Update README.md

jg8481 · Sep 9, 2024 · d94d398 · d94d398
1 parent 8ae912e
commit d94d398
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -14,15 +14,15 @@
 
 By using this software you understand the risks of Web3 and blockchain technologies. This toolkit is intended for testing and learning exciting concepts in the Web3 and blockchain industry with a security-minded self-education approach. The blockchain and DeFi ecosystems do not show mercy in any way to even the smallest mistakes. [I recommend that you self-educate yourself first and read MetaMask's security knowledge base before experimenting with this repository.](https://metamask.zendesk.com/hc/en-us/articles/360015489591-Basic-Safety-and-Security-Tips-for-MetaMask) **You are responsible for your own personal cryptocurrency funds and Web3 wallet private keys, and it is your personal responsibility to educate yourself to protect them.** Any misuse or mishandling of this software on any of the EVM compatible blockchain mainnets or testnets is at your own risk.
 
-Also just a **friendly warning, DO NOT ATTEMPT TO SEND FUNDS to any of the** [**20 test accounts**](https://dev.to/alex_bobes/making-an-ethereum-bot-a-step-by-step-guide-3ol4) provided by `hardhat`. 
+Also just a **friendly warning, DO NOT ATTEMPT TO SEND FUNDS to any of the** [**20 test accounts**](https://dev.to/alex_bobes/making-an-ethereum-bot-a-step-by-step-guide-3ol4) provided by `Hardhat`. 
 
 ## Ethereum set the standard, but cross-chain is the future
 
 [The capabilities of the Solidity programming language and the Ethereum platform in general are vast and growing every day](https://soliditylang.org/). One of the common usecases for Ethereum has been to approach it as a gigantic Web3 backend system. The very simple OpenZeppelin ERC20 `TestToken` and other smart contract examples included in this toolkit are only tiny slices of the bigger picture in comparison to what is being used today [in Web3 and DeFi production environments](https://dappradar.com/). In general when you approach people on the street and they hear the word `Ethereum`, the reactions you would probably get from them is "oh that's the thing I can buy on Coinbase or Binance and send to my parents on the other side of the world" or "that's the blockchain network that has all those worthless poo-coins right?". In reality, Ethereum was built for much immensely grander designs than the simple monetary usecases that most people are familiar with. [Vitalik Buterin and the other Ethereum co-founders originally sought to create a "World Computer".](https://cointelegraph.com/news/the-mind-behind-the-world-computer-ethereums-vitalik-buterin) As you browse through this documentation you will notice that **I am not attempting to try to create "generic keywords" for the Solidity language or the "World Computer" that smart contracts are deployed to, and you will see a lot of mostly non-generic transparent strategies in this repository.** As a busy person who is trying to actively learn blockchain technologies and is worried about the security of his own Web3 wallet (also concerned for the safety of all of yours as well), I will leave the generic blockchain automation keyword development for others to pursue. An important trend in the Ethereum ecosystem to pay more attention to is the [rising popularity of bridges](https://ethereum.org/en/bridges/) into many other types of blockchains, and [the current Web3 protocols that are evolving towards cross-chain communication](https://www.alchemy.com/overviews/cross-chain-vs-multichain). I have usecases of my own for cross-chain EVM (Ethereum Virtual Machine) projects and prefer to focus on my ideas for this toolkit, but I wanted to share my high-level strategies here ([also discussed with TestGuild's Joe Colantonio on YouTube](https://youtu.be/fuR_17malWI?si=TXmrSu9QxA4AGI0U)) and possibly hear your thoughts too if you want to reach out to me on [Robot Framework's Slack Group](https://robotframework.slack.com/).
 
