uups-checker 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (670) hide show
  1. package/.gitmodules +6 -0
  2. package/AIFI_AUDIT.md +220 -0
  3. package/ALL_AUDITS_SUMMARY.md +366 -0
  4. package/ALPHA_PROXY_CRITICAL_FINDING.md +136 -0
  5. package/ALPHA_PROXY_FINAL_ANALYSIS.md +213 -0
  6. package/ALPHA_PROXY_FINAL_VERDICT.md +233 -0
  7. package/ALPHA_PROXY_SELFDESTRUCT_EXPLOIT.md +161 -0
  8. package/ARIA-foundry-test.txt +9 -0
  9. package/ARIA-mythril-analysis.txt +20 -0
  10. package/ARIA-slither-analysis.txt +38 -0
  11. package/ARIA_AI_SECURITY_AUDIT.md +290 -0
  12. package/ARIA_VERIFIED_AUDIT.md +259 -0
  13. package/ARIA_VERIFIED_slither.txt +76 -0
  14. package/ARIVA_source.txt +1 -0
  15. package/ARK_AUDIT.md +349 -0
  16. package/BANANA_AUDIT.md +365 -0
  17. package/BAS_AUDIT.md +451 -0
  18. package/BAS_TOKEN_AUDIT.md +235 -0
  19. package/BCE_EXPLOIT_ANALYSIS.md +165 -0
  20. package/BEEFY_BNB_CHAIN_ANALYSIS.md +488 -0
  21. package/BEEFY_MONAD_ANALYSIS.md +239 -0
  22. package/BEEFY_STAKING_ANALYSIS.md +136 -0
  23. package/BEEFY_XVS_WBNB_ACTUAL_FINDINGS.md +223 -0
  24. package/BEEFY_XVS_WBNB_CRITICAL_FINDINGS.md +269 -0
  25. package/BLOCKSEC_ATTACK_KNOWLEDGE_BASE.md +771 -0
  26. package/BRISE_ANALYSIS.txt +31 -0
  27. package/BRISE_BSC_DAPPS.txt +68 -0
  28. package/BRISE_EXPLOITS_FOUND.md +98 -0
  29. package/BRISE_REAL_EXPLOITS.md +115 -0
  30. package/BRISE_WHITEHAT_REPORT.md +162 -0
  31. package/BRISEstake_Analysis.txt +95 -0
  32. package/BSCSLOCKTOKEN_CRITICAL_FINDING.md +240 -0
  33. package/BSW_BISWAP_SECURITY_AUDIT.md +330 -0
  34. package/BTCST_FINAL_VERDICT.md +319 -0
  35. package/BTCST_MINING_REBASE_ANALYSIS.md +229 -0
  36. package/BTCST_ROUNDING_DEEP_DIVE.md +293 -0
  37. package/BTCST_ROUNDING_FINAL_VERDICT.md +9 -0
  38. package/BTCST_SECURITY_ANALYSIS.md +391 -0
  39. package/BTR_AUDIT.md +210 -0
  40. package/BeamBridge-analysis.md +226 -0
  41. package/BeamToken-analysis.md +201 -0
  42. package/BitgertSwap_Investigation.txt +107 -0
  43. package/CEEK_STAKING_ANALYSIS.md +0 -0
  44. package/CHAINBASE_AUDIT.md +422 -0
  45. package/COMPLETE_AUDIT_SUMMARY.md +342 -0
  46. package/CORRECTED_ANALYSIS.txt +115 -0
  47. package/DBXEN_COMPARISON_SUMMARY.md +232 -0
  48. package/DBXEN_EXPLOIT_ANALYSIS.md +530 -0
  49. package/DOPFairLaunch_raw.json +29 -0
  50. package/DOPFairLaunch_source.txt +0 -0
  51. package/DOP_BRIDGE_FINAL_ANALYSIS.txt +86 -0
  52. package/DOP_BUSD_LP_ANALYSIS.txt +44 -0
  53. package/DOP_FAIRLAUNCH_ANALYSIS.txt +61 -0
  54. package/DOP_FAIRLAUNCH_FINAL_VERDICT.txt +113 -0
  55. package/DOP_STAKING_CONTRACT_ANALYSIS.txt +67 -0
  56. package/DSYNC_ECOSYSTEM_ANALYSIS.md +221 -0
  57. package/DSyncStaking-exploit-analysis.md +153 -0
  58. package/DSyncVault-analysis.md +120 -0
  59. package/DUSD_PROXY_AUDIT.md +407 -0
  60. package/DXSALE_LOCK_AUDIT.md +0 -0
  61. package/DXSaleLock_bytecode.txt +1 -0
  62. package/ECHIDNA_QUICK_START.md +101 -0
  63. package/ELEPHANT_ECOSYSTEM_AUDIT_PLAN.md +159 -0
  64. package/ELEPHANT_ECOSYSTEM_COMPREHENSIVE_AUDIT.md +427 -0
  65. package/ELEPHANT_SECURITY_ANALYSIS.md +209 -0
  66. package/ELEPHANT_VULNERABILITIES_EXPLAINED.md +455 -0
  67. package/EXPLOIT_FIX.md +300 -0
  68. package/EXPLOIT_INSTRUCTIONS.md +273 -0
  69. package/EXPLOIT_SUMMARY.md +285 -0
  70. package/EXPLOIT_SUMMARY.txt +175 -0
  71. package/FALCON_FINANCE_AUDIT.md +258 -0
  72. package/FANDOM_AUDIT.md +359 -0
  73. package/FEE_ON_TRANSFER_ANALYSIS.md +228 -0
  74. package/FINAL_AUDIT_REPORT.md +0 -0
  75. package/FOLIO_PROXY_AUDIT.md +299 -0
  76. package/FOT_EXPLOIT_RESULTS.txt +110 -0
  77. package/FOT_TOKENS_AUDITED.md +103 -0
  78. package/HEGIC-mythril-analysis.txt +39 -0
  79. package/HEGIC_COMPLETE_ANALYSIS.md +343 -0
  80. package/HOTCROSS_SWAP_EXPLOIT_ANALYSIS.md +123 -0
  81. package/ICECREAMSWAP_EXPLOITS.md +259 -0
  82. package/IMMUNEFI_REPORT.md +314 -0
  83. package/KCCPAD_EXPLOIT_GUIDE.md +285 -0
  84. package/KEL_CEL_EXPLOIT_ANALYSIS.md +0 -0
  85. package/KOGE_AUDIT.md +328 -0
  86. package/LENDFLARE_ANALYSIS.md +239 -0
  87. package/LENDFLARE_ECHIDNA_GUIDE.md +356 -0
  88. package/LENDFLARE_EXPLOIT_INSTRUCTIONS.md +297 -0
  89. package/LENDFLARE_EXPLOIT_SUMMARY.md +292 -0
  90. package/LENDFLARE_FLASHLOAN_GUIDE.md +383 -0
  91. package/LENDFLARE_FUZZING_RESULTS.md +252 -0
  92. package/LENDFLARE_HONEYPOT_BYPASS_ANALYSIS.md +420 -0
  93. package/LENDFLARE_MANUAL_FUZZING.md +324 -0
  94. package/LENDFLARE_MYTHRIL_ANALYSIS.md +339 -0
  95. package/LENDFLARE_V3_BYPASS.md +296 -0
  96. package/LFTDECOMPILE.txt +14478 -0
  97. package/LFT_ACCOUNTING_ANALYSIS.md +0 -0
  98. package/LFT_ACCOUNTING_BUG_ANALYSIS.md +426 -0
  99. package/LFT_BACKDOOR_DEEP_DIVE.md +0 -0
  100. package/LFT_CRITICAL_EXPLOIT_CONFIRMED.md +428 -0
  101. package/LFT_EXPLOIT_VISUAL.md +253 -0
  102. package/LFT_QUICK_SUMMARY.md +124 -0
  103. package/LFT_REVERSE_EXPLOIT_ANALYSIS.md +521 -0
  104. package/MGO_AUDIT_REPORT.md +420 -0
  105. package/MYTHRIL_FINAL_REPORT.md +306 -0
  106. package/MYTHRIL_SLITHER_SUMMARY.md +244 -0
  107. package/NETX_MIGRATION_AUDIT.md +0 -0
  108. package/NPM_PUBLISH_GUIDE.md +0 -0
  109. package/NRV_CRITICAL_EXPLOIT.txt +143 -0
  110. package/NetX_Analysis.txt +76 -0
  111. package/NetX_Migration_bytecode.txt +1 -0
  112. package/NetX_Migration_source.txt +0 -0
  113. package/NetX_Token_source.txt +0 -0
  114. package/NetxWhitehatRescue +22 -0
  115. package/OILER_ATTACK_VISUAL.md +351 -0
  116. package/OILER_BLOCKSEC_TEST_RESULTS.md +421 -0
  117. package/OILER_DEEP_ANALYSIS.md +212 -0
  118. package/OILER_FINAL_EXPLOIT_REPORT.md +241 -0
  119. package/OILER_FINAL_VERDICT.md +339 -0
  120. package/OILER_REENTRANCY_EXPLAINED.md +638 -0
  121. package/OILER_REENTRANCY_FINAL_SUMMARY.md +391 -0
  122. package/OILER_REENTRANCY_REALITY_CHECK.md +393 -0
  123. package/OILER_REENTRANCY_STEP_BY_STEP.md +597 -0
  124. package/OILER_STAKING_MAINNET_ANALYSIS.md +366 -0
  125. package/OILER_STAKING_SECURITY_ANALYSIS.md +409 -0
  126. package/PANCAKESWAP_UNDERFLOW_HUNTING.md +317 -0
  127. package/POLS_MULTICHAIN_AUDIT.md +0 -0
  128. package/POSI_STAKING_AUDIT.md +0 -0
  129. package/PROXY2_SECURITY_ANALYSIS.md +0 -0
  130. package/Proxy2TACS +29748 -0
  131. package/QUICK_START.md +240 -0
  132. package/RAMP_SECURITY_ANALYSIS.md +0 -0
  133. package/README.md +238 -0
  134. package/REAUDIT_MASTER_LIST.txt +15 -0
  135. package/RING_analysis.txt +212 -0
  136. package/RPC +4 -0
  137. package/RULES.txt +20 -0
  138. package/SIREN_AUDIT.md +186 -0
  139. package/SYNC_EXPLOIT_README.md +0 -0
  140. package/SYNC_TOKEN_EXPLOIT_REPORT.md +224 -0
  141. package/TLM_raw.html +0 -0
  142. package/TLM_raw.txt +0 -0
  143. package/TLM_response.json +1 -0
  144. package/TRADOOR_AUDIT.md +253 -0
  145. package/TRUNK_AUDIT.md +285 -0
  146. package/UNIBASE_AUDIT.md +241 -0
  147. package/UNLOCK_ANALYSIS.md +0 -0
  148. package/UNLOCK_EXPLOIT.md +49 -0
  149. package/UNLOCK_EXPLOIT_ANALYSIS.md +0 -0
  150. package/UPS +232 -0
  151. package/UUPSCHECKER +208 -0
  152. package/VAULT_PROXY_AUDIT.md +457 -0
  153. package/VAULT_PROXY_FINAL_VERDICT.md +0 -0
  154. package/VERIFIED_EXPLOITS_FINAL.txt +146 -0
