properties needed for testing, without modifying state or exposing sensitive data.

contracts/src/test/KlerosCoreMock.sol (2)

16-18: LGTM! Safe implementation of court children getter

The function safely exposes the court hierarchy data needed for testing.

---

20-24: Verify type consistency across contracts

The function correctly uses uint96 for courtID, matching the base contract. Let's verify this type is consistent across all related contracts.

✅ Verification successful

Note: Adjusting the search to handle Solidity files and using more specific patterns to find type declarations and usages of courtID.

---

Note: Adjusting the approach to first locate Solidity files and then search within them, since the -t sol flag isn't working.

---

Based on the comprehensive search results, I can now generate the final response:

Type uint96 for courtID is consistently used across the codebase

The verification confirms that uint96 is used consistently for courtID across all relevant contracts:

• In struct definitions (e.g., in Dispute structs across different versions)
• In function parameters and return values
• In state variables and mappings
• In event declarations

The type consistency is maintained in core contracts, interfaces, and mock implementations, including:

• KlerosCore and its variants
• SortitionModule
• All related interfaces
• Test implementations

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify courtID type consistency across contracts
# Look for courtID declarations to ensure uint96 is used consistently

rg -A 1 "courtID|court[^a-zA-Z]" --type sol

Length of output: 73

---

Script:

#!/bin/bash
# Search for courtID type declarations and usages across all files
rg -t sol "courtID.*uint|uint.*courtID"

# Also search for function signatures and struct definitions containing courtID
ast-grep --pattern 'function $$$courtID$$$'
ast-grep --pattern 'struct $$$courtID$$$'

Length of output: 159

---

Script:

#!/bin/bash
# First, find all Solidity files
fd "\.sol$" 

# Then search for courtID patterns in those files
fd "\.sol$" --exec grep -A 1 "courtID"

# Also try to find any uint96 type declarations
fd "\.sol$" --exec grep -A 1 "uint96"

Length of output: 56066

contracts/src/libraries/Constants.sol (1)

36-37: Verify the implementation of new staking validation

The new enum value CannotStakeZeroWhenNoStake suggests additional validation logic was added. Let's verify its implementation.

✅ Verification successful

Let me gather more context about the staking validation implementation.

---

Let me get the complete implementation of the staking function to understand the validation logic better.

---

Let me get the complete implementation to see where the zero stake validation occurs.

---

Let me get one final piece of context to see where the actual validation occurs.

---

Validation for zero stake is properly implemented

The validation is correctly implemented in SortitionModuleBase._setStake() to prevent staking zero amount when there is no existing stake. This validation:

• Returns StakingResult.CannotStakeZeroWhenNoStake when attempting to stake 0 with no current stake
• Is handled in KlerosCoreBase by reverting with StakingZeroWhenNoStake error
• Has proper test coverage verifying this behavior
• Helps prevent flaky behavior in the staking system

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Find the implementation of zero stake validation
# Look for staking-related functions and the usage of this enum value

# Search for staking function implementations
ast-grep --pattern 'function $STAKE_FUNC($_) {
  $$$
  $RESULT = StakingResult.$_;
  $$$
}'

# Search for zero stake validation
rg -A 5 "CannotStakeZeroWhenNoStake"

Length of output: 1586

---

Script:

#!/bin/bash
# Find the staking function implementation in SortitionModuleBase
ast-grep --pattern 'function $_($$$) {
  $$$
  if ($AMOUNT == 0 && $$$) {
    $$$
    return ($$$, StakingResult.CannotStakeZeroWhenNoStake);
  }
  $$$
}'

# Find the error definition
rg "StakingZeroWhenNoStake"

Length of output: 521

---

Script:

#!/bin/bash
# Find the complete staking function implementation
rg -A 20 "function setStake" contracts/src/arbitration/SortitionModuleBase.sol

# Check test cases to understand the validation
rg -A 10 "StakingZeroWhenNoStake" contracts/test/foundry/KlerosCore.t.sol

Length of output: 1616

---

Script:

#!/bin/bash
# Get more context of the staking implementation
rg -B 10 -A 30 "if \(_newStake == 0" contracts/src/arbitration/SortitionModuleBase.sol

# Get the complete test case context
rg -B 20 -A 20 "StakingZeroWhenNoStake" contracts/test/foundry/KlerosCore.t.sol

Length of output: 4062

---

Script:

#!/bin/bash
# Find where the zero stake validation is implemented
rg -B 20 -A 10 "return \(0, 0, StakingResult.CannotStakeZeroWhenNoStake\)" contracts/src/arbitration/SortitionModuleBase.sol

Length of output: 1698

contracts/test/arbitration/index.ts (1)

33-33: LGTM: Test expectation correctly updated

The test expectation has been properly updated to expect [1] for _supportedDisputeKits, which aligns with the changes in KlerosCoreBase.sol.

contracts/src/arbitration/interfaces/IDisputeKit.sol (1)

44-44: LGTM: Clear deprecation notice added

The deprecation notice for _nbVotes parameter is well-documented, clearly explaining that KlerosCore now handles the count internally.

contracts/src/arbitration/SortitionModuleBase.sol (2)

268-274: LGTM: Good defensive programming practice

The added validation prevents meaningless zero-stake operations when there's no existing stake, which helps avoid potential edge cases and maintains cleaner state.