 ## Solidity clean-room environment testing is safe and repeatable
 
-This [multichain toolkit](https://github.com/jg8481/Robot-Framework-Solidity-Testing-Toolkit) contains keyword-driven automation that helps **locally test EVM compatible Solidity smart contracts, [deploys them using a multichain approach](https://roycewells.io/writing/multichain-development/), and has the basic building blocks for creating blockchain event monitoring bots**. One of the primary components is a custom-made `robotframework-hardhat-remote-library.js` that was built using [hardhat](https://hardhat.org/) and [ethers.js](https://github.com/ethers-io/ethers.js/) libraries for [Web3](https://ethereum.org/en/web3/) development, and combined together using [comick's node-robotremoteserver](https://github.com/comick/node-robotremoteserver). This toolkit has been designed to [create local clean-room environment mainnet forks through Hardhat Network](https://hardhat.org/hardhat-network/docs/guides/forking-other-networks) for deploying smart contracts on multiple types of blockchains that support the EVM. I have included small checks and basic RPA automation scripts that work for Ethereum, Fantom, Avalanche, Polygon, but they can be adapted to cover many others as well by simply adjusting minor `hardhat` CLI options and altering the provided config files. Also all of the [automated checks in this repository are spending ZERO actual gas because they are mostly reading or interacting with simulated blockchains running on a local machine](https://ethereum.stackexchange.com/questions/18183/gas-costs-reading-data-is-this-free), and not sending testnet transactions (scroll down to see risks of frequently doing that) or touching anything on mainnets.
+This [multichain toolkit](https://github.com/jg8481/Robot-Framework-Solidity-Testing-Toolkit) contains keyword-driven automation that helps **locally test EVM compatible Solidity smart contracts, [deploys them using a multichain approach](https://roycewells.io/writing/multichain-development/), and has the basic building blocks for creating blockchain event monitoring bots**. One of the primary components is a custom-made `robotframework-hardhat-remote-library.js` that was built using [Hardhat](https://hardhat.org/) and [ethers.js](https://github.com/ethers-io/ethers.js/) libraries for [Web3](https://ethereum.org/en/web3/) development, and combined together using [comick's node-robotremoteserver](https://github.com/comick/node-robotremoteserver). This toolkit has been designed to [create local clean-room environment mainnet forks through Hardhat Network](https://hardhat.org/hardhat-network/docs/guides/forking-other-networks) for deploying smart contracts on multiple types of blockchains that support the EVM. I have included small checks and basic RPA automation scripts that work for Ethereum, Fantom, Avalanche, Polygon, but they can be adapted to cover many others as well by simply adjusting minor `Hardhat` CLI options and altering the provided config files. Also all of the [automated checks in this repository are spending ZERO actual gas because they are mostly reading or interacting with simulated blockchains running on a local machine](https://ethereum.stackexchange.com/questions/18183/gas-costs-reading-data-is-this-free), and not sending testnet transactions (scroll down to see risks of frequently doing that) or touching anything on mainnets.
 
 ## "Ethereum is a Dark Forest" - Dan Robinson and Georgios Konstantopoulos
 
@@ -31,14 +31,14 @@ You may be wondering. What's so special about Hardhat Network, [Trufflesuite's G
 **_Some Testnet testing disadvantages and risks:_**
 - [Most of the time a testnet will be slow](https://www.reddit.com/r/ethereum/comments/cxdno6/ropsten_very_slow/)
 - Even though it's a testnet you still need to worry about paying gas fees for every Metamask wallet transaction
-- If you're using `hardhat` or `truffle` there is a risk that you can [expose your Metamask wallet private key in your deployment configuration files by accidentally pushing them into GitHub](https://consensys.net/blog/developers/how-to-avoid-uploading-your-private-key-to-github-approaches-to-prevent-making-your-secrets-public/)
+- If you're using `Hardhat` or `Truffle` there is a risk that you can [expose your Metamask wallet private key in your deployment configuration files by accidentally pushing them into GitHub](https://consensys.net/blog/developers/how-to-avoid-uploading-your-private-key-to-github-approaches-to-prevent-making-your-secrets-public/)
 - Deploying smart contracts to a blockchain testnet is immutable or permanent. [Which is exactly how mainnets behave as well](https://www.gemini.com/cryptopedia/blockchain-testnet-devnet-sandbox-crypto-mainnet#section-what-is-a-blockchain-testnet)
 - If you are in the security sector of the blockchain industry, [testing on an Ethereum Testnet can have other possible serious risks](https://medium.com/immunefi/why-you-should-never-test-exploits-on-mainnet-or-public-testnets-7e904a2cbf05). Testnets are constantly being attacked on a daily basis. **Very bad actors are good at tracking all transactions on testnets and mainnets, which could lead to various security risks. One of those risks includes indirectly exposing your Metamask address to these bad actors**
 