  155. package/WKEYDAO2_AUDIT.md +245 -0
  156. package/WSG_AUDIT.md +0 -0
  157. package/XFI_DEEP_ANALYSIS.md +327 -0
  158. package/YOOSHI_EXPLOIT_GUIDE.md +119 -0
  159. package/YSDAO_EXPLOIT_GUIDE.md +0 -0
  160. package/agent-4-bundle.md +22490 -0
  161. package/alpha-proxy-echidna.txt +1 -0
  162. package/alpha-proxy-fuzz-results.txt +81 -0
  163. package/alpha-proxy-mythril.txt +2 -0
  164. package/analyze-btcst-farm.js +54 -0
  165. package/analyze-dxsale-lock.js +75 -0
  166. package/analyze-elephant.js +69 -0
  167. package/analyze-fara-rewards.js +109 -0
  168. package/analyze-fara-storage.js +83 -0
  169. package/analyze-lft-transaction.js +158 -0
  170. package/analyze-lock-bytecode.js +59 -0
  171. package/analyze-shegic.js +0 -0
  172. package/analyze-staking-abi.js +0 -0
  173. package/analyze-sxp.js +57 -0
  174. package/analyze-tlm.js +76 -0
  175. package/analyze-trumpet.js +98 -0
  176. package/analyze-unlimited-nft.js +108 -0
  177. package/analyze_elephant.sh +27 -0
  178. package/analyze_vault.sh +32 -0
  179. package/aria-bytecode.txt +1 -0
  180. package/aria_response.json +1 -0
  181. package/ark_temp/README.md +66 -0
  182. package/ark_temp/lib/forge-std/.gitattributes +1 -0
  183. package/ark_temp/lib/forge-std/.github/CODEOWNERS +1 -0
  184. package/ark_temp/lib/forge-std/.github/dependabot.yml +6 -0
  185. package/ark_temp/lib/forge-std/.github/workflows/ci.yml +125 -0
  186. package/ark_temp/lib/forge-std/.github/workflows/sync.yml +36 -0
  187. package/ark_temp/lib/forge-std/CONTRIBUTING.md +193 -0
  188. package/ark_temp/lib/forge-std/LICENSE-APACHE +203 -0
  189. package/ark_temp/lib/forge-std/LICENSE-MIT +25 -0
  190. package/ark_temp/lib/forge-std/README.md +314 -0
  191. package/ark_temp/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  192. package/ark_temp/lib/forge-std/package.json +16 -0
  193. package/ark_temp/lib/forge-std/scripts/vm.py +636 -0
  194. package/audits/AiFi-security-audit-20260326.md +499 -0
  195. package/audits/BasedAI-Brains-security-audit-20260324.md +651 -0
  196. package/audits/BinanceAlphaWallet-pashov-ai-audit-report-20260324-170000.md +362 -0
  197. package/audits/DGToken-security-audit-20260324.md +376 -0
  198. package/audits/DSyncStaking-audit-part1.md +161 -0
  199. package/audits/DSyncStaking-security-audit-20260324.md +547 -0
  200. package/audits/DecompiledERC20-security-audit-20260325.md +397 -0
  201. package/audits/DegenVC-security-audit-20260324.md +585 -0
  202. package/audits/DelreyInu-security-audit-20260324.md +463 -0
  203. package/audits/DestraNetwork-security-audit-20260324.md +705 -0
  204. package/audits/DomiToken-security-audit-20260324.md +514 -0
  205. package/audits/LendFlareToken-security-audit-20260325.md +197 -0
  206. package/audits/LockReleaseTokenPool-security-audit-20260324.md +482 -0
  207. package/audits/MOG-pashov-ai-audit-report-20260324-164900.md +229 -0
  208. package/audits/PAALAI-security-audit-20260324.md +475 -0
  209. package/audits/PAR-security-audit-20260325.md +311 -0
  210. package/audits/PepeCoinStaking-security-audit-20260324.md +358 -0
  211. package/audits/StakingPool-security-audit-20260324.md +517 -0
  212. package/audits/SyncToken-security-audit-20260324.md +778 -0
  213. package/audits/UndeadToken-decompiled-security-audit-20260324.md +485 -0
  214. package/audits/UnknownToken-decompiled-security-audit-20260324.md +647 -0
  215. package/audits/XFIStaking-security-audit-20260324.md +682 -0
  216. package/audits/Xfinance-security-audit-20260324.md +463 -0
  217. package/audits/basedAIFarm-security-audit-20260324.md +330 -0
  218. package/audits/pepeCoin-security-audit-20260324.md +462 -0
  219. package/bin/ups +232 -0
  220. package/binance-wallet-exploit/.env.example +2 -0
  221. package/binance-wallet-exploit/EXECUTIVE_SUMMARY.md +272 -0
  222. package/binance-wallet-exploit/EXPLOIT_SUMMARY.md +104 -0
  223. package/binance-wallet-exploit/FINAL_ANALYSIS.md +326 -0
  224. package/binance-wallet-exploit/FLASHLOAN_ATTACK.md +292 -0
  225. package/binance-wallet-exploit/HONEYPOT_REPORT.md +526 -0
  226. package/binance-wallet-exploit/INVESTIGATION_COMPLETE.md +362 -0
  227. package/binance-wallet-exploit/LENDFLARE_EXPLOIT.md +219 -0
  228. package/binance-wallet-exploit/LENDFLARE_FINAL_ATTACK.md +307 -0
  229. package/binance-wallet-exploit/LENDFLARE_REAL_EXPLOIT.md +286 -0
  230. package/binance-wallet-exploit/LENDFLARE_RUGPULL.md +269 -0
  231. package/binance-wallet-exploit/LFT_ANALYSIS.md +206 -0
  232. package/binance-wallet-exploit/QUICK_START.md +75 -0
  233. package/binance-wallet-exploit/README.md +195 -0
  234. package/binance-wallet-exploit/REAL_TX_EXPLOIT_ANALYSIS.md +271 -0
  235. package/binance-wallet-exploit/REMIX_INSTRUCTIONS.md +223 -0
  236. package/binance-wallet-exploit/TEST_RESULTS.md +203 -0
  237. package/binance-wallet-exploit/cache/solidity-files-cache.json +1 -0
  238. package/binance-wallet-exploit/cache/test-failures +1 -0
  239. package/binance-wallet-exploit/lib/forge-std/.gitattributes +1 -0
  240. package/binance-wallet-exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  241. package/binance-wallet-exploit/lib/forge-std/.github/dependabot.yml +6 -0
  242. package/binance-wallet-exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  243. package/binance-wallet-exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  244. package/binance-wallet-exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  245. package/binance-wallet-exploit/lib/forge-std/LICENSE-APACHE +203 -0
  246. package/binance-wallet-exploit/lib/forge-std/LICENSE-MIT +25 -0
  247. package/binance-wallet-exploit/lib/forge-std/README.md +314 -0
  248. package/binance-wallet-exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  249. package/binance-wallet-exploit/lib/forge-std/package.json +16 -0
  250. package/binance-wallet-exploit/lib/forge-std/scripts/vm.py +636 -0
  251. package/binance-wallet-exploit/out/build-info/1e9aa7e86cf56962.json +1 -0
  252. package/binance-wallet-exploit/out/build-info/6f56f10e9d7b56eb.json +1 -0
  253. package/binance-wallet-exploit/out/build-info/7edba961ff697a24.json +1 -0
  254. package/binance-wallet-exploit/out/build-info/8c27fe3efea2f2e7.json +1 -0
  255. package/binance-wallet-exploit/out/build-info/978b680daffec63a.json +1 -0
  256. package/binance-wallet-exploit/out/build-info/9806b900b5672d0c.json +1 -0
  257. package/binance-wallet-exploit/out/build-info/b4b9ff36e9b3fc27.json +1 -0
  258. package/binance-wallet-exploit/out/build-info/b6f4df9ae05c0812.json +1 -0
  259. package/binance-wallet-exploit/out/build-info/c88dbc86551f7b5c.json +1 -0
  260. package/binance-wallet-exploit/out/build-info/e9657504010623db.json +1 -0
  261. package/cache/fuzz/failures/ARIAVerifiedFuzzTest/testFuzz_ApprovalRaceCondition +1 -0
  262. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_DirectTransferExploit +1 -0
  263. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_LargeSwapDrain +1 -0
  264. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_ApprovalExploit +1 -0
  265. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_BalanceManipulation +1 -0