---

303-303: LGTM: Fixed potential withdrawal accumulation bug

Direct assignment of pnkWithdrawal instead of incremental addition prevents potential issues with withdrawal amount accumulation.

contracts/src/arbitration/KlerosCoreBase.sol (5)

116-116: LGTM: Improved type consistency

Changed _courtID parameter type from uint256 to uint96 in the CourtCreated event, aligning with the courtID type used throughout the contract.

---

240-251: LGTM: Proper initialization of dispute kit support

The changes ensure that the General Court is properly initialized with Classic Dispute Kit support, maintaining the contract's invariant that all courts must support the Classic DK.

---

356-356: LGTM: Enhanced type safety

Added explicit type casting of courtID to uint96, ensuring type consistency when enabling dispute kits.

---

Line range hint 1066-1107: LGTM: Improved validation logic

The changes enhance the staking validation by:

1. Using >= for court length check, preventing staking in non-existent courts
2. Adding proper error handling for the zero-stake validation

---

1181-1181: LGTM: Added descriptive error

Added StakingZeroWhenNoStake error to provide clear feedback when attempting to stake zero tokens with no existing stake.

[netlify]

❌ Deploy Preview for kleros-v2-testnet-devtools failed. Why did it fail? →

Name	Link
🔨 Latest commit	0220cc2
🔍 Latest deploy log	https://app.netlify.com/sites/kleros-v2-testnet-devtools/deploys/6762cc80cfb8b10008283683

[coderabbitai]

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (1)

contracts/scripts/coverage.sh (1)

41-51: Add error handling for HTML report generation

The HTML report generation should handle potential errors and check for required tools.

Add error checking:

 if [ "$CI" != "true" ]; then
+  if ! command -v genhtml &> /dev/null; then
+    echo "Error: genhtml command not found. Please install lcov."
+    exit 1
+  }
+
   # Generate the HTML report
   genhtml coverage/filtered-lcov.info \
     --ignore-errors inconsistent \
     --rc branch_coverage=1 \
     --rc max_message_count=3 \
     -o coverage \
     --ignore-errors category \
-    --ignore-errors format
-  open coverage/index.html
+    --ignore-errors format || {
+      echo "Error: failed to generate HTML report"
+      exit 1
+    }
+  
+  # Use xdg-open on Linux, open on macOS
+  if [[ "$OSTYPE" == "darwin"* ]]; then
+    open coverage/index.html
+  else
+    xdg-open coverage/index.html
+  fi
 fi

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7d8e858 and b9810b2.

📒 Files selected for processing (5)

• .github/workflows/contracts-testing.yml (2 hunks)
• contracts/.solcover.js (2 hunks)
• contracts/package.json (1 hunks)
• contracts/scripts/coverage.sh (1 hunks)
• cspell.json (2 hunks)

🧰 Additional context used

🪛 yamllint (1.35.1)

.github/workflows/contracts-testing.yml

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 46-46: trailing spaces

(trailing-spaces)

---

[error] 50-50: trailing spaces

(trailing-spaces)

---

[error] 77-77: trailing spaces

(trailing-spaces)

🔇 Additional comments (7)

cspell.json (1)

24-24: LGTM! Dictionary additions are consistent and well-organized.

The new words "crowdfunder", "unstaked", and "Unstaking" are:

• Properly alphabetized
• Follow existing capitalization patterns
• Relevant to the staking and arbitration functionality being modified

Also applies to: 51-52

.github/workflows/contracts-testing.yml (3)

Line range hint 12-14: LGTM! Strong security configurations in place.

The workflow implements security best practices:

• Minimal permissions following principle of least privilege
• Runner hardening with specific egress policies
• Well-defined allowed endpoints for package managers and GitHub

Also applies to: 20-34

🧰 Tools

🪛 yamllint (1.35.1)

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 46-46: trailing spaces

(trailing-spaces)

---

[error] 50-50: trailing spaces

(trailing-spaces)

---

43-43: LGTM! Excellent security practice with action version pinning.

All GitHub Actions are now pinned to specific commit hashes instead of version tags, which prevents supply chain attacks. The version tags are properly documented in comments for maintainability.

