> For the complete documentation index, see [llms.txt](https://docs.propellerheads.xyz/tycho/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.propellerheads.xyz/tycho/for-dexs/protocol-integration/contributing-guidelines.md).

# Contributing guidelines

## Local Development

### Changing Rust Code

Please make sure that the following commands pass if you have changed the code:

```sh
cargo check --all
cargo test --all --all-features
cargo +nightly fmt -- --check
cargo +nightly clippy --workspace --all-features --all-targets -- -D warnings
```

We are using the stable toolchain for building and testing, but the nightly toolchain for formatting and linting, as it allows us to use the latest features of `rustfmt` and `clippy`.

If you are working in VSCode, we recommend you install the [rust-analyzer](https://rust-analyzer.github.io/) extension, and use the following VSCode user settings:

```json
"editor.formatOnSave": true,
"rust-analyzer.rustfmt.extraArgs": ["+nightly"],
"rust-analyzer.check.overrideCommand": [
"cargo",
"+nightly",
"clippy",
"--workspace",
"--all-features",
"--all-targets",
"--message-format=json"
],
"[rust]": {
"editor.defaultFormatter": "rust-lang.rust-analyzer"
}
```

### Changing Solidity code

#### Setup <a href="#setup" id="setup"></a>

Install foudryup and foundry

```bash
curl -L https://foundry.paradigm.xyz | bash
foundryup
```

#### Executors <a href="#running-tests" id="running-tests"></a>

For security purposes, new Executors must have:

* No ERC20 token transfers
* No `delegatecall`s
* Only perform native ETH transfers if this behaviour is safely reflected in `getTransferData` or `getCallbackTransferData`
* **Selector allowlist for caller-controlled calldata**: If `swap()` forwards caller-supplied calldata to an external contract, validate the first 4 bytes against an explicit allowlist of permitted function selectors before making the call. Without this check, an attacker can supply a selector for an arbitrary function on the settlement contract — for example, one that withdraws the router's balance to an attacker-controlled address.

#### Running tests <a href="#running-tests" id="running-tests"></a>

Run from `crates/tycho-execution/contracts/`:

```bash
export ETH_RPC_URL=<url>
forge test
```

#### Code formatting <a href="#code-formatting" id="code-formatting"></a>

Run from `crates/tycho-execution/contracts/`:

```bash
forge fmt
```

#### Assembly

Please **minimize** use of assembly for security reasons.

#### Contract Analysis

We use [Slither](https://github.com/crytic/slither) to detect any potential vulnerabilities in our contracts.

To run locally, simply install Slither in your conda env and run it inside the contracts directory.

```bash
conda create --name tycho-execution python=3.10
conda activate tycho-execution

pip install slither-analyzer
cd crates/tycho-execution/contracts
slither .
```

## Creating a Pull Request

We use [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/) as our convention for formatting commit messages and PR titles.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.propellerheads.xyz/tycho/for-dexs/protocol-integration/contributing-guidelines.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.