Chore: security workflow

.catalog-info.yaml

@@ -6,6 +6,4 @@ metadata:
   description: Public Aurora Engine repository
 spec:
   targets:
-    - ./engine/.catalog-info.yaml
-    - ./etc/eth-contracts/.catalog-info.yaml
-    - ./engine-precompiles/.catalog-info.yaml
+    - ./**/.catalog-info.yaml

.github/workflows/contract-analysis.yml

@@ -0,0 +1,17 @@
+---
+on:
+  push:
+    branches:
+      - main
+      - develop
+  pull_request:
+  schedule:
+    - cron: "30 5 * * *"
+  workflow_dispatch:
+
+name: "Contract Security Analysis"
+jobs:
+  contract_analysis:
+    name: "Shared"
+    uses: aurora-is-near/.github/.github/workflows/contract_analysis.yml@master
+    secrets: inherit

engine-sdk/.catalog-info.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: aurora-engine-sdk
+  description: |-
+    Helper library for interacting with NEAR Blockchain, used by the engine, tests and contracts that need to interact with the engine.
+  tags:
+    - contract-library
+    - near
+  links: []
+  annotations:
+    aurora.dev/security-tier: "1"
+spec:
+  owner: engine-team
+  type: contract-library
+  lifecycle: production
+  system: aurora-engine
+  interactsWith: []

engine-standalone-storage/.catalog-info.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: aurora-engine-standalone-storage
+  description: |-
+    Aurora engine standalone storage library. Provides the storage backend used by the standalone engine.
+  tags:
+    - near
+  links: []
+  annotations:
+    aurora.dev/security-tier: "2"
+spec:
+  owner: engine-team
+  type: contract-tests
+  lifecycle: production
+  system: aurora-engine
+  interactsWith: []

engine-standalone-tracing/.catalog-info.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: aurora-engine-standalone-tracing
+  description: |-
+    Aurora engine standalone tracing library. Provides functions and types for extracing geth-like traces from standalone engine execution.
+  tags:
+    - near
+  links: []
+  annotations:
+    aurora.dev/security-tier: "2"
+spec:
+  owner: engine-team
+  type: contract-tests
+  lifecycle: production
+  system: aurora-engine
+  interactsWith: []

engine-test-doubles/.catalog-info.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: aurora-engine-test-doubles
+  description: |-
+    Contains implementations of engine traits suitable for using in tests
+  tags:
+    - near
+  links: []
+  annotations:
+    aurora.dev/security-tier: "-1"
+spec:
+  owner: engine-team
+  type: contract-tests
+  lifecycle: production
+  system: aurora-engine
+  interactsWith: []

engine-tests/.catalog-info.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: aurora-engine-tests
+  description: |-
+    Aurora Engine Tests
+  tags:
+    - near
+  links: []
+  annotations:
+    aurora.dev/security-tier: "-1"
+spec:
+  owner: engine-team
+  type: contract-tests
+  lifecycle: production
+  system: aurora-engine
+  interactsWith: []

engine-transactions/.catalog-info.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: aurora-engine-standalone-tracing
+  description: |-
+    Aurora engine transactions testing library.
+  tags:
+    - near
+  links: []
+  annotations:
+    aurora.dev/security-tier: "1"
+spec:
+  owner: engine-team
+  type: contract-tests
+  lifecycle: production
+  system: aurora-engine
+  interactsWith: []

engine-types/.catalog-info.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: aurora-engine-types
+  description: |-
+    Shared Engine Types
+  tags:
+    - contract-library
+    - near
+  links: []
+  annotations:
+    aurora.dev/security-tier: "1"
+spec:
+  owner: engine-team
+  type: contract-library
+  lifecycle: production
+  system: aurora-engine
+  interactsWith: []

etc/eth-contracts/contracts/AdminControlled.sol

@@ -7,6 +7,7 @@ contract AdminControlled {
     uint public paused;
 
     constructor(address _admin, uint flags) {
+        // slither-disable-next-line missing-zero-check
         admin = _admin;
 
         // Add the possibility to set pause flags on the initialization
@@ -34,12 +35,14 @@ contract AdminControlled {
     }
 
     function adminSendEth(address payable destination, uint amount) public onlyAdmin {
+        // slither-disable-next-line missing-zero-check
         destination.transfer(amount);
     }
 
     function adminReceiveEth() public payable onlyAdmin {}
 
     function adminDelegatecall(address target, bytes memory data) public payable onlyAdmin returns (bytes memory) {
+        // slither-disable-next-line controlled-delegatecall,low-level-calls,missing-zero-check
         (bool success, bytes memory rdata) = target.delegatecall(data);
         require(success);
         return rdata;

etc/eth-contracts/contracts/EvmErc20.sol

@@ -17,6 +17,7 @@ contract EvmErc20 is ERC20, AdminControlled, IExit {
     string private _symbol;
     uint8 private _decimals;
 
+    // slither-disable-next-line shadowing-local
     constructor (string memory metadata_name, string memory metadata_symbol, uint8 metadata_decimals, address admin)
         ERC20(metadata_name, metadata_symbol)
         AdminControlled(admin, 0)
@@ -38,6 +39,7 @@ contract EvmErc20 is ERC20, AdminControlled, IExit {
         return _decimals;
     }
 
+    // slither-disable-next-line events-maths
     function setMetadata(string memory metadata_name, string memory metadata_symbol, uint8 metadata_decimals) external onlyAdmin {
         _name = metadata_name;
         _symbol = metadata_symbol;

etc/eth-contracts/contracts/EvmErc20V2.sol

@@ -17,6 +17,7 @@ contract EvmErc20V2 is ERC20, AdminControlled, IExit {
     string private _symbol;
     uint8 private _decimals;
 
+    // slither-disable-next-line shadowing-local
     constructor (string memory metadata_name, string memory metadata_symbol, uint8 metadata_decimals, address admin)
         ERC20(metadata_name, metadata_symbol)
         AdminControlled(admin, 0)
@@ -38,6 +39,7 @@ contract EvmErc20V2 is ERC20, AdminControlled, IExit {
         return _decimals;
     }
 
+    // slither-disable-next-line events-maths
     function setMetadata(string memory metadata_name, string memory metadata_symbol, uint8 metadata_decimals) external onlyAdmin {
         _name = metadata_name;
         _symbol = metadata_symbol;

etc/tests/.catalog-info.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: aurora-engine-tests
+  description: |-
+    Collection of Engine Tests
+  tags:
+    - near
+  links: []
+  annotations:
+    aurora.dev/security-tier: "-1"
+spec:
+  owner: engine-team
+  type: contract-tests
+  lifecycle: production
+  system: aurora-engine
+  interactsWith: []

etc/xcc-router/.catalog-info.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: aurora-engine-xcc-router
+  description: |-
+    Cross-contract call ruter for engine tests
+  tags:
+    - near
+  links: []
+  annotations:
+    aurora.dev/security-tier: "-1"
+spec:
+  owner: engine-team
+  type: contract-tests
+  lifecycle: production
+  system: aurora-engine
+  interactsWith: []