{"id":17117941,"url":"https://github.com/transmissions11/chug-splash","last_synced_at":"2025-08-20T11:17:18.575Z","repository":{"id":107471975,"uuid":"352494744","full_name":"transmissions11/chug-splash","owner":"transmissions11","description":"[Optimism] chugsplash!","archived":false,"fork":false,"pushed_at":"2021-03-29T06:27:27.000Z","size":309,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-17T13:52:26.077Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"chugsplash-git-master-rari-capital.vercel.app","language":"TypeScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/transmissions11.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-29T02:38:38.000Z","updated_at":"2023-06-09T16:34:23.000Z","dependencies_parsed_at":"2023-03-29T13:02:22.623Z","dependency_job_id":null,"html_url":"https://github.com/transmissions11/chug-splash","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/transmissions11%2Fchug-splash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/transmissions11%2Fchug-splash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/transmissions11%2Fchug-splash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/transmissions11%2Fchug-splash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/transmissions11","download_url":"https://codeload.github.com/transmissions11/chug-splash/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245195907,"owners_count":20575936,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-14T17:53:01.456Z","updated_at":"2025-03-24T01:43:41.732Z","avatar_url":"https://github.com/transmissions11.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# chugsplash\n\n`chugsplash` is a smart contract deployment system that attempts to optimize for security and usibility.\nAt the core of `chugsplash` is the idea that a deployment or upgrade should take the form of a single atomic action.\nThis ideology asks that developers design their deployments carefully and deliberately.\nThe reward of doing so is a massive boost to both operational security and long-term maintainability.\n\n## Another smart contract deployment system????\nNot just any smart contract deployment system. **`chugsplash`**.\n\n## Why should I care?\nDo you want to get rekt? \nDidn't think so.\n`chugsplash` keeps you from getting rekt.\n\nPeople get rekt because **securing and managing complex smart contract deployments is hard**.\nBut it shouldn't be hard to keep you, your project, and your users safe.\n\n`chugsplash` makes security easy by creating a distinction between transaction *authorization* and transaction *execution*.\nHere at `chugsplash labs` (a totally real company, rest assured) we believe that **deployments and upgrades should take the form of a single, atomic, and highly intentional action**.\nYou should know *exactly* what you're about to send off to Ethereum.\nAnd once you do know what you're going to do, the whole thing should *reliably* happen.\n\nEach `chugsplash` deployment is authorized by a call to:\n\n```solidity\nfunction approveTransactionBundle(\n    bytes32 _transactionBundleHash\n)\n    public\n    onlyOwner\n{\n    ...\n}\n```\n\nSee that?\nIt's you're basically just **signing a single 32 byte hash and it authorizes the entire deployment**.\n`_transactionBundleHash` is a simple 32 byte hash onion commitment to a series of transactions.\nWe generate the hash onion from the bundle of transactions that you want to execute during the course of your deployment.\nWe'll get to the exact details of the hash onion in a second.\nFirst we need to describe the basic `chugsplash` transaction structure.\n\nThe `TransactionBundleExecutor` can either create a new contract or call an existing contract.\nEach \"action\" that you want to take is defined by:\n\n```ts\n{\n    to: null | hex,\n    data: hex,\n    gasLimit: number\n}\n```\n\nIf `to` is null, then this action is a deployment.\nOtherwise, this is a contract call.\nSince we there's no such thing as `null` in solidity, we add an extra field `_isCreate`.\nThe final transaction structure is summed up well by the function used to execute them:\n\n```solidity\nfunction executeTransaction(\n    bytes32 _nextTransactionHash, // one sec, we'll get to this!\n    bool _isCreate, // are we creating or calling?\n    address _target, // if calling, who to call?\n    uint256 _gasLimit, // how much gas should we be using\n    bytes memory _data // data to send to call or to deploy with\n)\n    public\n{\n    ...\n}\n```\n\nYou call this function over and over and the whole deployment happens.\nBut how does the contract know that the thing being executed was actually authenticated?\nWith the magic of ~hash onions~.\n\nSo let's actually explain hash onions.\nNote first that when you want to execute a transaction via this function you have to pass the following check:\n\n```solidity\nrequire(\n    keccak256(\n        abi.encode(\n            _nextTransactionHash,\n            _isCreate,\n            _target,\n            _gasLimit,\n            _data\n        )\n    ) == nextTransactionHash,\n    \"TransactionBundleExecutor: computed transaction hash does not match next transaction hash\"\n);\n```\n\nPretty straightforward here, we're committing to the hash of the transaction.\nAs long as the hash matches up we'll know that this is exactly what the user wanted to execute.\nHere's where that extra `nextTransactionHash` thing comes in.\nThe initial `transactionBundleHash` is a commitment to both the transaction and to a hash of the *next* transaction (+ a hash for the next next transaction, and so on).\nOnce a transaction passes the above check, we simply run:\n\n```solidity\nnextTransactionHash = _nextTransactionHash;\n```\n\nAnd repeat the process all over again!\nEventually some transaction will have a terminating hash (we use 0x00000...).\nAt this point there's no way to generate a valid transaction to be executed and the bundle is finished.\nNice.\n\n### Maintaining Atomicity\nOne key feature of `TransactionBundleExecutor` is that deployments must be executed completely.\nA new bundle cannot be processed until the previous bundle has been fully executed.\n// sorry I need to finish this readme later.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftransmissions11%2Fchug-splash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftransmissions11%2Fchug-splash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftransmissions11%2Fchug-splash/lists"}