  266. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_RateManipulation +1 -0
  267. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_StorageManipulation +1 -0
  268. package/cache/fuzz/failures/PARFuzzTest/testFuzz_OverflowTransfer +1 -0
  269. package/cache/fuzz/failures/PARFuzzTest/testFuzz_Transfer +1 -0
  270. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_FrontrunAddfunds +1 -0
  271. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RewardOverflow +1 -0
  272. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RoundingExploit +1 -0
  273. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_WithdrawLimit +1 -0
  274. package/cache/solidity-files-cache.json +1 -0
  275. package/cache/test-failures +1 -0
  276. package/calculate-elephant-flashloan.js +195 -0
  277. package/check-address-approval.js +112 -0
  278. package/check-alpha-proxy.js +42 -0
  279. package/check-arbitrage.js +155 -0
  280. package/check-aria-token.js +47 -0
  281. package/check-ark.sh +20 -0
  282. package/check-btcst-mining.js +75 -0
  283. package/check-btcst-pools.js +163 -0
  284. package/check-btcst.js +88 -0
  285. package/check-caller.js +26 -0
  286. package/check-ceek-lp.js +73 -0
  287. package/check-ceek.js +47 -0
  288. package/check-dxsale-address.js +35 -0
  289. package/check-fara-exploit-timing.js +56 -0
  290. package/check-fara-real-exploit.js +73 -0
  291. package/check-flashloan-limits.js +129 -0
  292. package/check-kel-cel-pool.js +91 -0
  293. package/check-lax-staking.js +41 -0
  294. package/check-lendflare.js +165 -0
  295. package/check-lft-accounting.js +109 -0
  296. package/check-lft-roles.js +165 -0
  297. package/check-lock-time.js +47 -0
  298. package/check-min-stake.js +73 -0
  299. package/check-mystery-contract.js +52 -0
  300. package/check-next-token.js +50 -0
  301. package/check-nora-lock.js +67 -0
  302. package/check-oiler-approvals.js +116 -0
  303. package/check-oiler-proxy.js +73 -0
  304. package/check-oiler-staking.js +117 -0
  305. package/check-proxy-simple.js +71 -0
  306. package/check-recent-stakes.js +54 -0
  307. package/check-shegic-holdings.js +67 -0
  308. package/check-snowcrash-ecosystem.js +83 -0
  309. package/check-sync-lp.js +97 -0
  310. package/check-sync-stake.js +42 -0
  311. package/check-tlm.js +37 -0
  312. package/check-token-pools.js +146 -0
  313. package/check-trunk-depeg.js +181 -0
  314. package/check-tusd-decimals.js +58 -0
  315. package/check-user-storage-deep.js +81 -0
  316. package/check-welephant-pools.js +130 -0
  317. package/check-xfi-pool.js +75 -0
  318. package/check-zypher.js +32 -0
  319. package/check_proxy.sh +36 -0
  320. package/compare-tlm-chains.js +90 -0
  321. package/contract_0x05f2.html +6025 -0
  322. package/contract_0x3720.html +6361 -0
  323. package/contract_0x928e.html +5606 -0
  324. package/contract_0xc42d.html +5304 -0
  325. package/contract_page.html +5789 -0
  326. package/decode-stake-tx.js +50 -0
  327. package/deep-analyze-lock.js +82 -0
  328. package/dune_uups_proxy_query.sql +42 -0
  329. package/dune_uups_vulnerable_query.sql +0 -0
  330. package/echidna/alpha-proxy.yaml +14 -0
  331. package/echidna/elephant.yaml +7 -0
  332. package/echidna/lendflare.yaml +42 -0
  333. package/echidna.config.yaml +12 -0
  334. package/elephant_raw.json +1 -0
  335. package/eps_raw.json +1 -0
  336. package/exploit/.github/workflows/test.yml +38 -0
  337. package/exploit/.gitmodules +3 -0
  338. package/exploit/README.md +66 -0
  339. package/exploit/foundry.lock +8 -0
  340. package/exploit/lib/forge-std/.gitattributes +1 -0
  341. package/exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  342. package/exploit/lib/forge-std/.github/dependabot.yml +6 -0
  343. package/exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  344. package/exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  345. package/exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  346. package/exploit/lib/forge-std/LICENSE-APACHE +203 -0
  347. package/exploit/lib/forge-std/LICENSE-MIT +25 -0
  348. package/exploit/lib/forge-std/README.md +314 -0
  349. package/exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  350. package/exploit/lib/forge-std/package.json +16 -0
  351. package/exploit/lib/forge-std/scripts/vm.py +636 -0
  352. package/exploit_analysis.txt +51 -0
  353. package/extract_contract.py +21 -0
  354. package/extract_elephant_contracts.py +24 -0
  355. package/fara-staking-bytecode.txt +1 -0
  356. package/fara-staking-raw.txt +1 -0
  357. package/fetch-aria.js +46 -0
  358. package/fetch-contract.js +50 -0
  359. package/fetch-shegic-source.js +86 -0
  360. package/fetch-snowcrash.js +44 -0
  361. package/fetch-staking-source.js +53 -0
  362. package/fetch-tlm.js +60 -0
  363. package/fetch_elephant_source.py +32 -0
  364. package/find-ceek-staking.js +21 -0
  365. package/find-exploit-tx.js +88 -0
  366. package/find-oiler-holders.js +100 -0
  367. package/find-tlm-holder.js +36 -0
  368. package/find-vulnerable-fund.js +94 -0
  369. package/foundry.lock +8 -0
  370. package/fuzz-all.sh +53 -0
  371. package/get-aria-contract.py +40 -0
  372. package/get-lft-holders.js +89 -0
  373. package/get-tlm-source.sh +8 -0
  374. package/harvest_txs.json +1 -0
  375. package/lft-bytecode-raw.txt +1 -0
  376. package/lft-bytecode.json +1 -0
  377. package/lft-impl.bin +1 -0
  378. package/lft-implementation-bytecode.txt +1 -0
  379. package/lib/forge-std/.gitattributes +1 -0
  380. package/lib/forge-std/.github/CODEOWNERS +1 -0
  381. package/lib/forge-std/.github/dependabot.yml +6 -0
  382. package/lib/forge-std/.github/workflows/ci.yml +125 -0
  383. package/lib/forge-std/.github/workflows/sync.yml +36 -0
  384. package/lib/forge-std/CONTRIBUTING.md +193 -0
  385. package/lib/forge-std/LICENSE-APACHE +203 -0
  386. package/lib/forge-std/LICENSE-MIT +25 -0
  387. package/lib/forge-std/README.md +314 -0
  388. package/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  389. package/lib/forge-std/package.json +16 -0
  390. package/lib/forge-std/scripts/vm.py +636 -0
  391. package/lib/openzeppelin-contracts/.changeset/config.json +12 -0
  392. package/lib/openzeppelin-contracts/.codecov.yml +12 -0
  393. package/lib/openzeppelin-contracts/.editorconfig +21 -0
  394. package/lib/openzeppelin-contracts/.eslintrc +20 -0
  395. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
  396. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/config.yml +4 -0
  397. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/feature_request.md +14 -0
  398. package/lib/openzeppelin-contracts/.github/PULL_REQUEST_TEMPLATE.md +20 -0
  399. package/lib/openzeppelin-contracts/.github/actions/gas-compare/action.yml +49 -0
  400. package/lib/openzeppelin-contracts/.github/actions/setup/action.yml +21 -0
  401. package/lib/openzeppelin-contracts/.github/actions/storage-layout/action.yml +55 -0
  402. package/lib/openzeppelin-contracts/.github/workflows/actionlint.yml +18 -0
  403. package/lib/openzeppelin-contracts/.github/workflows/changeset.yml +28 -0
  404. package/lib/openzeppelin-contracts/.github/workflows/checks.yml +118 -0
  405. package/lib/openzeppelin-contracts/.github/workflows/docs.yml +19 -0
