Support

## Creating a Vault Deployer Script with Forge This lesson guides you through building a Solidity script using the Foundry/Forge framework to deploy a `Vault` smart contract. We'll focus on structuring the script, handling dependencies, using Forge cheatcodes, and managing necessary permissions, particularly in the context of a cross-chain deployment scenario. ### Setting Up the Deployment Script File First, we need to create the file that will house our deployment logic. Within your Foundry project, create a new file in the `script/` directory: ``` script/Deployer.s.sol ``` Inside this file, start with the standard Solidity boilerplate, specifying the license and compiler version: ```solidity // SPDX-License-Identifier: MIT pragma solidity ^0.8.24; ``` Next, import the base `Script` contract from the Forge Standard Library (`forge-std`). This contract provides essential functionalities for scripting, including access to Forge's powerful cheatcodes via the `vm` instance. ```solidity import {Script} from "forge-std/Script.sol"; ``` ### Structuring Deployment Logic for Cross-Chain Scenarios In many Web3 applications, especially those involving cross-chain interactions like CCIP (Cross-Chain Interoperability Protocol), not all contracts are deployed to every chain. Some components might exist only on a source chain, while others are needed on both source and destination chains. To handle this, it's good practice to separate deployment logic. In this example, we'll define two script contracts within our `Deployer.s.sol` file: 1. `TokenAndPoolDeployer`: (Implementation not detailed here) This would handle deploying contracts like `RebaseToken` and `RebaseTokenPool`, which are assumed to exist on *both* source and destination chains. 2. `VaultDeployer`: This will handle deploying the `Vault` contract, which, in our scenario, is intended *only* for the source chain (handling deposits and redemptions). Both contracts will inherit from the `Script` contract: ```solidity // SPDX-License-Identifier: MIT pragma solidity ^0.8.24; import {Script} from "forge-std/Script.sol"; // Import other dependencies as needed... contract TokenAndPoolDeployer is Script { // Logic for deploying token and pool (omitted for brevity) } contract VaultDeployer is Script { // Logic for deploying the Vault contract (detailed below) } ``` This separation keeps the deployment process organized and adaptable to different chain requirements. We will now focus on implementing the `VaultDeployer`. ### Implementing the VaultDeployer Script The `VaultDeployer` script needs to perform several tasks: deploy the `Vault` contract, provide its constructor arguments, and grant it necessary permissions on another contract (`RebaseToken`). **1. Importing Dependencies:** The script needs to know about the `Vault` contract it's deploying and the interface of the `RebaseToken` it interacts with. Add these imports within `Deployer.s.sol`: ```solidity import {Vault} from "../src/Vault.sol"; import {IRebaseToken} from "../src/interfaces/IRebaseToken.sol"; ``` **2. Defining the `run` Function:** Forge scripts execute their logic within a `run` function. This function will orchestrate the deployment steps. * **Input Argument:** The `Vault` constructor requires the address of the associated `RebaseToken`. Therefore, our `run` function needs to accept this address as an input parameter (`address _rebaseToken`). * **Return Value:** We want the script to return the instance of the deployed `Vault` contract. We declare this using a named return variable `returns (Vault vault)`. Solidity allows for implicit returns when named return variables are assigned a value. * **Visibility:** The `run` function must be `public` or `external`. ```solidity contract VaultDeployer is Script { // Imports Vault and IRebaseToken go here... function run(address _rebaseToken) public returns (Vault vault) { // Deployment logic will go here } } ``` **3. Broadcasting Transactions:** Any operation that changes the blockchain state (like deploying a contract or calling a function that modifies storage) must be broadcast as a transaction. Forge provides cheatcodes for this: `vm.startBroadcast()` and `vm.stopBroadcast()`. All state-changing calls between these two cheatcodes will be packaged and sent as transactions when the script is executed. ```solidity function run(address _rebaseToken) public returns (Vault vault) { vm.startBroadcast(); // State-changing operations: Deployment & Role Granting