 **_Some Mainnet testing disadvantages and risks:_**
 - [Very expensive to test on a mainnet](https://www.coingecko.com/en/coins/ethereum)
 - You need to worry about paying real gas fees for every Metamask wallet transaction
-- If you're using `hardhat` or `truffle`, similar to testnets, there is the [same risk of exposing your Metamask wallet private key](https://decrypt.co/30222/hacker-steals-1200-worth-of-ethereum-in-under-100-seconds)
+- If you're using `Hardhat` or `Truffle`, similar to testnets, there is the [same risk of exposing your Metamask wallet private key](https://decrypt.co/30222/hacker-steals-1200-worth-of-ethereum-in-under-100-seconds)
 - Deploying smart contracts to a blockchain mainnet is immutable or permanent. [It will stay there on the blockchain forever](https://academy.binance.com/en/glossary/immutability)
 - Same possible security risks found on testnet that I mentioned above, [but on mainnet it can be much worse. Click here to read an interesting real-life Ethereum Mainnet "horror story"](https://www.paradigm.xyz/2020/08/ethereum-is-a-dark-forest)
 
@@ -63,6 +63,7 @@ In the future I plan to expand this toolkit into the following areas.
 - Create a `robotframework-truffle-remote-library.js` remote library using the [Truffle toolkit](https://trufflesuite.com/), and design similar features that are found in the `robotframework-hardhat-remote-library.js` remote library.
   - Progress:
     - (February 12, 2023 - **Ready To Use**) Created a working Truffle Suite library using a similar design as the Hardhat library, but utilizes [web3.js](https://web3js.org) and added a few different tests too.
+    - (September 21, 2023 - **Consensys Announcement**) There was an [announcement from the Truffle and Ganache lead developer Consensys](https://consensys.io/blog/consensys-announces-the-sunset-of-truffle-and-ganache-and-new-hardhat?utm_source=github&utm_medium=referral&utm_campaign=2023_Sep_truffle-sunset-2023_announcement_) that both projects were officially sunsetted and support has ended. I will no longer update my `robotframework-truffle-remote-library.js` remote library. I recommend using either Hardhat or Foundry.
 - Create more static analysis, security, and vulnerability scanning RPA automation integrated with popular tools (for example: [Consensys Diligence Tools](https://consensys.io/diligence/tools/)) in the Web3 and blockchain industry.
   - Progress:
     - (August 11, 2024 - **Ready To Use**) Created various security focused workflows that handle static analysis and vulnerability scanning of smart contracts.
@@ -81,7 +82,7 @@ In the future I plan to expand this toolkit into the following areas.
 
 ### Technical Requirements
 
-The following are the basic technical requirements needed to run these automated checks. Please note that this entire toolkit was developed on a MacOS machine, but should also work for most Linux users (preferably most current Ubuntu LTS versions etc.) and I would keep an eye on whatever the `hardhat` or `truffle` (source: https://github.com/trufflesuite/ganache-ui/releases) communities recommend for Linux distributions.
+The following are the basic technical requirements needed to run these automated checks. Please note that this entire toolkit was developed on a MacOS machine, but should also work for most Linux users (preferably most current Ubuntu LTS versions etc.) and I would keep an eye on whatever the `Hardhat` or `Truffle` (source: https://github.com/trufflesuite/ganache-ui/releases) communities recommend for Linux distributions.
 - Python 3 -> https://www.python.org/downloads/
 - NodeJS 22 -> https://nodejs.org/en/ or use https://github.com/nvm-sh/nvm
   - If you're using `nvm`, you can run `nvm install 22` to install version 22