  406. package/lib/openzeppelin-contracts/.github/workflows/formal-verification.yml +68 -0
  407. package/lib/openzeppelin-contracts/.github/workflows/release-cycle.yml +214 -0
  408. package/lib/openzeppelin-contracts/.github/workflows/upgradeable.yml +34 -0
  409. package/lib/openzeppelin-contracts/.gitmodules +7 -0
  410. package/lib/openzeppelin-contracts/.mocharc.js +4 -0
  411. package/lib/openzeppelin-contracts/.prettierrc +15 -0
  412. package/lib/openzeppelin-contracts/.solcover.js +13 -0
  413. package/lib/openzeppelin-contracts/CHANGELOG.md +972 -0
  414. package/lib/openzeppelin-contracts/CODE_OF_CONDUCT.md +73 -0
  415. package/lib/openzeppelin-contracts/CONTRIBUTING.md +36 -0
  416. package/lib/openzeppelin-contracts/GUIDELINES.md +148 -0
  417. package/lib/openzeppelin-contracts/LICENSE +22 -0
  418. package/lib/openzeppelin-contracts/README.md +107 -0
  419. package/lib/openzeppelin-contracts/RELEASING.md +45 -0
  420. package/lib/openzeppelin-contracts/SECURITY.md +42 -0
  421. package/lib/openzeppelin-contracts/audits/2017-03.md +292 -0
  422. package/lib/openzeppelin-contracts/audits/2018-10.pdf +0 -0
  423. package/lib/openzeppelin-contracts/audits/2022-10-Checkpoints.pdf +0 -0
  424. package/lib/openzeppelin-contracts/audits/2022-10-ERC4626.pdf +0 -0
  425. package/lib/openzeppelin-contracts/audits/2023-05-v4.9.pdf +0 -0
  426. package/lib/openzeppelin-contracts/audits/2023-10-v5.0.pdf +0 -0
  427. package/lib/openzeppelin-contracts/audits/README.md +17 -0
  428. package/lib/openzeppelin-contracts/certora/Makefile +54 -0
  429. package/lib/openzeppelin-contracts/certora/README.md +60 -0
  430. package/lib/openzeppelin-contracts/certora/diff/access_manager_AccessManager.sol.patch +97 -0
  431. package/lib/openzeppelin-contracts/certora/reports/2021-10.pdf +0 -0
  432. package/lib/openzeppelin-contracts/certora/reports/2022-03.pdf +0 -0
  433. package/lib/openzeppelin-contracts/certora/reports/2022-05.pdf +0 -0
  434. package/lib/openzeppelin-contracts/certora/run.js +160 -0
  435. package/lib/openzeppelin-contracts/certora/specs/AccessControl.spec +119 -0
  436. package/lib/openzeppelin-contracts/certora/specs/AccessControlDefaultAdminRules.spec +464 -0
  437. package/lib/openzeppelin-contracts/certora/specs/DoubleEndedQueue.spec +300 -0
  438. package/lib/openzeppelin-contracts/certora/specs/ERC20.spec +352 -0
  439. package/lib/openzeppelin-contracts/certora/specs/ERC20FlashMint.spec +55 -0
  440. package/lib/openzeppelin-contracts/certora/specs/ERC20Wrapper.spec +198 -0
  441. package/lib/openzeppelin-contracts/certora/specs/ERC721.spec +679 -0
  442. package/lib/openzeppelin-contracts/certora/specs/EnumerableMap.spec +333 -0
  443. package/lib/openzeppelin-contracts/certora/specs/EnumerableSet.spec +246 -0
  444. package/lib/openzeppelin-contracts/certora/specs/Initializable.spec +165 -0
  445. package/lib/openzeppelin-contracts/certora/specs/Ownable.spec +77 -0
  446. package/lib/openzeppelin-contracts/certora/specs/Ownable2Step.spec +108 -0
  447. package/lib/openzeppelin-contracts/certora/specs/Pausable.spec +96 -0
  448. package/lib/openzeppelin-contracts/certora/specs/TimelockController.spec +274 -0
  449. package/lib/openzeppelin-contracts/certora/specs/helpers/helpers.spec +7 -0
  450. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControl.spec +8 -0
  451. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControlDefaultAdminRules.spec +36 -0
  452. package/lib/openzeppelin-contracts/certora/specs/methods/IERC20.spec +11 -0
  453. package/lib/openzeppelin-contracts/certora/specs/methods/IERC2612.spec +5 -0
  454. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashBorrower.spec +3 -0
  455. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashLender.spec +5 -0
  456. package/lib/openzeppelin-contracts/certora/specs/methods/IERC5313.spec +3 -0
  457. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721.spec +17 -0
  458. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721Receiver.spec +3 -0
  459. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable.spec +5 -0
  460. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable2Step.spec +7 -0
  461. package/lib/openzeppelin-contracts/certora/specs.json +86 -0
  462. package/lib/openzeppelin-contracts/contracts/access/README.adoc +43 -0
  463. package/lib/openzeppelin-contracts/contracts/finance/README.adoc +14 -0
  464. package/lib/openzeppelin-contracts/contracts/governance/README.adoc +167 -0
  465. package/lib/openzeppelin-contracts/contracts/interfaces/README.adoc +82 -0
  466. package/lib/openzeppelin-contracts/contracts/metatx/README.adoc +12 -0
  467. package/lib/openzeppelin-contracts/contracts/package.json +32 -0
  468. package/lib/openzeppelin-contracts/contracts/proxy/README.adoc +87 -0
  469. package/lib/openzeppelin-contracts/contracts/token/ERC1155/README.adoc +41 -0
  470. package/lib/openzeppelin-contracts/contracts/token/ERC20/README.adoc +67 -0
  471. package/lib/openzeppelin-contracts/contracts/token/ERC721/README.adoc +67 -0
  472. package/lib/openzeppelin-contracts/contracts/token/common/README.adoc +10 -0
  473. package/lib/openzeppelin-contracts/contracts/utils/README.adoc +88 -0
  474. package/lib/openzeppelin-contracts/contracts/vendor/compound/LICENSE +11 -0
  475. package/lib/openzeppelin-contracts/docs/README.md +16 -0
  476. package/lib/openzeppelin-contracts/docs/antora.yml +7 -0
  477. package/lib/openzeppelin-contracts/docs/config.js +21 -0
  478. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3a.png +0 -0
  479. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3b.png +0 -0
  480. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-6.png +0 -0
  481. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack.png +0 -0
  482. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-deposit.png +0 -0
  483. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-mint.png +0 -0
  484. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-linear.png +0 -0
  485. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglog.png +0 -0
  486. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglogext.png +0 -0
  487. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-exec.png +0 -0
  488. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-vote.png +0 -0
  489. package/lib/openzeppelin-contracts/docs/modules/ROOT/nav.adoc +23 -0
  490. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/access-control.adoc +204 -0
  491. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/backwards-compatibility.adoc +48 -0
  492. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/crowdsales.adoc +11 -0
  493. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/drafts.adoc +19 -0
  494. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc1155.adoc +145 -0
  495. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20-supply.adoc +71 -0
  496. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20.adoc +77 -0
  497. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc4626.adoc +214 -0
  498. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc721.adoc +79 -0
  499. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/extending-contracts.adoc +77 -0