Also applies to: 47-49, 52-52, 79-79

---

74-77: Verify the coverage script configuration.

Please ensure:

1. The coverage script exists in the contracts workspace's package.json
2. The script properly handles both Hardhat and Foundry test coverage
3. Coverage artifacts are generated in the correct path

✅ Verification successful

Coverage script setup is properly configured

The verification confirms that:

• The coverage script exists and points to scripts/coverage.sh
• The script handles both Hardhat and Forge test coverage comprehensively:
  • Generates Forge coverage with lcov report
  • Generates Hardhat coverage using solcover.js configuration
  • Merges both reports and filters out unnecessary contracts
• Coverage artifacts are correctly generated in the coverage directory with proper filtering of mock and test files
• Both Hardhat and Foundry configurations are present

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if coverage script exists and its configuration
cat contracts/package.json | jq '.scripts.coverage'

# Check for coverage configuration files
fd -t f -e json -e js -e yml coverage.config

Length of output: 120

---

Script:

#!/bin/bash
# Check the coverage script content
cat contracts/scripts/coverage.sh

# Look for coverage-related configurations
fd -t f -e json -e js -e yml coverage

Length of output: 1688

---

Script:

#!/bin/bash
# Check for solcover.js configuration
cat contracts/.solcover.js

# Check if both Hardhat and Forge are available
ls contracts/hardhat.config.* contracts/foundry.toml

Length of output: 848

🧰 Tools

🪛 yamllint (1.35.1)

[error] 77-77: trailing spaces

(trailing-spaces)

contracts/package.json (1)

25-25: LGTM: Coverage script addition

The new coverage script entry is properly configured to execute the coverage.sh script.

contracts/.solcover.js (1)

8-8: LGTM: Coverage configuration updates

The changes improve the coverage setup by:

• Using LCOV format which is better suited for CI integration
• Properly excluding test and mock directories from coverage analysis

The skipFiles list correctly aligns with the paths filtered in the coverage.sh script.

Let's verify the existence of the excluded directories:

Also applies to: 17-17

✅ Verification successful

Coverage configuration correctly excludes test and mock directories

The excluded directories in .solcover.js are valid and match the actual project structure:

• Test directories: contracts/src/test/, contracts/test/
• Mock directories: contracts/src/gateway/mock/, contracts/src/proxy/mock/, contracts/src/rng/mock/
• Token directory: contracts/src/token/
• Kleros directory: contracts/src/kleros-v1/

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify that the excluded directories exist to ensure we're not accidentally skipping coverage for real code
fd -t d "^(test|token|kleros-v1|mock)$" contracts/

Length of output: 212

contracts/scripts/coverage.sh (1)

1-6: LGTM: Proper script setup

Good practices observed:

• Proper shebang line
• Exit on error enabled
• Clean workspace setup

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

.github/workflows/contracts-testing.yml (2)

43-43: Standardize version comment format.

The version comments are inconsistent. Some use vX.X.X format while others use vX.X.

Standardize all version comments to use the same format, preferably the most detailed one (vX.X.X):

- # v4.1.0
+ # v4.1.0
- # v4.2.2
+ # v4.2.2
- # v4.2.0
+ # v4.2.0
- # v1.2.0
+ # v1.2.0
- # v4.4.3
+ # v4.4.3

Also applies to: 47-47, 52-52, 67-67, 77-77

---

Line range hint 52-61: Consider adding package.json to cache key.

The cache key only includes package-lock.json and yarn.lock, but changes to package.json can also affect dependencies.

Add package.json to the cache key:

- key: ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}
+ key: ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}-${{ hashFiles('**/package.json', '**/package-lock.json', '**/yarn.lock') }}

🧰 Tools

🪛 yamllint (1.35.1)

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 46-46: trailing spaces

(trailing-spaces)

---

[error] 50-50: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b9810b2 and 9025a05.

📒 Files selected for processing (2)

• .github/workflows/contracts-testing.yml (2 hunks)
• contracts/scripts/coverage.sh (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• contracts/scripts/coverage.sh

🧰 Additional context used

🪛 yamllint (1.35.1)

.github/workflows/contracts-testing.yml

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 46-46: trailing spaces

(trailing-spaces)

---

[error] 50-50: trailing spaces

(trailing-spaces)

---

[error] 75-75: trailing spaces

(trailing-spaces)

🔇 Additional comments (2)

.github/workflows/contracts-testing.yml (2)

69-70: ⚠️ Potential issue

Critical: sudo usage conflicts with harden-runner configuration.

The sudo apt-get install command will fail because the workflow has disable-sudo: true in the harden-runner configuration.

Fix by removing sudo:

- run: sudo apt-get install -y lcov
+ run: apt-get install -y lcov

---

72-74: Verify coverage script existence.