vm.stopBroadcast(); // Implicit return of 'vault' happens here } ``` **4. Deploying the Vault Contract:** Inside the broadcast block, we deploy the `Vault` contract using the `new` keyword. We must pass the required constructor arguments. The `Vault` constructor expects an instance of `IRebaseToken`, but our `run` function receives an `address`. We need to cast the `_rebaseToken` address to the `IRebaseToken` interface type. The result of the deployment (the contract instance) is assigned to our named return variable `vault`. ```solidity vm.startBroadcast(); // Deploy the Vault, passing the RebaseToken address cast to the interface type vault = new Vault(IRebaseToken(_rebaseToken)); // Role granting logic comes next... vm.stopBroadcast(); ``` **5. Granting Permissions (Role-Based Access Control):** Our `Vault` contract needs permission to mint and burn the `RebaseToken` to function correctly. Assuming the `RebaseToken` uses role-based access control, it likely has a function like `grantMintAndBurnRole(address _account)` to grant these permissions. We need to call this function on the `RebaseToken` instance, granting the role to our newly deployed `vault`. * We already have the `RebaseToken` address (`_rebaseToken`), which we can cast to `IRebaseToken` to call its functions. * The `grantMintAndBurnRole` function expects an `address`, but we have the `vault` contract instance. We need to cast the `vault` instance to its `address`. ```solidity vm.startBroadcast(); vault = new Vault(IRebaseToken(_rebaseToken)); // Grant the deployed Vault the necessary role on the RebaseToken IRebaseToken(_rebaseToken).grantMintAndBurnRole(address(vault)); vm.stopBroadcast(); ``` **6. Ensuring the Interface is Up-to-Date:** For the script to compile and successfully call `grantMintAndBurnRole` on the `IRebaseToken` type, the function signature must exist in the interface definition file (`src/interfaces/IRebaseToken.sol`). Make sure the interface includes this function: ```solidity // In src/interfaces/IRebaseToken.sol interface IRebaseToken { // ... other functions like mint, burn, balanceof, etc. // Ensure this function signature is present function grantMintAndBurnRole(address _account) external; } ``` If you add this function to the interface after initially writing the script code that calls it, your IDE or linter might sometimes show a persistent error. A common workaround is to cut the line causing the error in your script (`IRebaseToken(_rebaseToken).grantMintAndBurnRole(...)`), save the file, and then paste the line back in. This often forces the linter to re-evaluate based on the updated interface. ### Final `VaultDeployer` Script Putting it all together, the `VaultDeployer` contract within `script/Deployer.s.sol` looks like this: ```solidity // SPDX-License-Identifier: MIT pragma solidity ^0.8.24; import {Script} from "forge-std/Script.sol"; import {Vault} from "../src/Vault.sol"; import {IRebaseToken} from "../src/interfaces/IRebaseToken.sol"; // Contract TokenAndPoolDeployer would typically be defined here as well contract VaultDeployer is Script { /** * @notice Deploys the Vault contract and grants it mint/burn role on the RebaseToken. * @param _rebaseToken The address of the already deployed RebaseToken contract. * @return vault The instance of the newly deployed Vault contract. */ function run(address _rebaseToken) public returns (Vault vault) { // Start broadcasting transactions to the network vm.startBroadcast(); // 1. Deploy the Vault contract, providing the RebaseToken address // (cast to the required IRebaseToken interface type) as the constructor argument. vault = new Vault(IRebaseToken(_rebaseToken)); // 2. Grant the newly deployed Vault contract the permission to mint and burn // tokens by calling grantMintAndBurnRole on the RebaseToken contract. // The Vault instance needs to be cast to an address for the function argument. IRebaseToken(_rebaseToken).grantMintAndBurnRole(address(vault)); // Stop broadcasting transactions vm.stopBroadcast(); // The 'vault' variable is implicitly returned because it's a named return variable // and has been assigned a value within the function body. } } ``` This script effectively deploys the `Vault` contract, configures it with the necessary `RebaseToken` address during construction, and grants the required permissions for its operation, all automated through Forge scripting. Remember that executing this script requires providing the address of an already deployed `RebaseToken` contract.

Vault Deployment-script

A practical Forge scripting guide to Creating a Vault Deployer Script with Forge - Learn to build a Solidity deployment script using Foundry/Forge to deploy a `Vault` contract. Covers structuring the script, using cheatcodes for broadcasting, and granting necessary permissions.

Course Overview

About the course

What you'll learn

Advanced smart contract development

How to develop a stablecoin

How to develop a DeFi protocol

How to develop a DAO

Advanced smart contracts testing

Fuzz testing

Manual verification

Course Description

Who is this course for?

Engineers
Smart Contract Security researchers

Potential Careers

Web3 Developer Relations

$85,000 - $125,000 (avg. salary)

Web3 developer

$60,000 - $150,000 (avg. salary)

Smart Contract Engineer

$100,000 - $150,000 (avg. salary)

Smart Contract Auditor

$100,000 - $200,000 (avg. salary)

Security researcher

$49,999 - $120,000 (avg. salary)

Meet your instructors

Patrick Collins

Founder at Cyfrin

Web3 engineer, educator, and Cyfrin co-founder. Patrick's smart contract development and security courses have helped hundreds of thousands of engineers kickstarting their careers into web3.

Guest lecturers:

Juliette Chevalier

Lead Developer relations at Aragon

Ciara Nightingale

Developer relations at Cyfrin

Vasiliy Gualoto

Developer relations at ThirdWeb

Nader Dabit

Director of developer relations at EigenLayer

Ally Haire

Developer relations at Protocol Labs

Harrison

Founder at GasliteGG

Vitto Rivabella

CPO at Cyfrin

Last updated on April 4, 2025

Thanks for checking us out

Start learning for free

Start for free

Solidity Developer

Advanced Foundry

Section 1: Develop an ERC20 Crypto Currency

Duration: 36min

Section 2: Develop an NFTs Collection

Duration: 3h 06min

Section 3: Develop a DeFi Protocol

Duration: 5h 02min

Section 4: Cross Chain Rebase Token

Duration: 6h 02min

1. Introduction

An in-depth overview to Introduction to Building a Cross-Chain Rebase Token - Explore the design and implementation of a cross-chain rebase token utilizing Foundry and Chainlink CCIP for development and interoperability. Delve into rebase mechanics, burn-and-mint bridging, vault interactions, and advanced Foundry testing techniques like fork testing. Duration: 3min

2. What Is-a-rebase-token

A demystifying explanation to Understanding Rebase Tokens - Uncover why some token balances change automatically by exploring the mechanics of rebase tokens. Learn about automatic supply adjustments, different types, and real-world applications like Aave's yield-bearing aTokens. Duration: 2min

3. Rebase Token-code-structure

A foundational introduction to Introduction to Building a Rebase Token - Set up your development environment with Foundry and define core design principles for a rebase token. Covers vault mechanics, dynamic balance calculations, and a unique interest rate system favoring early adopters. Duration: 9min

4. Writing The-rebase-token-contract

An essential setup guide to Building a Rebase Token: Initial Implementation in Solidity - Establish the foundation for a rebase token in Solidity using Foundry and OpenZeppelin. Define key state variables, handle fixed-point math, and implement the core dynamic balance calculation by overriding `balanceOf`. Duration: 33min

5. Mintinterest And-burn-functions

A crucial look into Implementing Interest Accrual and Burning in a Rebase Token - Understand the necessity of synchronizing principal and actual balances via `_mintAccruedInterest` in rebase tokens, and learn to implement the `burn` function, leveraging the Max Uint Pattern for complete withdrawals. Duration: 9min

6. Finish Rebase-token-contract

An in-depth walkthrough to Finalizing the RebaseToken: Integrating ERC20 Functionality - Integrate standard ERC20 features into a custom RebaseToken, overriding key functions like `balanceOf` and `transfer` to account for accrued interest. Address the specific challenges and design choices for rebase token mechanics. Duration: 16min

7. Access Control

An essential lesson on Securing Smart Contracts with OpenZeppelin Access Control - Explore why access control is critical and implement robust security using `Ownable` and `AccessControl`. Master single-owner restrictions and flexible role-based permissions for your Solidity projects. Duration: 12min

8. Vault And-natspec

A foundational walkthrough to Building a Secure Vault Contract in Solidity - Learn to construct a Solidity Vault contract for managing ETH deposits/redemptions and interacting with a token contract. Implement key security patterns like Checks-Effects-Interactions and best practices for robust DeFi development. Duration: 14min

9. Rebase Token-tests-part-1

A foundational setup guide to Setting Up Foundry Tests for Your Rebase Token - Learn to create the initial test file and configure the Foundry environment using the `setUp` function, including contract deployment and resolving common type-casting issues. Outline the structure for testing linear interest accrual in a rebase token system. Duration: 11min

10. Rebase Token-test-part-2

An in-depth guide to Advanced Smart Contract Testing: Rebase Token Fuzzing and Debugging - Explore advanced Foundry techniques like fuzzing with `vm.bound`, debugging precision issues, and testing custom error reverts using `vm.expectPartialRevert`. Learn to build robust tests for deposit, redemption, and interest accrual logic in a rebase token. Duration: 43min

11. Vulnerabilities And-cross-chain-intro

An insightful introduction to Understanding RebaseToken Design Flaws and Introducing Cross-Chain Concepts - Delve into potential exploits and interest calculation issues within a sample RebaseToken. Explore bridging, Chainlink CCIP, and permissionless token standards for cross-chain applications. Duration: 6min

12. Bridging

A comprehensive explanation of Understanding Blockchain Bridges: Connecting the Islands - Explore how bridges link isolated blockchains, detailing mechanisms like burn-and-mint and lock-and-mint for asset transfers. Contrast native vs. third-party and centralized vs. decentralized models, outlining benefits and security implications. Duration: 8min

13. CCIP

A comprehensive introduction to Understanding Chainlink CCIP - Delve into the core architecture and security features of Chainlink's Cross-Chain Interoperability Protocol (CCIP). Discover how it tackles blockchain isolation, enabling secure token and data transfers via its unique components like the Risk Management Network. Duration: 12min

14. The CCT Standard

A comprehensive overview to Understanding the Cross Chain Token (CCT) Standard - Delve into Chainlink's Cross Chain Token (CCT) Standard, a CCIP-based solution tackling liquidity fragmentation and enhancing developer control. Discover its permissionless integration, advanced security features, programmable transfers, and architectural components. Duration: 13min

15. Circle CCTP

An informative exploration of Circle's Cross-Chain Transfer Protocol (CCTP) - Learn how CCTP facilitates secure, native USDC transfers across blockchains using its unique burn-and-mint mechanism. Understand its advantages over traditional bridges and key features like standard versus fast transfers. Duration: 12min

16. Pool Contract

A detailed walkthrough to Enabling Cross-Chain Rebasing Tokens with Custom CCIP Pools - Learn how to construct a bespoke Chainlink CCIP token pool using Foundry for rebasing tokens. Implement the Burn/Mint mechanism to securely transfer tokens while preserving user-specific data like interest rates. Duration: 31min

17. Finish Pool Contract

An iterative approach to Debugging and Compiling the RebaseTokenPool Contract - Learn how to use `forge build` to identify and resolve common Solidity compilation errors in Foundry projects. Follow an iterative process to fix issues like incorrect import paths, function argument mismatches, and type errors. Duration: 1min

18. Chainlink Local-and-fork-tests

A comprehensive introduction to Setting Up Local Fork Tests for Chainlink CCIP with Foundry - Master Foundry's fork testing cheatcodes to replicate multiple blockchain states locally for cross-chain development. Integrate Chainlink Local's simulator to test CCIP interactions realistically between these forked environments. Duration: 11min

19. Deploy Token-test

A foundational setup guide to Deploying Tokens in a Foundry CCIP Test Environment - Learn the initial steps of setting up a Foundry test for cross-chain token deployment using Chainlink CCIP. Deploy `RebaseToken` contracts on both Sepolia and Arbitrum Sepolia forks, managing forks and deployers. Duration: 4min

20. CCIP Setup-test

A foundational setup guide to Setting Up CCIP Burn & Mint Tokens in Foundry - Deploy custom rebase tokens and Chainlink Token Pools on forked testnets using Foundry setup scripts. Configure CCIP permissions, register tokens with the admin registry, and link them to their pools for Burn & Mint testing. Duration: 11min

21. Configure Pool-test

A crucial guide to Chainlink CCIP: Configuring Token Pools in Tests - Learn the vital configuration step after deploying Token Pools but before testing cross-chain transfers. Understand how to use `applyChainUpdates` in Hardhat/Foundry to link pools across chains. Duration: 10min

22. Bridge Function-test

A practical guide to Testing Cross-Chain Token Transfers with Chainlink CCIP and Foundry - Build and thoroughly test a reusable Solidity function for bridging tokens using Chainlink CCIP within a Foundry environment. Leverage the local simulator to verify cross-chain transfers and handle LINK fees between simulated networks. Duration: 21min

23. First Cross-chain-test

A hands-on implementation to Implementing Your First CCIP Cross-Chain Test in Foundry - Discover how to write a Foundry test for CCIP cross-chain transfers using a local simulator for forked networks. Implement and utilize a `bridgeTokens` helper function to test a complete round-trip bridging scenario. Duration: 11min

24. Vault Deployment-script

25. Token And-pool-deployer

A comprehensive walkthrough to Deploying Rebase Tokens and CCIP Pools with Foundry - Learn how to create a Foundry script to deploy custom RebaseToken and RebaseTokenPool contracts. Automatically configure the necessary Chainlink CCIP settings to enable cross-chain token transfers using the Burn & Mint standard. Duration: 9min

26. Pool Config-script

A detailed guide to Configuring CCIP Token Pools with a Forge Script - Learn to write a Solidity Forge script (`ConfigurePool.s.sol`) for post-deployment Chainlink CCIP Token Pool setup. Configure inter-chain connections and crucial rate-limiting parameters by running the script on both chains. Duration: 8min

27. Bridging Script

A step-by-step guide to Creating a CCIP Token Bridging Script - Learn to build a Foundry script (`BridgeTokens.s.sol`) for Chainlink CCIP token bridging, focusing on token-only transfers. Understand how to construct the CCIP message, calculate fees, manage ERC20 approvals, and initiate the cross-chain send. Duration: 13min

28. Build Scripts

A foundational preparation to Preparing for Testnet Deployment and Testing - Correct Solidity build errors such as missing 'memory' keywords and address the Foundry `vm.warp`/`via_ir` testing bug. Solidify your project codebase, ensuring it compiles reliably for Sepolia and zkSync deployment. Duration: 4min

29. Run Scripts-on-testnet

A detailed deployment guide to Deploying Your Cross-Chain Application to Testnets - Master deploying smart contracts across Ethereum and zkSync testnets using a hybrid Bash and Foundry strategy. Secure testnet funds, configure environments, and initiate a token bridge via Chainlink CCIP. Duration: 15min

30. Cross Chain-message-sucess

An essential guide to Verifying Your Cross-Chain Token Transfer with CCIP Explorer and MetaMask - Learn how to use the CCIP Explorer to confirm successful cross-chain transfers and examine transaction specifics. Verify token arrival on the destination chain by importing the contract into your MetaMask wallet. Duration: 3min

31. Outro

A comprehensive overview to Building a Cross-Chain Rebase Token with CCIP - Recaps creating a custom Rebase Token with interest accrual and CCIP integration using Token Pools. Details the Foundry testing strategies, deployment scripting, and live cross-chain execution process. Duration: 3min

Section 5: Airdrop and Signatures

Duration: 2h 47min

Section 6: Upgradeable Smart Contracts

Duration: 1h 23min

Section 7: Account Abstraction

Duration: 4h 28min

Section 8: DAOs

Duration: 1h 19min

Section 9: Security

Duration: 1h 10min