  500. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/faq.adoc +13 -0
  501. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/governance.adoc +240 -0
  502. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/index.adoc +79 -0
  503. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/tokens.adoc +31 -0
  504. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/upgradeable.adoc +77 -0
  505. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/utilities.adoc +185 -0
  506. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/wizard.adoc +15 -0
  507. package/lib/openzeppelin-contracts/docs/templates/contract.hbs +111 -0
  508. package/lib/openzeppelin-contracts/docs/templates/helpers.js +46 -0
  509. package/lib/openzeppelin-contracts/docs/templates/page.hbs +4 -0
  510. package/lib/openzeppelin-contracts/docs/templates/properties.js +64 -0
  511. package/lib/openzeppelin-contracts/hardhat/env-artifacts.js +24 -0
  512. package/lib/openzeppelin-contracts/hardhat/env-contract.js +25 -0
  513. package/lib/openzeppelin-contracts/hardhat/ignore-unreachable-warnings.js +45 -0
  514. package/lib/openzeppelin-contracts/hardhat/skip-foundry-tests.js +6 -0
  515. package/lib/openzeppelin-contracts/hardhat/task-test-get-files.js +25 -0
  516. package/lib/openzeppelin-contracts/hardhat.config.js +131 -0
  517. package/lib/openzeppelin-contracts/lib/erc4626-tests/LICENSE +661 -0
  518. package/lib/openzeppelin-contracts/lib/erc4626-tests/README.md +116 -0
  519. package/lib/openzeppelin-contracts/lib/forge-std/.github/workflows/ci.yml +92 -0
  520. package/lib/openzeppelin-contracts/lib/forge-std/.gitmodules +3 -0
  521. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-APACHE +203 -0
  522. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-MIT +25 -0
  523. package/lib/openzeppelin-contracts/lib/forge-std/README.md +250 -0
  524. package/lib/openzeppelin-contracts/lib/forge-std/package.json +16 -0
  525. package/lib/openzeppelin-contracts/logo.svg +15 -0
  526. package/lib/openzeppelin-contracts/netlify.toml +3 -0
  527. package/lib/openzeppelin-contracts/package-lock.json +16544 -0
  528. package/lib/openzeppelin-contracts/package.json +96 -0
  529. package/lib/openzeppelin-contracts/remappings.txt +1 -0
  530. package/lib/openzeppelin-contracts/renovate.json +4 -0
  531. package/lib/openzeppelin-contracts/requirements.txt +1 -0
  532. package/lib/openzeppelin-contracts/scripts/checks/compare-layout.js +20 -0
  533. package/lib/openzeppelin-contracts/scripts/checks/compareGasReports.js +243 -0
  534. package/lib/openzeppelin-contracts/scripts/checks/extract-layout.js +38 -0
  535. package/lib/openzeppelin-contracts/scripts/checks/generation.sh +6 -0
  536. package/lib/openzeppelin-contracts/scripts/checks/inheritance-ordering.js +54 -0
  537. package/lib/openzeppelin-contracts/scripts/gen-nav.js +41 -0
  538. package/lib/openzeppelin-contracts/scripts/generate/format-lines.js +16 -0
  539. package/lib/openzeppelin-contracts/scripts/generate/run.js +49 -0
  540. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.js +247 -0
  541. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.opts.js +17 -0
  542. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.t.js +146 -0
  543. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableMap.js +283 -0
  544. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableSet.js +250 -0
  545. package/lib/openzeppelin-contracts/scripts/generate/templates/SafeCast.js +126 -0
  546. package/lib/openzeppelin-contracts/scripts/generate/templates/StorageSlot.js +78 -0
  547. package/lib/openzeppelin-contracts/scripts/generate/templates/conversion.js +30 -0
  548. package/lib/openzeppelin-contracts/scripts/git-user-config.sh +6 -0
  549. package/lib/openzeppelin-contracts/scripts/helpers.js +37 -0
  550. package/lib/openzeppelin-contracts/scripts/prepack.sh +23 -0
  551. package/lib/openzeppelin-contracts/scripts/prepare-docs.sh +26 -0
  552. package/lib/openzeppelin-contracts/scripts/release/format-changelog.js +33 -0
  553. package/lib/openzeppelin-contracts/scripts/release/synchronize-versions.js +15 -0
  554. package/lib/openzeppelin-contracts/scripts/release/update-comment.js +34 -0
  555. package/lib/openzeppelin-contracts/scripts/release/version.sh +11 -0
  556. package/lib/openzeppelin-contracts/scripts/release/workflow/exit-prerelease.sh +8 -0
  557. package/lib/openzeppelin-contracts/scripts/release/workflow/github-release.js +48 -0
  558. package/lib/openzeppelin-contracts/scripts/release/workflow/integrity-check.sh +20 -0
  559. package/lib/openzeppelin-contracts/scripts/release/workflow/pack.sh +26 -0
  560. package/lib/openzeppelin-contracts/scripts/release/workflow/publish.sh +26 -0
  561. package/lib/openzeppelin-contracts/scripts/release/workflow/rerun.js +7 -0
  562. package/lib/openzeppelin-contracts/scripts/release/workflow/set-changesets-pr-title.js +17 -0
  563. package/lib/openzeppelin-contracts/scripts/release/workflow/start.sh +35 -0
  564. package/lib/openzeppelin-contracts/scripts/release/workflow/state.js +112 -0
  565. package/lib/openzeppelin-contracts/scripts/remove-ignored-artifacts.js +45 -0
  566. package/lib/openzeppelin-contracts/scripts/solhint-custom/index.js +84 -0
  567. package/lib/openzeppelin-contracts/scripts/solhint-custom/package.json +5 -0
  568. package/lib/openzeppelin-contracts/scripts/update-docs-branch.js +65 -0
  569. package/lib/openzeppelin-contracts/scripts/upgradeable/README.md +21 -0
  570. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-apply.sh +19 -0
  571. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-save.sh +18 -0
  572. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile-onto.sh +54 -0
  573. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile.sh +47 -0
  574. package/lib/openzeppelin-contracts/scripts/upgradeable/upgradeable.patch +360 -0
  575. package/lib/openzeppelin-contracts/slither.config.json +5 -0
  576. package/lib/openzeppelin-contracts/solhint.config.js +20 -0
  577. package/mythril-lft-output.txt +1 -0
  578. package/mythril-lft-symbolic.txt +18 -0
  579. package/mythril-lft.sh +20 -0
  580. package/mythril-symbolic-output.txt +1 -0
  581. package/mythril-symbolic.sh +42 -0
  582. package/out/build-info/0026b78428192979.json +1 -0
  583. package/out/build-info/03c4fc3b88486eba.json +1 -0
  584. package/out/build-info/0540afa9b9a5c5a6.json +1 -0
  585. package/out/build-info/081932f505bc08b9.json +1 -0
  586. package/out/build-info/0da104ba0d6642d5.json +1 -0
  587. package/out/build-info/197281971dbb5f23.json +1 -0
  588. package/out/build-info/197e7e332832a232.json +1 -0
  589. package/out/build-info/1a1cab9136eb5f94.json +1 -0
  590. package/out/build-info/1b320204eb162aa2.json +1 -0
  591. package/out/build-info/1e03f94398052674.json +1 -0
  592. package/out/build-info/22ac085949602937.json +1 -0
  593. package/out/build-info/234ef37453a9fa64.json +1 -0
  594. package/out/build-info/2447db7b1878fa8e.json +1 -0
  595. package/out/build-info/25568daeb484f5ff.json +1 -0
  596. package/out/build-info/27465853244c49ce.json +1 -0
  597. package/out/build-info/2c57a9e0f087453b.json +1 -0
  598. package/out/build-info/3c62ae7de8da68c4.json +1 -0
  599. package/out/build-info/3e771ae109e97bb3.json +1 -0
  600. package/out/build-info/460499bc0a3465c4.json +1 -0
  601. package/out/build-info/47ce37e50a4f115e.json +1 -0
  602. package/out/build-info/4fcce5c63cf427d6.json +1 -0
  603. package/out/build-info/4fd0a53fe63fddbb.json +1 -0
  604. package/out/build-info/50f1247db9d769cc.json +1 -0
  605. package/out/build-info/5317d0181a7a5e02.json +1 -0
  606. package/out/build-info/594df509275ceb5b.json +1 -0
  607. package/out/build-info/61983ac3f6141719.json +1 -0
  608. package/out/build-info/638c4548307122fe.json +1 -0
  609. package/out/build-info/67c2c43bdb7c0ded.json +1 -0
  610. package/out/build-info/777f42643aad37b7.json +1 -0
  611. package/out/build-info/7d7856f19e845354.json +1 -0
  612. package/out/build-info/83976260b6f71e94.json +1 -0
  613. package/out/build-info/83c23882000b963d.json +1 -0
  614. package/out/build-info/84b2cce8f70b36be.json +1 -0
  615. package/out/build-info/8bc13d31d7c3206a.json +1 -0
  616. package/out/build-info/8e183bd4d9d8cf88.json +1 -0
  617. package/out/build-info/94bfe1e7cafa8ff5.json +1 -0
  618. package/out/build-info/99ec7d5e8d8ff360.json +1 -0
  619. package/out/build-info/9ac044b29daa7d5e.json +1 -0
  620. package/out/build-info/9b203227ff5d2e63.json +1 -0
  621. package/out/build-info/9d18c5872c4282dd.json +1 -0
  622. package/out/build-info/9f77f04f33baf9a3.json +1 -0
  623. package/out/build-info/a6e1caf974787982.json +1 -0
  624. package/out/build-info/a94b6348867a62d6.json +1 -0
  625. package/out/build-info/ad93721947a8b195.json +1 -0
  626. package/out/build-info/b42daddb5aa4b19f.json +1 -0
  627. package/out/build-info/bf13512ae899f7e8.json +1 -0
  628. package/out/build-info/c39f86c20a548c4a.json +1 -0
  629. package/out/build-info/cb12bb975a2f4e65.json +1 -0
  630. package/out/build-info/d0c6788fadc2aa60.json +1 -0
  631. package/out/build-info/d2726bf94ed5b845.json +1 -0
  632. package/out/build-info/d4eb00da50cce5cb.json +1 -0
  633. package/out/build-info/db931924a3bc8bdd.json +1 -0
  634. package/out/build-info/e1a503d49bc77401.json +1 -0
  635. package/out/build-info/efe5396f8892ce77.json +1 -0
  636. package/out/build-info/f536d90ced745969.json +1 -0
  637. package/out/build-info/fed38823c7019b82.json +1 -0
  638. package/package.json +51 -0
  639. package/page.html +5384 -0
  640. package/pancakeswap-simple-tvl.sql +15 -0
  641. package/pancakeswap-top-pools.sql +29 -0
  642. package/pancakeswap-tvl-optimized.sql +57 -0
  643. package/pancakeswap-tvl-query.sql +60 -0
  644. package/pancakeswap-underflow-hunting.sql +51 -0
  645. package/pancakeswap-vulnerability-queries.sql +200 -0
  646. package/posi_page.html +6369 -0
  647. package/posi_response.json +29 -0
  648. package/proxy_page.html +500 -0
  649. package/run_mythril_elephant.sh +18 -0
  650. package/sHEGIC-bytecode.bin +6 -0
  651. package/sHEGIC-mythril-analysis.txt +1 -0
  652. package/sHEGIC-mythril-full.txt +134 -0
  653. package/sHEGIC_ANALYSIS.md +135 -0
  654. package/sHEGIC_EXPLOIT_ANALYSIS.md +317 -0
  655. package/sHEGIC_MYTHRIL_ANALYSIS.md +361 -0
  656. package/scrape-snowcrash.js +28 -0
  657. package/scripts/yooshi_drain.sh +154 -0
  658. package/shi_raw.json +1 -0
  659. package/temp.json +1 -0
  660. package/temp_harvest.json +1 -0
  661. package/temp_pika.json +1 -0
  662. package/temp_posi.json +1 -0
  663. package/temp_response.json +1 -0
  664. package/test-lft-hidden-balance.js +108 -0
  665. package/test-xfi-exploit.js +140 -0
  666. package/trunk-liquidity-rescue.js +164 -0
  667. package/vBABY_page.html +6153 -0
  668. package/vBABY_response.json +29 -0
  669. package/wsg_response.json +1 -0
  670. package/yooldo_page.html +10371 -0
package/decode-stake-tx.js ADDED
@@ -0,0 +1,50 @@
1
+ const { ethers } = require('ethers');
2
+
3
+ const RPC = 'https://bsc-mainnet.infura.io/v3/db4d2c885bc946b691dbb3d5ef26d9e2';
4
+ const TX_HASH = '0x91ef5d88224e7a9d622ffeb8d598c3b0b77d9bd2eaf8ecd1e45df3ce24b88b0e';
5
+
6
+ async function main() {
7
+ const provider = new ethers.providers.JsonRpcProvider(RPC);
8
+
9
+ console.log('=== Decoding Recent Stake Transaction ===');
10
+ console.log('TX:', TX_HASH);
11
+
12
+ const tx = await provider.getTransaction(TX_HASH);
13
+ console.log('\nFrom:', tx.from);
14
+ console.log('To:', tx.to);
15
+ console.log('Value:', tx.value.toString());
16
+ console.log('Data:', tx.data);
17
+ console.log('Data length:', tx.data.length);
18
+
19
+ // Decode function selector
20
+ const selector = tx.data.slice(0, 10);
21
+ console.log('\nFunction selector:', selector);
22
+
23
+ // Try to decode parameters
24
+ if (tx.data.length > 10) {
25
+ const params = tx.data.slice(10);
26
+ console.log('Parameters (hex):', params);
27
+
28
+ // Try to decode as (uint256, uint256, uint8, address)
29
+ try {
30
+ const decoded = ethers.utils.defaultAbiCoder.decode(
31
+ ['uint256', 'uint256', 'uint8'],
32
+ '0x' + params
33
+ );
34
+ console.log('\nDecoded as (uint256, uint256, uint8):');
35
+ console.log('Param 1 (amount):', decoded[0].toString(), '=', ethers.utils.formatEther(decoded[0]), 'tokens');
36
+ console.log('Param 2 (amount2):', decoded[1].toString(), '=', ethers.utils.formatEther(decoded[1]), 'tokens');
37
+ console.log('Param 3 (type):', decoded[2]);
38
+ } catch (e) {
39
+ console.log('Failed to decode:', e.message);
40
+ }
41
+ }
42
+
43
+ // Get receipt to see events
44
+ const receipt = await provider.getTransactionReceipt(TX_HASH);
45
+ console.log('\nStatus:', receipt.status === 1 ? 'SUCCESS' : 'FAILED');
46
+ console.log('Gas used:', receipt.gasUsed.toString());
47
+ console.log('Events:', receipt.logs.length);
48
+ }
49
+
50
+ main().catch(console.error);
package/deep-analyze-lock.js ADDED
@@ -0,0 +1,82 @@
1
+ const ethers = require('ethers');
2
+
3
+ const provider = new ethers.providers.JsonRpcProvider('https://bsc-dataseed.binance.org/');
4
+
5
+ async function deepAnalyze() {
6
+ const lockAddress = '0x7536592bb74b5d62eb82e8b93b17eed4eed9a85c';
7
+ const noraToken = '0x1f39dd2bf5a27e2d4ed691dcf933077371777cb0';
8
+
9
+ // Function selector 0x315a095d is withdrawTokens(uint256)
10
+ const lockContract = new ethers.Contract(lockAddress, [
11
+ 'function withdrawTokens(uint256) external',
12
+ 'function depositedTokens(address) view returns (uint256)',
13
+ 'function tokensLocked(address) view returns (uint256)',
14
+ 'function tokenLocks(address,uint256) view returns (uint256,uint256,uint256,uint256,uint256,address,bool)',
15
+ 'function getDepositsByWithdrawalAddress(address) view returns (uint256[])',
16
+ 'function getDepositsByTokenAddress(address) view returns (uint256[])',
17
+ 'function owner() view returns (address)'
18
+ ], provider);
19
+
20
+ console.log('=== NORA LOCK CONTRACT ANALYSIS ===\n');
21
+
22
+ try {
23
+ const owner = await lockContract.owner();
24
+ console.log('Owner:', owner);
25
+ } catch (e) {
26
+ console.log('Owner check failed');
27
+ }
28
+
29
+ try {
30
+ const deposited = await lockContract.depositedTokens(noraToken);
31
+ console.log('Deposited NORA tokens:', ethers.utils.formatEther(deposited));
32
+ } catch (e) {
33
+ console.log('No depositedTokens() function');
34
+ }
35
+
36
+ try {
37
+ const locked = await lockContract.tokensLocked(noraToken);
38
+ console.log('Locked NORA tokens:', ethers.utils.formatEther(locked));
39
+ } catch (e) {
40
+ console.log('No tokensLocked() function');
41
+ }
42
+
43
+ // Try to get deposits for NORA token
44
+ try {
45
+ const deposits = await lockContract.getDepositsByTokenAddress(noraToken);
46
+ console.log('\nDeposit IDs for NORA:', deposits.map(d => d.toString()));
47
+
48
+ // Check first few deposits
49
+ for (let i = 0; i < Math.min(3, deposits.length); i++) {
50
+ try {
51
+ const lock = await lockContract.tokenLocks(noraToken, deposits[i]);
52
+ console.log(`\nDeposit ${deposits[i]}:`);
53
+ console.log(' Amount:', ethers.utils.formatEther(lock[0]));
54
+ console.log(' Unlock time:', new Date(lock[1].toNumber() * 1000).toISOString());
55
+ console.log(' Withdrawn:', lock[6]);
56
+ } catch (e) {
57
+ console.log(` Error reading deposit ${deposits[i]}`);
58
+ }
59
+ }
60
+ } catch (e) {
61
+ console.log('\nNo getDepositsByTokenAddress() function:', e.message);
62
+ }
63
+
64
+ // Check some test users
65
+ const testUsers = [
66
+ '0xcBB8A4d526D0c664E26D0c664E',
67
+ '0x4e84E92C6221b638599504a89E7B664eA86386A0' // owner
68
+ ];
69
+
70
+ for (const user of testUsers) {
71
+ try {
72
+ const userDeposits = await lockContract.getDepositsByWithdrawalAddress(user);
73
+ if (userDeposits.length > 0) {
74
+ console.log(`\nUser ${user} has ${userDeposits.length} deposits:`, userDeposits.map(d => d.toString()));
75
+ }
76
+ } catch (e) {
77
+ // Silent fail
78
+ }
79
+ }
80
+ }
81
+
82
+ deepAnalyze().catch(console.error);
package/dune_uups_proxy_query.sql ADDED
@@ -0,0 +1,42 @@
1
+ -- Dune Query: UUPS Proxy Scanner for BSC (Aggressive v3)
2
+ -- Finds UUPS proxies sorted by balance
3
+ -- Date range: 2020-2026, No creation filter, All-time balance
4
+
5
+ WITH uups_candidates AS (
6
+ SELECT DISTINCT
7
+ t."to" AS contract_address
8
+ FROM bnb.traces t
9
+ WHERE 1=1
10
+ -- upgradeTo: 0x3659cfe6, upgradeToAndCall: 0x4f1ef286
11
+ AND (
12
+ bytearray_substring(t.input, 1, 4) = 0x3659cfe6
13
+ OR bytearray_substring(t.input, 1, 4) = 0x4f1ef286
14
+ )
15
+ AND t.success = true
16
+ AND t.block_time >= CAST('2020-01-01' AS TIMESTAMP)
17
+ AND t.block_time < CAST('2026-12-31' AS TIMESTAMP)
18
+ AND t.type = 'call'
19
+ AND t."to" IS NOT NULL
20
+ LIMIT 2000
21
+ ),
22
+
23
+ -- Get current BNB balance from ALL traces (no time limit)
24
+ contract_balances AS (
25
+ SELECT
26
+ t."to" AS contract_address,
27
+ SUM(CAST(t.value AS DOUBLE)) / 1e18 AS total_received
28
+ FROM bnb.traces t
29
+ WHERE t."to" IN (SELECT contract_address FROM uups_candidates)
30
+ AND t.success = true
31
+ AND t.value > 0
32
+ AND t.block_time >= CAST('2020-01-01' AS TIMESTAMP)
33
+ GROUP BY t."to"
34
+ )
35
+
36
+ SELECT
37
+ CONCAT('<a href="https://bscscan.com/address/', CAST(cb.contract_address AS VARCHAR), '" target="_blank">', CAST(cb.contract_address AS VARCHAR), '</a>') AS contract_link,
38
+ ROUND(cb.total_received, 4) AS bnb_received
39
+ FROM contract_balances cb
40
+ WHERE cb.total_received > 0
41
+ ORDER BY cb.total_received DESC
42
+ LIMIT 300;
package/dune_uups_vulnerable_query.sql ADDED
File without changes
package/echidna/alpha-proxy.yaml ADDED
@@ -0,0 +1,14 @@
1
+ testMode: assertion
2
+ testLimit: 100000
3
+ timeout: 600
4
+ shrinkLimit: 5000
5
+ seqLen: 100
6
+ contractAddr: "0x00a329c0648769A73afAc7F9381E08FB43dBEA72"
7
+ deployer: "0x00a329c0648769a73afac7f9381e08fb43dbea70"
8
+ sender: ["0x10000", "0x20000", "0x30000", "0xb8AF5A48Fefa0e696B54839A2a74EceB6d8abB51"]
9
+ balanceAddr: 0xffffffff
10
+ balanceContract: 100000000000000000000
11
+ codeSize: 0x6000
12
+ corpusDir: "echidna-corpus"
13
+ coverage: true
14
+ allContracts: true
package/echidna/elephant.yaml ADDED
@@ -0,0 +1,7 @@
1
+ testMode: assertion
2
+ testLimit: 50000
3
+ deployer: "0x30000"
4
+ sender: ["0x10000", "0x20000", "0x30000"]
5
+ cryticArgs: ["--solc-remaps", "@openzeppelin=node_modules/@openzeppelin"]
6
+ rpcUrl: "https://bsc-dataseed.binance.org/"
7
+ rpcBlock: latest
package/echidna/lendflare.yaml ADDED
@@ -0,0 +1,42 @@
1
+ # Echidna configuration for LendFlare Token fuzzing
2
+ # Run with: echidna echidna/LendFlareTokenEchidna.sol --contract LendFlareTokenEchidna --config echidna/lendflare.yaml
3
+
4
+ # Test configuration
5
+ testMode: assertion
6
+ testLimit: 50000
7
+ timeout: 300
8
+
9
+ # Coverage
10
+ coverage: true
11
+ corpusDir: "echidna-corpus"
12
+
13
+ # Shrinking
14
+ shrinkLimit: 5000
15
+
16
+ # Transaction sequence
17
+ seqLen: 100
18
+ contractAddr: "0x00a329c0648769a73afac7f9381e08fb43dbea72"
19
+
20
+ # Solver
21
+ solver: z3
22
+
23
+ # Output
24
+ format: text
25
+ quiet: false
26
+
27
+ # Specific to LendFlare testing
28
+ cryticArgs: ["--solc-remaps", "@openzeppelin=node_modules/@openzeppelin"]
29
+
30
+ # Filter functions to test
31
+ filterBlacklist: false
32
+ filterFunctions: []
33
+
34
+ # Deployment
35
+ deployer: "0x10000"
36
+ sender: ["0x10000", "0x20000", "0x30000"]
37
+
38
+ # Multi-abi support
39
+ multi-abi: false
40
+
41
+ # Optimization
42
+ optimize: true
package/echidna.config.yaml ADDED
@@ -0,0 +1,12 @@
1
+ testMode: property
2
+ testLimit: 50000
3
+ shrinkLimit: 5000
4
+ seqLen: 100
5
+ contractAddr: "0x00a329c0648769A73afAc7F9381E08FB43dBEA72"
6
+ deployer: "0x10000"
7
+ sender: ["0x10000", "0x20000", "0x30000"]
8
+ psender: "0x10000"
9
+ prefix: "echidna_"
10
+ cryticArgs: ["--solc-remaps", "@openzeppelin=lib/openzeppelin-contracts"]
11
+ corpusDir: "echidna-corpus"
12
+ coverage: true
package/elephant_raw.json ADDED
@@ -0,0 +1 @@
1
+ {"status":"0","message":"NOTOK","result":"You are using a deprecated V1 endpoint, switch to Etherscan API V2 using https://docs.etherscan.io/v2-migration"}
package/eps_raw.json ADDED
@@ -0,0 +1 @@
1
+ {"status":"0","message":"NOTOK","result":"You are using a deprecated V1 endpoint, switch to Etherscan API V2 using https://docs.etherscan.io/v2-migration"}
package/exploit/.github/workflows/test.yml ADDED
@@ -0,0 +1,38 @@
1
+ name: CI
2
+
3
+ permissions: {}
4
+
5
+ on:
6
+ push:
7
+ pull_request:
8
+ workflow_dispatch:
9
+
10
+ env:
11
+ FOUNDRY_PROFILE: ci
12
+
13
+ jobs:
14
+ check:
15
+ name: Foundry project
16
+ runs-on: ubuntu-latest
17
+ permissions:
18
+ contents: read
19
+ steps:
20
+ - uses: actions/checkout@v5
21
+ with:
22
+ persist-credentials: false
23
+ submodules: recursive
24
+
25
+ - name: Install Foundry
26
+ uses: foundry-rs/foundry-toolchain@v1
27
+
28
+ - name: Show Forge version
29
+ run: forge --version
30
+
31
+ - name: Run Forge fmt
32
+ run: forge fmt --check
33
+
34
+ - name: Run Forge build
35
+ run: forge build --sizes
36
+
37
+ - name: Run Forge tests
38
+ run: forge test -vvv
package/exploit/.gitmodules ADDED
@@ -0,0 +1,3 @@
1
+ [submodule "lib/forge-std"]
2
+ path = lib/forge-std
3
+ url = https://github.com/foundry-rs/forge-std
package/exploit/README.md ADDED
@@ -0,0 +1,66 @@
1
+ ## Foundry
2
+
3
+ **Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.**
4
+
5
+ Foundry consists of:
6
+
7
+ - **Forge**: Ethereum testing framework (like Truffle, Hardhat and DappTools).
8
+ - **Cast**: Swiss army knife for interacting with EVM smart contracts, sending transactions and getting chain data.
9
+ - **Anvil**: Local Ethereum node, akin to Ganache, Hardhat Network.
10
+ - **Chisel**: Fast, utilitarian, and verbose solidity REPL.
11
+
12
+ ## Documentation
13
+
14
+ https://book.getfoundry.sh/
15
+
16
+ ## Usage
17
+
18
+ ### Build
19
+
20
+ ```shell
21
+ $ forge build
22
+ ```
23
+
24
+ ### Test
25
+
26
+ ```shell
27
+ $ forge test
28
+ ```
29
+
30
+ ### Format
31
+
32
+ ```shell
33
+ $ forge fmt
34
+ ```
35
+
36
+ ### Gas Snapshots
37
+
38
+ ```shell
39
+ $ forge snapshot
40
+ ```
41
+
42
+ ### Anvil
43
+
44
+ ```shell
45
+ $ anvil
46
+ ```
47
+
48
+ ### Deploy
49
+
50
+ ```shell
51
+ $ forge script script/Counter.s.sol:CounterScript --rpc-url <your_rpc_url> --private-key <your_private_key>
52
+ ```
53
+
54
+ ### Cast
55
+
56
+ ```shell
57
+ $ cast <subcommand>
58
+ ```
59
+
60
+ ### Help
61
+
62
+ ```shell
63
+ $ forge --help
64
+ $ anvil --help
65
+ $ cast --help
66
+ ```
package/exploit/foundry.lock ADDED
@@ -0,0 +1,8 @@
1
+ {
2
+ "lib/forge-std": {
3
+ "tag": {
4
+ "name": "v1.15.0",
5
+ "rev": "0844d7e1fc5e60d77b68e469bff60265f236c398"
6
+ }
7
+ }
8
+ }
package/exploit/lib/forge-std/.gitattributes ADDED
@@ -0,0 +1 @@
1
+ src/Vm.sol linguist-generated
package/exploit/lib/forge-std/.github/CODEOWNERS ADDED
@@ -0,0 +1 @@
1
+ * @danipopes @klkvr @mattsse @grandizzy @yash-atreya @zerosnacks @onbjerg @0xrusowsky
package/exploit/lib/forge-std/.github/dependabot.yml ADDED
@@ -0,0 +1,6 @@
1
+ version: 2
2
+ updates:
3
+ - package-ecosystem: "github-actions"
4
+ directory: "/"
5
+ schedule:
6
+ interval: "weekly"
package/exploit/lib/forge-std/.github/workflows/ci.yml ADDED
@@ -0,0 +1,125 @@
1
+ name: CI
2
+
3
+ permissions: {}
4
+
5
+ on:
6
+ workflow_dispatch:
7
+ pull_request:
8
+ push:
9
+ branches:
10
+ - master
11
+
12
+ jobs:
13
+ build:
14
+ name: build +${{ matrix.toolchain }} ${{ matrix.flags }}
15
+ runs-on: ubuntu-latest
16
+ timeout-minutes: 10
17
+ permissions:
18
+ contents: read
19
+ strategy:
20
+ fail-fast: false
21
+ matrix:
22
+ toolchain: [stable, nightly]
23
+ flags:
24
+ - ""
25
+ - --via-ir
26
+ - --use solc:0.8.33 --via-ir
27
+ - --use solc:0.8.33
28
+ - --use solc:0.8.13 --via-ir
29
+ - --use solc:0.8.13
30
+ steps:
31
+ - uses: actions/checkout@v6
32
+ with:
33
+ persist-credentials: false
34
+ - uses: foundry-rs/foundry-toolchain@v1
35
+ with:
36
+ version: ${{ matrix.toolchain }}
37
+ - run: forge --version
38
+ - run: forge build -vvvvv --skip test --deny warnings ${{ matrix.flags }} --contracts 'test/compilation/*'
39
+
40
+ test:
41
+ runs-on: ubuntu-latest
42
+ timeout-minutes: 10
43
+ permissions:
44
+ contents: read
45
+ strategy:
46
+ fail-fast: false
47
+ matrix:
48
+ toolchain: [stable, nightly]
49
+ steps:
50
+ - uses: actions/checkout@v6
51
+ with:
52
+ persist-credentials: false
53
+ - uses: foundry-rs/foundry-toolchain@v1
54
+ with:
55
+ version: ${{ matrix.toolchain }}
56
+ - run: forge --version
57
+ - run: forge test -vvv
58
+
59
+ fmt:
60
+ runs-on: ubuntu-latest
61
+ timeout-minutes: 10
62
+ permissions:
63
+ contents: read
64
+ steps:
65
+ - uses: actions/checkout@v6
66
+ with:
67
+ persist-credentials: false
68
+ - uses: foundry-rs/foundry-toolchain@v1
69
+ - run: forge --version
70
+ - run: forge fmt --check
71
+
72
+ typos:
73
+ runs-on: ubuntu-latest
74
+ timeout-minutes: 10
75
+ permissions:
76
+ contents: read
77
+ steps:
78
+ - uses: actions/checkout@v6
79
+ with:
80
+ persist-credentials: false
81
+ - uses: crate-ci/typos@78bc6fb2c0d734235d57a2d6b9de923cc325ebdd # v1
82
+
83
+ codeql:
84
+ name: Analyze (${{ matrix.language }})
85
+ runs-on: ubuntu-latest
86
+ permissions:
87
+ security-events: write
88
+ actions: read
89
+ contents: read
90
+ strategy:
91
+ fail-fast: false
92
+ matrix:
93
+ include:
94
+ - language: actions
95
+ build-mode: none
96
+ steps:
97
+ - name: Checkout repository
98
+ uses: actions/checkout@v6
99
+ with:
100
+ persist-credentials: false
101
+ - name: Initialize CodeQL
102
+ uses: github/codeql-action/init@v4
103
+ with:
104
+ languages: ${{ matrix.language }}
105
+ build-mode: ${{ matrix.build-mode }}
106
+ - name: Perform CodeQL Analysis
107
+ uses: github/codeql-action/analyze@v4
108
+ with:
109
+ category: "/language:${{matrix.language}}"
110
+
111
+ ci-success:
112
+ runs-on: ubuntu-latest
113
+ if: always()
114
+ needs:
115
+ - build
116
+ - test
117
+ - fmt
118
+ - typos
119
+ - codeql
120
+ timeout-minutes: 10
121
+ steps:
122
+ - name: Decide whether the needed jobs succeeded or failed
123
+ uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # release/v1
124
+ with:
125
+ jobs: ${{ toJSON(needs) }}
package/exploit/lib/forge-std/.github/workflows/sync.yml ADDED
@@ -0,0 +1,36 @@
1
+ name: Sync Release Branch
2
+
3
+ permissions: {}
4
+
5
+ on:
6
+ release:
7
+ types:
8
+ - created
9
+
10
+ jobs:
11
+ sync-release-branch:
12
+ runs-on: ubuntu-latest
13
+ permissions:
14
+ contents: write
15
+ if: startsWith(github.event.release.tag_name, 'v1')
16
+ steps:
17
+ - name: Check out the repo
18
+ uses: actions/checkout@v6
19
+ with:
20
+ persist-credentials: true
21
+ fetch-depth: 0
22
+ ref: v1
23
+
24
+ # The email is derived from the bots user id,
25
+ # found here: https://api.github.com/users/github-actions%5Bbot%5D
26
+ - name: Configure Git
27
+ run: |
28
+ git config user.name github-actions[bot]
29
+ git config user.email 41898282+github-actions[bot]@users.noreply.github.com
30
+
31
+ - name: Sync Release Branch
32
+ run: |
33
+ git fetch --tags
34
+ git checkout v1
35
+ git reset --hard ${GITHUB_REF}
36
+ git push --force