feat(settings): add Albion Labs tokenlist#88
Open
dcatki2 wants to merge 1 commit into
Open
Conversation
Adds Albion Labs tokenlist for R1/R2 royalty tokens on Base. - ALB-WR1-R1: Wressle-1 Community Preview (2.5% of 4.5% royalty) - ALB-WR1-R2: Wressle-1 Investor Preview (7.5% of 4.5% royalty) Tokenlist URL: https://raw.githubusercontent.com/albionlabs/tokenlist/main/albion.tokenlist.json Repo: https://github.com/albionlabs/tokenlist
WalkthroughA single token list source URL was added to the Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@settings.yaml`:
- Line 62: The settings.yaml contains a mutable URL reference to
"https://raw.githubusercontent.com/albionlabs/tokenlist/main/albion.tokenlist.json"
which tracks the repository's main branch; replace this with an immutable
reference by pinning to a specific commit SHA or a release/tag URL (e.g., the
raw URL for a specific commit or tag) so the tokenlist cannot change silently;
update the tokenlist entry in settings.yaml to use that pinned URL and, if
possible, add a comment noting the commit SHA or tag used for traceability.
| - https://tokens.coingecko.com/polygon-pos/all.json | ||
| - https://tokens.coingecko.com/arbitrum-one/all.json | ||
| - https://tokens.coingecko.com/base/all.json | ||
| - https://raw.githubusercontent.com/albionlabs/tokenlist/main/albion.tokenlist.json |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Fetch the Albion Labs tokenlist and inspect its structure and token entries.
URL="https://raw.githubusercontent.com/albionlabs/tokenlist/main/albion.tokenlist.json"
echo "=== HTTP Status ==="
HTTP_STATUS=$(curl -o /tmp/albion_tokenlist.json -w "%{http_code}" -s "$URL")
echo "Status: $HTTP_STATUS"
if [ "$HTTP_STATUS" -ne 200 ]; then
echo "ERROR: URL returned non-200 status."
exit 1
fi
echo ""
echo "=== Top-level keys ==="
jq 'keys' /tmp/albion_tokenlist.json
echo ""
echo "=== List name and version ==="
jq '{name: .name, version: .version}' /tmp/albion_tokenlist.json
echo ""
echo "=== Token count ==="
jq '.tokens | length' /tmp/albion_tokenlist.json
echo ""
echo "=== Tokens on Base (chainId 8453) ==="
jq '[.tokens[] | select(.chainId == 8453) | {symbol, address, name}]' /tmp/albion_tokenlist.json
echo ""
echo "=== Check for PR-mentioned addresses ==="
jq '[.tokens[] | select(.address | ascii_downcase | startswith("0xf836a500") or startswith("0x1d57246f"))]' /tmp/albion_tokenlist.jsonRepository: rainlanguage/rain.strategies
Length of output: 2340
Supply-chain risk: URL references a mutable main branch, not a pinned commit.
The tokenlist URL points to the main branch of albionlabs/tokenlist. Any future commit to that branch — including accidental or malicious token additions — will be silently ingested without a PR review here. The existing three CoinGecko URLs have the same property, but those are large, well-established registries with their own governance. This is a brand-new, unknown third-party repository with no equivalent trust signal.
Recommended: either pin to an immutable commit SHA or use a tagged release URL, e.g.:
Example fix
- - https://raw.githubusercontent.com/albionlabs/tokenlist/main/albion.tokenlist.json
+ - https://raw.githubusercontent.com/albionlabs/tokenlist/<COMMIT_SHA>/albion.tokenlist.json🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@settings.yaml` at line 62, The settings.yaml contains a mutable URL reference
to
"https://raw.githubusercontent.com/albionlabs/tokenlist/main/albion.tokenlist.json"
which tracks the repository's main branch; replace this with an immutable
reference by pinning to a specific commit SHA or a release/tag URL (e.g., the
raw URL for a specific commit or tag) so the tokenlist cannot change silently;
update the tokenlist entry in settings.yaml to use that pinned URL and, if
possible, add a comment noting the commit SHA or tag used for traceability.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds Albion Labs tokenlist to settings.yaml for R1/R2 royalty token discovery on Base.
Tokens Added
0xf836a500...0x1d57246f...Tokenlist
Why
Enables Raindex users to discover and trade Albion royalty tokens (tokenized UK oil field royalties) through the registry deployment workflow.
Summary by CodeRabbit