Ensure that the coverage script is defined in the contracts workspace's package.json.

✅ Verification successful

Coverage script is properly configured and functional

The coverage script exists in package.json and points to an executable shell script that:

• Generates coverage reports from both Hardhat and Forge tests
• Merges and filters the reports appropriately
• Creates HTML reports for local development
• Handles CI environment differently

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if the coverage script exists in package.json
jq '.scripts.coverage' contracts/package.json

Length of output: 67

---

Script:

#!/bin/bash
# Check if the coverage script exists and is executable
ls -l contracts/scripts/coverage.sh

Length of output: 116

---

Script:

#!/bin/bash
# Check the contents of the coverage script
cat contracts/scripts/coverage.sh

Length of output: 1660

[coderabbitai]

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (1)

contracts/test/rng/index.ts (1)

Line range hint 1-184: Consider architectural improvements for RNG testing

To enhance the testing framework's reliability and maintainability:

1. Create a shared test utility module for common RNG testing patterns
2. Implement proper transaction receipt handling
3. Add test timeouts and retry mechanisms for network-dependent tests
4. Consider adding integration tests that verify the interaction between these RNG implementations and KlerosCore

Would you like me to help create a shared test utility module that implements these improvements?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9025a05 and b4fcc4e.

📒 Files selected for processing (2)

• contracts/scripts/coverage.sh (1 hunks)
• contracts/test/rng/index.ts (5 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• contracts/scripts/coverage.sh

[jaybuidl]

⚠️ This is going to break the subgraph

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/contracts-testing.yml (1)

69-70: ⚠️ Potential issue

Critical: sudo usage conflicts with harden-runner configuration.

The sudo apt-get install command will fail because the workflow has disable-sudo: true in the harden-runner configuration.

Fix by removing sudo:

- run: sudo apt-get install -y lcov
+ run: apt-get install -y lcov

🧹 Nitpick comments (1)

.github/workflows/contracts-testing.yml (1)

45-46: Remove trailing spaces.

There are trailing spaces on these lines that should be removed for consistency.

-        node-version: 18.x   
+        node-version: 18.x
 
-        
+
-    
+
-                   
+

Also applies to: 50-50, 79-79

🧰 Tools

🪛 yamllint (1.35.1)

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 46-46: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8e916d0 and fed3d93.

📒 Files selected for processing (2)

• .github/workflows/contracts-testing.yml (2 hunks)
• contracts/scripts/coverage.sh (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• contracts/scripts/coverage.sh

🧰 Additional context used

🪛 yamllint (1.35.1)

.github/workflows/contracts-testing.yml

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 46-46: trailing spaces

(trailing-spaces)

---

[error] 50-50: trailing spaces

(trailing-spaces)

---

[error] 79-79: trailing spaces

(trailing-spaces)

🔇 Additional comments (2)

.github/workflows/contracts-testing.yml (2)

Line range hint 13-14: LGTM! Following security best practices.

The addition of explicit read-only permissions follows the principle of least privilege.

🧰 Tools

🪛 yamllint (1.35.1)

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 46-46: trailing spaces

(trailing-spaces)

---

[error] 50-50: trailing spaces

(trailing-spaces)

---

72-78: Verify coverage report integration.

The workflow now includes both Foundry and Hardhat tests with coverage. Please ensure that:

1. Coverage reports from both frameworks are properly merged
2. No test cases are being double-counted in the final report

✅ Verification successful

Coverage reports are properly integrated

The coverage setup is well-configured with proper merging of both Foundry and Hardhat reports:

1. The coverage.sh script handles both frameworks:
   • Generates Forge coverage report as lcov-forge.info
   • Generates Hardhat coverage report as lcov-hardhat.info
   • Merges both reports using lcov tool
   • Filters out unnecessary contracts and generates HTML report
2. Path normalization is handled to ensure consistency between reports
3. Branch coverage is properly enabled

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check coverage configuration

# Check coverage configuration files
echo "Checking coverage configuration:"
fd -t f -e js -e json -e yml -E "node_modules" . | rg -l "coverage|lcov"

# Check if there are any coverage merging tools or scripts
rg -l "merge.*coverage|combine.*coverage" -g "!node_modules"

Length of output: 210

---

Script:

#!/bin/bash
# Let's check the package.json and hardhat config for coverage setup
echo "Checking package.json in contracts directory:"
cat contracts/package.json

echo -e "\nChecking hardhat.config files:"
fd hardhat.config -t f

echo -e "\nChecking coverage related scripts and configurations:"
rg -A 5 "coverage" contracts/

Length of output: 10599

[codeclimate]

Code Climate has analyzed commit 0220cc2 and detected 0 issues on this pull request.

View more on Code Climate.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud