uups-checker 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.gitmodules +6 -0
- package/AIFI_AUDIT.md +220 -0
- package/ALL_AUDITS_SUMMARY.md +366 -0
- package/ALPHA_PROXY_CRITICAL_FINDING.md +136 -0
- package/ALPHA_PROXY_FINAL_ANALYSIS.md +213 -0
- package/ALPHA_PROXY_FINAL_VERDICT.md +233 -0
- package/ALPHA_PROXY_SELFDESTRUCT_EXPLOIT.md +161 -0
- package/ARIA-foundry-test.txt +9 -0
- package/ARIA-mythril-analysis.txt +20 -0
- package/ARIA-slither-analysis.txt +38 -0
- package/ARIA_AI_SECURITY_AUDIT.md +290 -0
- package/ARIA_VERIFIED_AUDIT.md +259 -0
- package/ARIA_VERIFIED_slither.txt +76 -0
- package/ARIVA_source.txt +1 -0
- package/ARK_AUDIT.md +349 -0
- package/BANANA_AUDIT.md +365 -0
- package/BAS_AUDIT.md +451 -0
- package/BAS_TOKEN_AUDIT.md +235 -0
- package/BCE_EXPLOIT_ANALYSIS.md +165 -0
- package/BEEFY_BNB_CHAIN_ANALYSIS.md +488 -0
- package/BEEFY_MONAD_ANALYSIS.md +239 -0
- package/BEEFY_STAKING_ANALYSIS.md +136 -0
- package/BEEFY_XVS_WBNB_ACTUAL_FINDINGS.md +223 -0
- package/BEEFY_XVS_WBNB_CRITICAL_FINDINGS.md +269 -0
- package/BLOCKSEC_ATTACK_KNOWLEDGE_BASE.md +771 -0
- package/BRISE_ANALYSIS.txt +31 -0
- package/BRISE_BSC_DAPPS.txt +68 -0
- package/BRISE_EXPLOITS_FOUND.md +98 -0
- package/BRISE_REAL_EXPLOITS.md +115 -0
- package/BRISE_WHITEHAT_REPORT.md +162 -0
- package/BRISEstake_Analysis.txt +95 -0
- package/BSCSLOCKTOKEN_CRITICAL_FINDING.md +240 -0
- package/BSW_BISWAP_SECURITY_AUDIT.md +330 -0
- package/BTCST_FINAL_VERDICT.md +319 -0
- package/BTCST_MINING_REBASE_ANALYSIS.md +229 -0
- package/BTCST_ROUNDING_DEEP_DIVE.md +293 -0
- package/BTCST_ROUNDING_FINAL_VERDICT.md +9 -0
- package/BTCST_SECURITY_ANALYSIS.md +391 -0
- package/BTR_AUDIT.md +210 -0
- package/BeamBridge-analysis.md +226 -0
- package/BeamToken-analysis.md +201 -0
- package/BitgertSwap_Investigation.txt +107 -0
- package/CEEK_STAKING_ANALYSIS.md +0 -0
- package/CHAINBASE_AUDIT.md +422 -0
- package/COMPLETE_AUDIT_SUMMARY.md +342 -0
- package/CORRECTED_ANALYSIS.txt +115 -0
- package/DBXEN_COMPARISON_SUMMARY.md +232 -0
- package/DBXEN_EXPLOIT_ANALYSIS.md +530 -0
- package/DOPFairLaunch_raw.json +29 -0
- package/DOPFairLaunch_source.txt +0 -0
- package/DOP_BRIDGE_FINAL_ANALYSIS.txt +86 -0
- package/DOP_BUSD_LP_ANALYSIS.txt +44 -0
- package/DOP_FAIRLAUNCH_ANALYSIS.txt +61 -0
- package/DOP_FAIRLAUNCH_FINAL_VERDICT.txt +113 -0
- package/DOP_STAKING_CONTRACT_ANALYSIS.txt +67 -0
- package/DSYNC_ECOSYSTEM_ANALYSIS.md +221 -0
- package/DSyncStaking-exploit-analysis.md +153 -0
- package/DSyncVault-analysis.md +120 -0
- package/DUSD_PROXY_AUDIT.md +407 -0
- package/DXSALE_LOCK_AUDIT.md +0 -0
- package/DXSaleLock_bytecode.txt +1 -0
- package/ECHIDNA_QUICK_START.md +101 -0
- package/ELEPHANT_ECOSYSTEM_AUDIT_PLAN.md +159 -0
- package/ELEPHANT_ECOSYSTEM_COMPREHENSIVE_AUDIT.md +427 -0
- package/ELEPHANT_SECURITY_ANALYSIS.md +209 -0
- package/ELEPHANT_VULNERABILITIES_EXPLAINED.md +455 -0
- package/EXPLOIT_FIX.md +300 -0
- package/EXPLOIT_INSTRUCTIONS.md +273 -0
- package/EXPLOIT_SUMMARY.md +285 -0
- package/EXPLOIT_SUMMARY.txt +175 -0
- package/FALCON_FINANCE_AUDIT.md +258 -0
- package/FANDOM_AUDIT.md +359 -0
- package/FEE_ON_TRANSFER_ANALYSIS.md +228 -0
- package/FINAL_AUDIT_REPORT.md +0 -0
- package/FOLIO_PROXY_AUDIT.md +299 -0
- package/FOT_EXPLOIT_RESULTS.txt +110 -0
- package/FOT_TOKENS_AUDITED.md +103 -0
- package/HEGIC-mythril-analysis.txt +39 -0
- package/HEGIC_COMPLETE_ANALYSIS.md +343 -0
- package/HOTCROSS_SWAP_EXPLOIT_ANALYSIS.md +123 -0
- package/ICECREAMSWAP_EXPLOITS.md +259 -0
- package/IMMUNEFI_REPORT.md +314 -0
- package/KCCPAD_EXPLOIT_GUIDE.md +285 -0
- package/KEL_CEL_EXPLOIT_ANALYSIS.md +0 -0
- package/KOGE_AUDIT.md +328 -0
- package/LENDFLARE_ANALYSIS.md +239 -0
- package/LENDFLARE_ECHIDNA_GUIDE.md +356 -0
- package/LENDFLARE_EXPLOIT_INSTRUCTIONS.md +297 -0
- package/LENDFLARE_EXPLOIT_SUMMARY.md +292 -0
- package/LENDFLARE_FLASHLOAN_GUIDE.md +383 -0
- package/LENDFLARE_FUZZING_RESULTS.md +252 -0
- package/LENDFLARE_HONEYPOT_BYPASS_ANALYSIS.md +420 -0
- package/LENDFLARE_MANUAL_FUZZING.md +324 -0
- package/LENDFLARE_MYTHRIL_ANALYSIS.md +339 -0
- package/LENDFLARE_V3_BYPASS.md +296 -0
- package/LFTDECOMPILE.txt +14478 -0
- package/LFT_ACCOUNTING_ANALYSIS.md +0 -0
- package/LFT_ACCOUNTING_BUG_ANALYSIS.md +426 -0
- package/LFT_BACKDOOR_DEEP_DIVE.md +0 -0
- package/LFT_CRITICAL_EXPLOIT_CONFIRMED.md +428 -0
- package/LFT_EXPLOIT_VISUAL.md +253 -0
- package/LFT_QUICK_SUMMARY.md +124 -0
- package/LFT_REVERSE_EXPLOIT_ANALYSIS.md +521 -0
- package/MGO_AUDIT_REPORT.md +420 -0
- package/MYTHRIL_FINAL_REPORT.md +306 -0
- package/MYTHRIL_SLITHER_SUMMARY.md +244 -0
- package/NETX_MIGRATION_AUDIT.md +0 -0
- package/NPM_PUBLISH_GUIDE.md +0 -0
- package/NRV_CRITICAL_EXPLOIT.txt +143 -0
- package/NetX_Analysis.txt +76 -0
- package/NetX_Migration_bytecode.txt +1 -0
- package/NetX_Migration_source.txt +0 -0
- package/NetX_Token_source.txt +0 -0
- package/NetxWhitehatRescue +22 -0
- package/OILER_ATTACK_VISUAL.md +351 -0
- package/OILER_BLOCKSEC_TEST_RESULTS.md +421 -0
- package/OILER_DEEP_ANALYSIS.md +212 -0
- package/OILER_FINAL_EXPLOIT_REPORT.md +241 -0
- package/OILER_FINAL_VERDICT.md +339 -0
- package/OILER_REENTRANCY_EXPLAINED.md +638 -0
- package/OILER_REENTRANCY_FINAL_SUMMARY.md +391 -0
- package/OILER_REENTRANCY_REALITY_CHECK.md +393 -0
- package/OILER_REENTRANCY_STEP_BY_STEP.md +597 -0
- package/OILER_STAKING_MAINNET_ANALYSIS.md +366 -0
- package/OILER_STAKING_SECURITY_ANALYSIS.md +409 -0
- package/PANCAKESWAP_UNDERFLOW_HUNTING.md +317 -0
- package/POLS_MULTICHAIN_AUDIT.md +0 -0
- package/POSI_STAKING_AUDIT.md +0 -0
- package/PROXY2_SECURITY_ANALYSIS.md +0 -0
- package/Proxy2TACS +29748 -0
- package/QUICK_START.md +240 -0
- package/RAMP_SECURITY_ANALYSIS.md +0 -0
- package/README.md +238 -0
- package/REAUDIT_MASTER_LIST.txt +15 -0
- package/RING_analysis.txt +212 -0
- package/RPC +4 -0
- package/RULES.txt +20 -0
- package/SIREN_AUDIT.md +186 -0
- package/SYNC_EXPLOIT_README.md +0 -0
- package/SYNC_TOKEN_EXPLOIT_REPORT.md +224 -0
- package/TLM_raw.html +0 -0
- package/TLM_raw.txt +0 -0
- package/TLM_response.json +1 -0
- package/TRADOOR_AUDIT.md +253 -0
- package/TRUNK_AUDIT.md +285 -0
- package/UNIBASE_AUDIT.md +241 -0
- package/UNLOCK_ANALYSIS.md +0 -0
- package/UNLOCK_EXPLOIT.md +49 -0
- package/UNLOCK_EXPLOIT_ANALYSIS.md +0 -0
- package/UPS +232 -0
- package/UUPSCHECKER +208 -0
- package/VAULT_PROXY_AUDIT.md +457 -0
- package/VAULT_PROXY_FINAL_VERDICT.md +0 -0
- package/VERIFIED_EXPLOITS_FINAL.txt +146 -0
- package/WKEYDAO2_AUDIT.md +245 -0
- package/WSG_AUDIT.md +0 -0
- package/XFI_DEEP_ANALYSIS.md +327 -0
- package/YOOSHI_EXPLOIT_GUIDE.md +119 -0
- package/YSDAO_EXPLOIT_GUIDE.md +0 -0
- package/agent-4-bundle.md +22490 -0
- package/alpha-proxy-echidna.txt +1 -0
- package/alpha-proxy-fuzz-results.txt +81 -0
- package/alpha-proxy-mythril.txt +2 -0
- package/analyze-btcst-farm.js +54 -0
- package/analyze-dxsale-lock.js +75 -0
- package/analyze-elephant.js +69 -0
- package/analyze-fara-rewards.js +109 -0
- package/analyze-fara-storage.js +83 -0
- package/analyze-lft-transaction.js +158 -0
- package/analyze-lock-bytecode.js +59 -0
- package/analyze-shegic.js +0 -0
- package/analyze-staking-abi.js +0 -0
- package/analyze-sxp.js +57 -0
- package/analyze-tlm.js +76 -0
- package/analyze-trumpet.js +98 -0
- package/analyze-unlimited-nft.js +108 -0
- package/analyze_elephant.sh +27 -0
- package/analyze_vault.sh +32 -0
- package/aria-bytecode.txt +1 -0
- package/aria_response.json +1 -0
- package/ark_temp/README.md +66 -0
- package/ark_temp/lib/forge-std/.gitattributes +1 -0
- package/ark_temp/lib/forge-std/.github/CODEOWNERS +1 -0
- package/ark_temp/lib/forge-std/.github/dependabot.yml +6 -0
- package/ark_temp/lib/forge-std/.github/workflows/ci.yml +125 -0
- package/ark_temp/lib/forge-std/.github/workflows/sync.yml +36 -0
- package/ark_temp/lib/forge-std/CONTRIBUTING.md +193 -0
- package/ark_temp/lib/forge-std/LICENSE-APACHE +203 -0
- package/ark_temp/lib/forge-std/LICENSE-MIT +25 -0
- package/ark_temp/lib/forge-std/README.md +314 -0
- package/ark_temp/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
- package/ark_temp/lib/forge-std/package.json +16 -0
- package/ark_temp/lib/forge-std/scripts/vm.py +636 -0
- package/audits/AiFi-security-audit-20260326.md +499 -0
- package/audits/BasedAI-Brains-security-audit-20260324.md +651 -0
- package/audits/BinanceAlphaWallet-pashov-ai-audit-report-20260324-170000.md +362 -0
- package/audits/DGToken-security-audit-20260324.md +376 -0
- package/audits/DSyncStaking-audit-part1.md +161 -0
- package/audits/DSyncStaking-security-audit-20260324.md +547 -0
- package/audits/DecompiledERC20-security-audit-20260325.md +397 -0
- package/audits/DegenVC-security-audit-20260324.md +585 -0
- package/audits/DelreyInu-security-audit-20260324.md +463 -0
- package/audits/DestraNetwork-security-audit-20260324.md +705 -0
- package/audits/DomiToken-security-audit-20260324.md +514 -0
- package/audits/LendFlareToken-security-audit-20260325.md +197 -0
- package/audits/LockReleaseTokenPool-security-audit-20260324.md +482 -0
- package/audits/MOG-pashov-ai-audit-report-20260324-164900.md +229 -0
- package/audits/PAALAI-security-audit-20260324.md +475 -0
- package/audits/PAR-security-audit-20260325.md +311 -0
- package/audits/PepeCoinStaking-security-audit-20260324.md +358 -0
- package/audits/StakingPool-security-audit-20260324.md +517 -0
- package/audits/SyncToken-security-audit-20260324.md +778 -0
- package/audits/UndeadToken-decompiled-security-audit-20260324.md +485 -0
- package/audits/UnknownToken-decompiled-security-audit-20260324.md +647 -0
- package/audits/XFIStaking-security-audit-20260324.md +682 -0
- package/audits/Xfinance-security-audit-20260324.md +463 -0
- package/audits/basedAIFarm-security-audit-20260324.md +330 -0
- package/audits/pepeCoin-security-audit-20260324.md +462 -0
- package/bin/ups +232 -0
- package/binance-wallet-exploit/.env.example +2 -0
- package/binance-wallet-exploit/EXECUTIVE_SUMMARY.md +272 -0
- package/binance-wallet-exploit/EXPLOIT_SUMMARY.md +104 -0
- package/binance-wallet-exploit/FINAL_ANALYSIS.md +326 -0
- package/binance-wallet-exploit/FLASHLOAN_ATTACK.md +292 -0
- package/binance-wallet-exploit/HONEYPOT_REPORT.md +526 -0
- package/binance-wallet-exploit/INVESTIGATION_COMPLETE.md +362 -0
- package/binance-wallet-exploit/LENDFLARE_EXPLOIT.md +219 -0
- package/binance-wallet-exploit/LENDFLARE_FINAL_ATTACK.md +307 -0
- package/binance-wallet-exploit/LENDFLARE_REAL_EXPLOIT.md +286 -0
- package/binance-wallet-exploit/LENDFLARE_RUGPULL.md +269 -0
- package/binance-wallet-exploit/LFT_ANALYSIS.md +206 -0
- package/binance-wallet-exploit/QUICK_START.md +75 -0
- package/binance-wallet-exploit/README.md +195 -0
- package/binance-wallet-exploit/REAL_TX_EXPLOIT_ANALYSIS.md +271 -0
- package/binance-wallet-exploit/REMIX_INSTRUCTIONS.md +223 -0
- package/binance-wallet-exploit/TEST_RESULTS.md +203 -0
- package/binance-wallet-exploit/cache/solidity-files-cache.json +1 -0
- package/binance-wallet-exploit/cache/test-failures +1 -0
- package/binance-wallet-exploit/lib/forge-std/.gitattributes +1 -0
- package/binance-wallet-exploit/lib/forge-std/.github/CODEOWNERS +1 -0
- package/binance-wallet-exploit/lib/forge-std/.github/dependabot.yml +6 -0
- package/binance-wallet-exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
- package/binance-wallet-exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
- package/binance-wallet-exploit/lib/forge-std/CONTRIBUTING.md +193 -0
- package/binance-wallet-exploit/lib/forge-std/LICENSE-APACHE +203 -0
- package/binance-wallet-exploit/lib/forge-std/LICENSE-MIT +25 -0
- package/binance-wallet-exploit/lib/forge-std/README.md +314 -0
- package/binance-wallet-exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
- package/binance-wallet-exploit/lib/forge-std/package.json +16 -0
- package/binance-wallet-exploit/lib/forge-std/scripts/vm.py +636 -0
- package/binance-wallet-exploit/out/build-info/1e9aa7e86cf56962.json +1 -0
- package/binance-wallet-exploit/out/build-info/6f56f10e9d7b56eb.json +1 -0
- package/binance-wallet-exploit/out/build-info/7edba961ff697a24.json +1 -0
- package/binance-wallet-exploit/out/build-info/8c27fe3efea2f2e7.json +1 -0
- package/binance-wallet-exploit/out/build-info/978b680daffec63a.json +1 -0
- package/binance-wallet-exploit/out/build-info/9806b900b5672d0c.json +1 -0
- package/binance-wallet-exploit/out/build-info/b4b9ff36e9b3fc27.json +1 -0
- package/binance-wallet-exploit/out/build-info/b6f4df9ae05c0812.json +1 -0
- package/binance-wallet-exploit/out/build-info/c88dbc86551f7b5c.json +1 -0
- package/binance-wallet-exploit/out/build-info/e9657504010623db.json +1 -0
- package/cache/fuzz/failures/ARIAVerifiedFuzzTest/testFuzz_ApprovalRaceCondition +1 -0
- package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_DirectTransferExploit +1 -0
- package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_LargeSwapDrain +1 -0
- package/cache/fuzz/failures/LendFlareFuzz/testFuzz_ApprovalExploit +1 -0
- package/cache/fuzz/failures/LendFlareFuzz/testFuzz_BalanceManipulation +1 -0
- package/cache/fuzz/failures/LendFlareFuzz/testFuzz_RateManipulation +1 -0
- package/cache/fuzz/failures/LendFlareFuzz/testFuzz_StorageManipulation +1 -0
- package/cache/fuzz/failures/PARFuzzTest/testFuzz_OverflowTransfer +1 -0
- package/cache/fuzz/failures/PARFuzzTest/testFuzz_Transfer +1 -0
- package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_FrontrunAddfunds +1 -0
- package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RewardOverflow +1 -0
- package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RoundingExploit +1 -0
- package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_WithdrawLimit +1 -0
- package/cache/solidity-files-cache.json +1 -0
- package/cache/test-failures +1 -0
- package/calculate-elephant-flashloan.js +195 -0
- package/check-address-approval.js +112 -0
- package/check-alpha-proxy.js +42 -0
- package/check-arbitrage.js +155 -0
- package/check-aria-token.js +47 -0
- package/check-ark.sh +20 -0
- package/check-btcst-mining.js +75 -0
- package/check-btcst-pools.js +163 -0
- package/check-btcst.js +88 -0
- package/check-caller.js +26 -0
- package/check-ceek-lp.js +73 -0
- package/check-ceek.js +47 -0
- package/check-dxsale-address.js +35 -0
- package/check-fara-exploit-timing.js +56 -0
- package/check-fara-real-exploit.js +73 -0
- package/check-flashloan-limits.js +129 -0
- package/check-kel-cel-pool.js +91 -0
- package/check-lax-staking.js +41 -0
- package/check-lendflare.js +165 -0
- package/check-lft-accounting.js +109 -0
- package/check-lft-roles.js +165 -0
- package/check-lock-time.js +47 -0
- package/check-min-stake.js +73 -0
- package/check-mystery-contract.js +52 -0
- package/check-next-token.js +50 -0
- package/check-nora-lock.js +67 -0
- package/check-oiler-approvals.js +116 -0
- package/check-oiler-proxy.js +73 -0
- package/check-oiler-staking.js +117 -0
- package/check-proxy-simple.js +71 -0
- package/check-recent-stakes.js +54 -0
- package/check-shegic-holdings.js +67 -0
- package/check-snowcrash-ecosystem.js +83 -0
- package/check-sync-lp.js +97 -0
- package/check-sync-stake.js +42 -0
- package/check-tlm.js +37 -0
- package/check-token-pools.js +146 -0
- package/check-trunk-depeg.js +181 -0
- package/check-tusd-decimals.js +58 -0
- package/check-user-storage-deep.js +81 -0
- package/check-welephant-pools.js +130 -0
- package/check-xfi-pool.js +75 -0
- package/check-zypher.js +32 -0
- package/check_proxy.sh +36 -0
- package/compare-tlm-chains.js +90 -0
- package/contract_0x05f2.html +6025 -0
- package/contract_0x3720.html +6361 -0
- package/contract_0x928e.html +5606 -0
- package/contract_0xc42d.html +5304 -0
- package/contract_page.html +5789 -0
- package/decode-stake-tx.js +50 -0
- package/deep-analyze-lock.js +82 -0
- package/dune_uups_proxy_query.sql +42 -0
- package/dune_uups_vulnerable_query.sql +0 -0
- package/echidna/alpha-proxy.yaml +14 -0
- package/echidna/elephant.yaml +7 -0
- package/echidna/lendflare.yaml +42 -0
- package/echidna.config.yaml +12 -0
- package/elephant_raw.json +1 -0
- package/eps_raw.json +1 -0
- package/exploit/.github/workflows/test.yml +38 -0
- package/exploit/.gitmodules +3 -0
- package/exploit/README.md +66 -0
- package/exploit/foundry.lock +8 -0
- package/exploit/lib/forge-std/.gitattributes +1 -0
- package/exploit/lib/forge-std/.github/CODEOWNERS +1 -0
- package/exploit/lib/forge-std/.github/dependabot.yml +6 -0
- package/exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
- package/exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
- package/exploit/lib/forge-std/CONTRIBUTING.md +193 -0
- package/exploit/lib/forge-std/LICENSE-APACHE +203 -0
- package/exploit/lib/forge-std/LICENSE-MIT +25 -0
- package/exploit/lib/forge-std/README.md +314 -0
- package/exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
- package/exploit/lib/forge-std/package.json +16 -0
- package/exploit/lib/forge-std/scripts/vm.py +636 -0
- package/exploit_analysis.txt +51 -0
- package/extract_contract.py +21 -0
- package/extract_elephant_contracts.py +24 -0
- package/fara-staking-bytecode.txt +1 -0
- package/fara-staking-raw.txt +1 -0
- package/fetch-aria.js +46 -0
- package/fetch-contract.js +50 -0
- package/fetch-shegic-source.js +86 -0
- package/fetch-snowcrash.js +44 -0
- package/fetch-staking-source.js +53 -0
- package/fetch-tlm.js +60 -0
- package/fetch_elephant_source.py +32 -0
- package/find-ceek-staking.js +21 -0
- package/find-exploit-tx.js +88 -0
- package/find-oiler-holders.js +100 -0
- package/find-tlm-holder.js +36 -0
- package/find-vulnerable-fund.js +94 -0
- package/foundry.lock +8 -0
- package/fuzz-all.sh +53 -0
- package/get-aria-contract.py +40 -0
- package/get-lft-holders.js +89 -0
- package/get-tlm-source.sh +8 -0
- package/harvest_txs.json +1 -0
- package/lft-bytecode-raw.txt +1 -0
- package/lft-bytecode.json +1 -0
- package/lft-impl.bin +1 -0
- package/lft-implementation-bytecode.txt +1 -0
- package/lib/forge-std/.gitattributes +1 -0
- package/lib/forge-std/.github/CODEOWNERS +1 -0
- package/lib/forge-std/.github/dependabot.yml +6 -0
- package/lib/forge-std/.github/workflows/ci.yml +125 -0
- package/lib/forge-std/.github/workflows/sync.yml +36 -0
- package/lib/forge-std/CONTRIBUTING.md +193 -0
- package/lib/forge-std/LICENSE-APACHE +203 -0
- package/lib/forge-std/LICENSE-MIT +25 -0
- package/lib/forge-std/README.md +314 -0
- package/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
- package/lib/forge-std/package.json +16 -0
- package/lib/forge-std/scripts/vm.py +636 -0
- package/lib/openzeppelin-contracts/.changeset/config.json +12 -0
- package/lib/openzeppelin-contracts/.codecov.yml +12 -0
- package/lib/openzeppelin-contracts/.editorconfig +21 -0
- package/lib/openzeppelin-contracts/.eslintrc +20 -0
- package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
- package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/config.yml +4 -0
- package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/feature_request.md +14 -0
- package/lib/openzeppelin-contracts/.github/PULL_REQUEST_TEMPLATE.md +20 -0
- package/lib/openzeppelin-contracts/.github/actions/gas-compare/action.yml +49 -0
- package/lib/openzeppelin-contracts/.github/actions/setup/action.yml +21 -0
- package/lib/openzeppelin-contracts/.github/actions/storage-layout/action.yml +55 -0
- package/lib/openzeppelin-contracts/.github/workflows/actionlint.yml +18 -0
- package/lib/openzeppelin-contracts/.github/workflows/changeset.yml +28 -0
- package/lib/openzeppelin-contracts/.github/workflows/checks.yml +118 -0
- package/lib/openzeppelin-contracts/.github/workflows/docs.yml +19 -0
- package/lib/openzeppelin-contracts/.github/workflows/formal-verification.yml +68 -0
- package/lib/openzeppelin-contracts/.github/workflows/release-cycle.yml +214 -0
- package/lib/openzeppelin-contracts/.github/workflows/upgradeable.yml +34 -0
- package/lib/openzeppelin-contracts/.gitmodules +7 -0
- package/lib/openzeppelin-contracts/.mocharc.js +4 -0
- package/lib/openzeppelin-contracts/.prettierrc +15 -0
- package/lib/openzeppelin-contracts/.solcover.js +13 -0
- package/lib/openzeppelin-contracts/CHANGELOG.md +972 -0
- package/lib/openzeppelin-contracts/CODE_OF_CONDUCT.md +73 -0
- package/lib/openzeppelin-contracts/CONTRIBUTING.md +36 -0
- package/lib/openzeppelin-contracts/GUIDELINES.md +148 -0
- package/lib/openzeppelin-contracts/LICENSE +22 -0
- package/lib/openzeppelin-contracts/README.md +107 -0
- package/lib/openzeppelin-contracts/RELEASING.md +45 -0
- package/lib/openzeppelin-contracts/SECURITY.md +42 -0
- package/lib/openzeppelin-contracts/audits/2017-03.md +292 -0
- package/lib/openzeppelin-contracts/audits/2018-10.pdf +0 -0
- package/lib/openzeppelin-contracts/audits/2022-10-Checkpoints.pdf +0 -0
- package/lib/openzeppelin-contracts/audits/2022-10-ERC4626.pdf +0 -0
- package/lib/openzeppelin-contracts/audits/2023-05-v4.9.pdf +0 -0
- package/lib/openzeppelin-contracts/audits/2023-10-v5.0.pdf +0 -0
- package/lib/openzeppelin-contracts/audits/README.md +17 -0
- package/lib/openzeppelin-contracts/certora/Makefile +54 -0
- package/lib/openzeppelin-contracts/certora/README.md +60 -0
- package/lib/openzeppelin-contracts/certora/diff/access_manager_AccessManager.sol.patch +97 -0
- package/lib/openzeppelin-contracts/certora/reports/2021-10.pdf +0 -0
- package/lib/openzeppelin-contracts/certora/reports/2022-03.pdf +0 -0
- package/lib/openzeppelin-contracts/certora/reports/2022-05.pdf +0 -0
- package/lib/openzeppelin-contracts/certora/run.js +160 -0
- package/lib/openzeppelin-contracts/certora/specs/AccessControl.spec +119 -0
- package/lib/openzeppelin-contracts/certora/specs/AccessControlDefaultAdminRules.spec +464 -0
- package/lib/openzeppelin-contracts/certora/specs/DoubleEndedQueue.spec +300 -0
- package/lib/openzeppelin-contracts/certora/specs/ERC20.spec +352 -0
- package/lib/openzeppelin-contracts/certora/specs/ERC20FlashMint.spec +55 -0
- package/lib/openzeppelin-contracts/certora/specs/ERC20Wrapper.spec +198 -0
- package/lib/openzeppelin-contracts/certora/specs/ERC721.spec +679 -0
- package/lib/openzeppelin-contracts/certora/specs/EnumerableMap.spec +333 -0
- package/lib/openzeppelin-contracts/certora/specs/EnumerableSet.spec +246 -0
- package/lib/openzeppelin-contracts/certora/specs/Initializable.spec +165 -0
- package/lib/openzeppelin-contracts/certora/specs/Ownable.spec +77 -0
- package/lib/openzeppelin-contracts/certora/specs/Ownable2Step.spec +108 -0
- package/lib/openzeppelin-contracts/certora/specs/Pausable.spec +96 -0
- package/lib/openzeppelin-contracts/certora/specs/TimelockController.spec +274 -0
- package/lib/openzeppelin-contracts/certora/specs/helpers/helpers.spec +7 -0
- package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControl.spec +8 -0
- package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControlDefaultAdminRules.spec +36 -0
- package/lib/openzeppelin-contracts/certora/specs/methods/IERC20.spec +11 -0
- package/lib/openzeppelin-contracts/certora/specs/methods/IERC2612.spec +5 -0
- package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashBorrower.spec +3 -0
- package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashLender.spec +5 -0
- package/lib/openzeppelin-contracts/certora/specs/methods/IERC5313.spec +3 -0
- package/lib/openzeppelin-contracts/certora/specs/methods/IERC721.spec +17 -0
- package/lib/openzeppelin-contracts/certora/specs/methods/IERC721Receiver.spec +3 -0
- package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable.spec +5 -0
- package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable2Step.spec +7 -0
- package/lib/openzeppelin-contracts/certora/specs.json +86 -0
- package/lib/openzeppelin-contracts/contracts/access/README.adoc +43 -0
- package/lib/openzeppelin-contracts/contracts/finance/README.adoc +14 -0
- package/lib/openzeppelin-contracts/contracts/governance/README.adoc +167 -0
- package/lib/openzeppelin-contracts/contracts/interfaces/README.adoc +82 -0
- package/lib/openzeppelin-contracts/contracts/metatx/README.adoc +12 -0
- package/lib/openzeppelin-contracts/contracts/package.json +32 -0
- package/lib/openzeppelin-contracts/contracts/proxy/README.adoc +87 -0
- package/lib/openzeppelin-contracts/contracts/token/ERC1155/README.adoc +41 -0
- package/lib/openzeppelin-contracts/contracts/token/ERC20/README.adoc +67 -0
- package/lib/openzeppelin-contracts/contracts/token/ERC721/README.adoc +67 -0
- package/lib/openzeppelin-contracts/contracts/token/common/README.adoc +10 -0
- package/lib/openzeppelin-contracts/contracts/utils/README.adoc +88 -0
- package/lib/openzeppelin-contracts/contracts/vendor/compound/LICENSE +11 -0
- package/lib/openzeppelin-contracts/docs/README.md +16 -0
- package/lib/openzeppelin-contracts/docs/antora.yml +7 -0
- package/lib/openzeppelin-contracts/docs/config.js +21 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3a.png +0 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3b.png +0 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-6.png +0 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack.png +0 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-deposit.png +0 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-mint.png +0 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-linear.png +0 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglog.png +0 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglogext.png +0 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-exec.png +0 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-vote.png +0 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/nav.adoc +23 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/access-control.adoc +204 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/backwards-compatibility.adoc +48 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/crowdsales.adoc +11 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/drafts.adoc +19 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc1155.adoc +145 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20-supply.adoc +71 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20.adoc +77 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc4626.adoc +214 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc721.adoc +79 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/extending-contracts.adoc +77 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/faq.adoc +13 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/governance.adoc +240 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/index.adoc +79 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/tokens.adoc +31 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/upgradeable.adoc +77 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/utilities.adoc +185 -0
- package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/wizard.adoc +15 -0
- package/lib/openzeppelin-contracts/docs/templates/contract.hbs +111 -0
- package/lib/openzeppelin-contracts/docs/templates/helpers.js +46 -0
- package/lib/openzeppelin-contracts/docs/templates/page.hbs +4 -0
- package/lib/openzeppelin-contracts/docs/templates/properties.js +64 -0
- package/lib/openzeppelin-contracts/hardhat/env-artifacts.js +24 -0
- package/lib/openzeppelin-contracts/hardhat/env-contract.js +25 -0
- package/lib/openzeppelin-contracts/hardhat/ignore-unreachable-warnings.js +45 -0
- package/lib/openzeppelin-contracts/hardhat/skip-foundry-tests.js +6 -0
- package/lib/openzeppelin-contracts/hardhat/task-test-get-files.js +25 -0
- package/lib/openzeppelin-contracts/hardhat.config.js +131 -0
- package/lib/openzeppelin-contracts/lib/erc4626-tests/LICENSE +661 -0
- package/lib/openzeppelin-contracts/lib/erc4626-tests/README.md +116 -0
- package/lib/openzeppelin-contracts/lib/forge-std/.github/workflows/ci.yml +92 -0
- package/lib/openzeppelin-contracts/lib/forge-std/.gitmodules +3 -0
- package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-APACHE +203 -0
- package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-MIT +25 -0
- package/lib/openzeppelin-contracts/lib/forge-std/README.md +250 -0
- package/lib/openzeppelin-contracts/lib/forge-std/package.json +16 -0
- package/lib/openzeppelin-contracts/logo.svg +15 -0
- package/lib/openzeppelin-contracts/netlify.toml +3 -0
- package/lib/openzeppelin-contracts/package-lock.json +16544 -0
- package/lib/openzeppelin-contracts/package.json +96 -0
- package/lib/openzeppelin-contracts/remappings.txt +1 -0
- package/lib/openzeppelin-contracts/renovate.json +4 -0
- package/lib/openzeppelin-contracts/requirements.txt +1 -0
- package/lib/openzeppelin-contracts/scripts/checks/compare-layout.js +20 -0
- package/lib/openzeppelin-contracts/scripts/checks/compareGasReports.js +243 -0
- package/lib/openzeppelin-contracts/scripts/checks/extract-layout.js +38 -0
- package/lib/openzeppelin-contracts/scripts/checks/generation.sh +6 -0
- package/lib/openzeppelin-contracts/scripts/checks/inheritance-ordering.js +54 -0
- package/lib/openzeppelin-contracts/scripts/gen-nav.js +41 -0
- package/lib/openzeppelin-contracts/scripts/generate/format-lines.js +16 -0
- package/lib/openzeppelin-contracts/scripts/generate/run.js +49 -0
- package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.js +247 -0
- package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.opts.js +17 -0
- package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.t.js +146 -0
- package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableMap.js +283 -0
- package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableSet.js +250 -0
- package/lib/openzeppelin-contracts/scripts/generate/templates/SafeCast.js +126 -0
- package/lib/openzeppelin-contracts/scripts/generate/templates/StorageSlot.js +78 -0
- package/lib/openzeppelin-contracts/scripts/generate/templates/conversion.js +30 -0
- package/lib/openzeppelin-contracts/scripts/git-user-config.sh +6 -0
- package/lib/openzeppelin-contracts/scripts/helpers.js +37 -0
- package/lib/openzeppelin-contracts/scripts/prepack.sh +23 -0
- package/lib/openzeppelin-contracts/scripts/prepare-docs.sh +26 -0
- package/lib/openzeppelin-contracts/scripts/release/format-changelog.js +33 -0
- package/lib/openzeppelin-contracts/scripts/release/synchronize-versions.js +15 -0
- package/lib/openzeppelin-contracts/scripts/release/update-comment.js +34 -0
- package/lib/openzeppelin-contracts/scripts/release/version.sh +11 -0
- package/lib/openzeppelin-contracts/scripts/release/workflow/exit-prerelease.sh +8 -0
- package/lib/openzeppelin-contracts/scripts/release/workflow/github-release.js +48 -0
- package/lib/openzeppelin-contracts/scripts/release/workflow/integrity-check.sh +20 -0
- package/lib/openzeppelin-contracts/scripts/release/workflow/pack.sh +26 -0
- package/lib/openzeppelin-contracts/scripts/release/workflow/publish.sh +26 -0
- package/lib/openzeppelin-contracts/scripts/release/workflow/rerun.js +7 -0
- package/lib/openzeppelin-contracts/scripts/release/workflow/set-changesets-pr-title.js +17 -0
- package/lib/openzeppelin-contracts/scripts/release/workflow/start.sh +35 -0
- package/lib/openzeppelin-contracts/scripts/release/workflow/state.js +112 -0
- package/lib/openzeppelin-contracts/scripts/remove-ignored-artifacts.js +45 -0
- package/lib/openzeppelin-contracts/scripts/solhint-custom/index.js +84 -0
- package/lib/openzeppelin-contracts/scripts/solhint-custom/package.json +5 -0
- package/lib/openzeppelin-contracts/scripts/update-docs-branch.js +65 -0
- package/lib/openzeppelin-contracts/scripts/upgradeable/README.md +21 -0
- package/lib/openzeppelin-contracts/scripts/upgradeable/patch-apply.sh +19 -0
- package/lib/openzeppelin-contracts/scripts/upgradeable/patch-save.sh +18 -0
- package/lib/openzeppelin-contracts/scripts/upgradeable/transpile-onto.sh +54 -0
- package/lib/openzeppelin-contracts/scripts/upgradeable/transpile.sh +47 -0
- package/lib/openzeppelin-contracts/scripts/upgradeable/upgradeable.patch +360 -0
- package/lib/openzeppelin-contracts/slither.config.json +5 -0
- package/lib/openzeppelin-contracts/solhint.config.js +20 -0
- package/mythril-lft-output.txt +1 -0
- package/mythril-lft-symbolic.txt +18 -0
- package/mythril-lft.sh +20 -0
- package/mythril-symbolic-output.txt +1 -0
- package/mythril-symbolic.sh +42 -0
- package/out/build-info/0026b78428192979.json +1 -0
- package/out/build-info/03c4fc3b88486eba.json +1 -0
- package/out/build-info/0540afa9b9a5c5a6.json +1 -0
- package/out/build-info/081932f505bc08b9.json +1 -0
- package/out/build-info/0da104ba0d6642d5.json +1 -0
- package/out/build-info/197281971dbb5f23.json +1 -0
- package/out/build-info/197e7e332832a232.json +1 -0
- package/out/build-info/1a1cab9136eb5f94.json +1 -0
- package/out/build-info/1b320204eb162aa2.json +1 -0
- package/out/build-info/1e03f94398052674.json +1 -0
- package/out/build-info/22ac085949602937.json +1 -0
- package/out/build-info/234ef37453a9fa64.json +1 -0
- package/out/build-info/2447db7b1878fa8e.json +1 -0
- package/out/build-info/25568daeb484f5ff.json +1 -0
- package/out/build-info/27465853244c49ce.json +1 -0
- package/out/build-info/2c57a9e0f087453b.json +1 -0
- package/out/build-info/3c62ae7de8da68c4.json +1 -0
- package/out/build-info/3e771ae109e97bb3.json +1 -0
- package/out/build-info/460499bc0a3465c4.json +1 -0
- package/out/build-info/47ce37e50a4f115e.json +1 -0
- package/out/build-info/4fcce5c63cf427d6.json +1 -0
- package/out/build-info/4fd0a53fe63fddbb.json +1 -0
- package/out/build-info/50f1247db9d769cc.json +1 -0
- package/out/build-info/5317d0181a7a5e02.json +1 -0
- package/out/build-info/594df509275ceb5b.json +1 -0
- package/out/build-info/61983ac3f6141719.json +1 -0
- package/out/build-info/638c4548307122fe.json +1 -0
- package/out/build-info/67c2c43bdb7c0ded.json +1 -0
- package/out/build-info/777f42643aad37b7.json +1 -0
- package/out/build-info/7d7856f19e845354.json +1 -0
- package/out/build-info/83976260b6f71e94.json +1 -0
- package/out/build-info/83c23882000b963d.json +1 -0
- package/out/build-info/84b2cce8f70b36be.json +1 -0
- package/out/build-info/8bc13d31d7c3206a.json +1 -0
- package/out/build-info/8e183bd4d9d8cf88.json +1 -0
- package/out/build-info/94bfe1e7cafa8ff5.json +1 -0
- package/out/build-info/99ec7d5e8d8ff360.json +1 -0
- package/out/build-info/9ac044b29daa7d5e.json +1 -0
- package/out/build-info/9b203227ff5d2e63.json +1 -0
- package/out/build-info/9d18c5872c4282dd.json +1 -0
- package/out/build-info/9f77f04f33baf9a3.json +1 -0
- package/out/build-info/a6e1caf974787982.json +1 -0
- package/out/build-info/a94b6348867a62d6.json +1 -0
- package/out/build-info/ad93721947a8b195.json +1 -0
- package/out/build-info/b42daddb5aa4b19f.json +1 -0
- package/out/build-info/bf13512ae899f7e8.json +1 -0
- package/out/build-info/c39f86c20a548c4a.json +1 -0
- package/out/build-info/cb12bb975a2f4e65.json +1 -0
- package/out/build-info/d0c6788fadc2aa60.json +1 -0
- package/out/build-info/d2726bf94ed5b845.json +1 -0
- package/out/build-info/d4eb00da50cce5cb.json +1 -0
- package/out/build-info/db931924a3bc8bdd.json +1 -0
- package/out/build-info/e1a503d49bc77401.json +1 -0
- package/out/build-info/efe5396f8892ce77.json +1 -0
- package/out/build-info/f536d90ced745969.json +1 -0
- package/out/build-info/fed38823c7019b82.json +1 -0
- package/package.json +51 -0
- package/page.html +5384 -0
- package/pancakeswap-simple-tvl.sql +15 -0
- package/pancakeswap-top-pools.sql +29 -0
- package/pancakeswap-tvl-optimized.sql +57 -0
- package/pancakeswap-tvl-query.sql +60 -0
- package/pancakeswap-underflow-hunting.sql +51 -0
- package/pancakeswap-vulnerability-queries.sql +200 -0
- package/posi_page.html +6369 -0
- package/posi_response.json +29 -0
- package/proxy_page.html +500 -0
- package/run_mythril_elephant.sh +18 -0
- package/sHEGIC-bytecode.bin +6 -0
- package/sHEGIC-mythril-analysis.txt +1 -0
- package/sHEGIC-mythril-full.txt +134 -0
- package/sHEGIC_ANALYSIS.md +135 -0
- package/sHEGIC_EXPLOIT_ANALYSIS.md +317 -0
- package/sHEGIC_MYTHRIL_ANALYSIS.md +361 -0
- package/scrape-snowcrash.js +28 -0
- package/scripts/yooshi_drain.sh +154 -0
- package/shi_raw.json +1 -0
- package/temp.json +1 -0
- package/temp_harvest.json +1 -0
- package/temp_pika.json +1 -0
- package/temp_posi.json +1 -0
- package/temp_response.json +1 -0
- package/test-lft-hidden-balance.js +108 -0
- package/test-xfi-exploit.js +140 -0
- package/trunk-liquidity-rescue.js +164 -0
- package/vBABY_page.html +6153 -0
- package/vBABY_response.json +29 -0
- package/wsg_response.json +1 -0
- package/yooldo_page.html +10371 -0
|
@@ -0,0 +1,636 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
|
|
3
|
+
import argparse
|
|
4
|
+
import copy
|
|
5
|
+
import json
|
|
6
|
+
import re
|
|
7
|
+
import subprocess
|
|
8
|
+
from enum import Enum as PyEnum
|
|
9
|
+
from pathlib import Path
|
|
10
|
+
from typing import Callable
|
|
11
|
+
from urllib import request
|
|
12
|
+
|
|
13
|
+
VoidFn = Callable[[], None]
|
|
14
|
+
|
|
15
|
+
CHEATCODES_JSON_URL = "https://raw.githubusercontent.com/foundry-rs/foundry/master/crates/cheatcodes/assets/cheatcodes.json"
|
|
16
|
+
OUT_PATH = "src/Vm.sol"
|
|
17
|
+
|
|
18
|
+
VM_SAFE_DOC = """\
|
|
19
|
+
/// The `VmSafe` interface does not allow manipulation of the EVM state or other actions that may
|
|
20
|
+
/// result in Script simulations differing from on-chain execution. It is recommended to only use
|
|
21
|
+
/// these cheats in scripts.
|
|
22
|
+
"""
|
|
23
|
+
|
|
24
|
+
VM_DOC = """\
|
|
25
|
+
/// The `Vm` interface does allow manipulation of the EVM state. These are all intended to be used
|
|
26
|
+
/// in tests, but it is not recommended to use these cheats in scripts.
|
|
27
|
+
"""
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
def main():
|
|
31
|
+
parser = argparse.ArgumentParser(
|
|
32
|
+
description="Generate Vm.sol based on the cheatcodes json created by Foundry")
|
|
33
|
+
parser.add_argument(
|
|
34
|
+
"--from",
|
|
35
|
+
metavar="PATH",
|
|
36
|
+
dest="path",
|
|
37
|
+
required=False,
|
|
38
|
+
help="path to a json file containing the Vm interface, as generated by Foundry")
|
|
39
|
+
args = parser.parse_args()
|
|
40
|
+
json_str = request.urlopen(CHEATCODES_JSON_URL).read().decode("utf-8") if args.path is None else Path(args.path).read_text()
|
|
41
|
+
contract = Cheatcodes.from_json(json_str)
|
|
42
|
+
|
|
43
|
+
ccs = contract.cheatcodes
|
|
44
|
+
ccs = list(filter(lambda cc: cc.status not in ["experimental", "internal"], ccs))
|
|
45
|
+
ccs.sort(key=lambda cc: cc.func.id)
|
|
46
|
+
|
|
47
|
+
safe = list(filter(lambda cc: cc.safety == "safe", ccs))
|
|
48
|
+
safe.sort(key=CmpCheatcode)
|
|
49
|
+
unsafe = list(filter(lambda cc: cc.safety == "unsafe", ccs))
|
|
50
|
+
unsafe.sort(key=CmpCheatcode)
|
|
51
|
+
assert len(safe) + len(unsafe) == len(ccs)
|
|
52
|
+
|
|
53
|
+
prefix_with_group_headers(safe)
|
|
54
|
+
prefix_with_group_headers(unsafe)
|
|
55
|
+
|
|
56
|
+
out = ""
|
|
57
|
+
|
|
58
|
+
out += "// Automatically @generated by scripts/vm.py. Do not modify manually.\n\n"
|
|
59
|
+
|
|
60
|
+
pp = CheatcodesPrinter(
|
|
61
|
+
spdx_identifier="MIT OR Apache-2.0",
|
|
62
|
+
solidity_requirement=">=0.8.13 <0.9.0",
|
|
63
|
+
)
|
|
64
|
+
pp.p_prelude()
|
|
65
|
+
pp.prelude = False
|
|
66
|
+
out += pp.finish()
|
|
67
|
+
|
|
68
|
+
out += "\n\n"
|
|
69
|
+
out += VM_SAFE_DOC
|
|
70
|
+
vm_safe = Cheatcodes(
|
|
71
|
+
# TODO: Custom errors were introduced in 0.8.4
|
|
72
|
+
errors=[], # contract.errors
|
|
73
|
+
events=contract.events,
|
|
74
|
+
enums=contract.enums,
|
|
75
|
+
structs=contract.structs,
|
|
76
|
+
cheatcodes=safe,
|
|
77
|
+
)
|
|
78
|
+
pp.p_contract(vm_safe, "VmSafe")
|
|
79
|
+
out += pp.finish()
|
|
80
|
+
|
|
81
|
+
out += "\n\n"
|
|
82
|
+
out += VM_DOC
|
|
83
|
+
vm_unsafe = Cheatcodes(
|
|
84
|
+
errors=[],
|
|
85
|
+
events=[],
|
|
86
|
+
enums=[],
|
|
87
|
+
structs=[],
|
|
88
|
+
cheatcodes=unsafe,
|
|
89
|
+
)
|
|
90
|
+
pp.p_contract(vm_unsafe, "Vm", "VmSafe")
|
|
91
|
+
out += pp.finish()
|
|
92
|
+
|
|
93
|
+
# Compatibility with <0.8.0
|
|
94
|
+
def memory_to_calldata(m: re.Match) -> str:
|
|
95
|
+
return " calldata " + m.group(1)
|
|
96
|
+
|
|
97
|
+
out = re.sub(r" memory (.*returns)", memory_to_calldata, out)
|
|
98
|
+
|
|
99
|
+
with open(OUT_PATH, "w") as f:
|
|
100
|
+
f.write(out)
|
|
101
|
+
|
|
102
|
+
forge_fmt = ["forge", "fmt", OUT_PATH]
|
|
103
|
+
res = subprocess.run(forge_fmt)
|
|
104
|
+
assert res.returncode == 0, f"command failed: {forge_fmt}"
|
|
105
|
+
|
|
106
|
+
print(f"Wrote to {OUT_PATH}")
|
|
107
|
+
|
|
108
|
+
|
|
109
|
+
class CmpCheatcode:
|
|
110
|
+
cheatcode: "Cheatcode"
|
|
111
|
+
|
|
112
|
+
def __init__(self, cheatcode: "Cheatcode"):
|
|
113
|
+
self.cheatcode = cheatcode
|
|
114
|
+
|
|
115
|
+
def __lt__(self, other: "CmpCheatcode") -> bool:
|
|
116
|
+
return cmp_cheatcode(self.cheatcode, other.cheatcode) < 0
|
|
117
|
+
|
|
118
|
+
def __eq__(self, other: "CmpCheatcode") -> bool:
|
|
119
|
+
return cmp_cheatcode(self.cheatcode, other.cheatcode) == 0
|
|
120
|
+
|
|
121
|
+
def __gt__(self, other: "CmpCheatcode") -> bool:
|
|
122
|
+
return cmp_cheatcode(self.cheatcode, other.cheatcode) > 0
|
|
123
|
+
|
|
124
|
+
|
|
125
|
+
def cmp_cheatcode(a: "Cheatcode", b: "Cheatcode") -> int:
|
|
126
|
+
if a.group != b.group:
|
|
127
|
+
return -1 if a.group < b.group else 1
|
|
128
|
+
if a.status != b.status:
|
|
129
|
+
return -1 if a.status < b.status else 1
|
|
130
|
+
if a.safety != b.safety:
|
|
131
|
+
return -1 if a.safety < b.safety else 1
|
|
132
|
+
if a.func.id != b.func.id:
|
|
133
|
+
return -1 if a.func.id < b.func.id else 1
|
|
134
|
+
return 0
|
|
135
|
+
|
|
136
|
+
|
|
137
|
+
# HACK: A way to add group header comments without having to modify printer code
|
|
138
|
+
def prefix_with_group_headers(cheats: list["Cheatcode"]):
|
|
139
|
+
s = set()
|
|
140
|
+
for i, cheat in enumerate(cheats):
|
|
141
|
+
if cheat.group in s:
|
|
142
|
+
continue
|
|
143
|
+
|
|
144
|
+
s.add(cheat.group)
|
|
145
|
+
|
|
146
|
+
c = copy.deepcopy(cheat)
|
|
147
|
+
c.func.description = ""
|
|
148
|
+
c.func.declaration = f"// ======== {group(c.group)} ========"
|
|
149
|
+
cheats.insert(i, c)
|
|
150
|
+
return cheats
|
|
151
|
+
|
|
152
|
+
|
|
153
|
+
def group(s: str) -> str:
|
|
154
|
+
if s == "evm":
|
|
155
|
+
return "EVM"
|
|
156
|
+
if s == "json":
|
|
157
|
+
return "JSON"
|
|
158
|
+
return s[0].upper() + s[1:]
|
|
159
|
+
|
|
160
|
+
|
|
161
|
+
class Visibility(PyEnum):
|
|
162
|
+
EXTERNAL: str = "external"
|
|
163
|
+
PUBLIC: str = "public"
|
|
164
|
+
INTERNAL: str = "internal"
|
|
165
|
+
PRIVATE: str = "private"
|
|
166
|
+
|
|
167
|
+
def __str__(self):
|
|
168
|
+
return self.value
|
|
169
|
+
|
|
170
|
+
|
|
171
|
+
class Mutability(PyEnum):
|
|
172
|
+
PURE: str = "pure"
|
|
173
|
+
VIEW: str = "view"
|
|
174
|
+
NONE: str = ""
|
|
175
|
+
|
|
176
|
+
def __str__(self):
|
|
177
|
+
return self.value
|
|
178
|
+
|
|
179
|
+
|
|
180
|
+
class Function:
|
|
181
|
+
id: str
|
|
182
|
+
description: str
|
|
183
|
+
declaration: str
|
|
184
|
+
visibility: Visibility
|
|
185
|
+
mutability: Mutability
|
|
186
|
+
signature: str
|
|
187
|
+
selector: str
|
|
188
|
+
selector_bytes: bytes
|
|
189
|
+
|
|
190
|
+
def __init__(
|
|
191
|
+
self,
|
|
192
|
+
id: str,
|
|
193
|
+
description: str,
|
|
194
|
+
declaration: str,
|
|
195
|
+
visibility: Visibility,
|
|
196
|
+
mutability: Mutability,
|
|
197
|
+
signature: str,
|
|
198
|
+
selector: str,
|
|
199
|
+
selector_bytes: bytes,
|
|
200
|
+
):
|
|
201
|
+
self.id = id
|
|
202
|
+
self.description = description
|
|
203
|
+
self.declaration = declaration
|
|
204
|
+
self.visibility = visibility
|
|
205
|
+
self.mutability = mutability
|
|
206
|
+
self.signature = signature
|
|
207
|
+
self.selector = selector
|
|
208
|
+
self.selector_bytes = selector_bytes
|
|
209
|
+
|
|
210
|
+
@staticmethod
|
|
211
|
+
def from_dict(d: dict) -> "Function":
|
|
212
|
+
return Function(
|
|
213
|
+
d["id"],
|
|
214
|
+
d["description"],
|
|
215
|
+
d["declaration"],
|
|
216
|
+
Visibility(d["visibility"]),
|
|
217
|
+
Mutability(d["mutability"]),
|
|
218
|
+
d["signature"],
|
|
219
|
+
d["selector"],
|
|
220
|
+
bytes(d["selectorBytes"]),
|
|
221
|
+
)
|
|
222
|
+
|
|
223
|
+
|
|
224
|
+
class Cheatcode:
|
|
225
|
+
func: Function
|
|
226
|
+
group: str
|
|
227
|
+
status: str
|
|
228
|
+
safety: str
|
|
229
|
+
|
|
230
|
+
def __init__(self, func: Function, group: str, status: str, safety: str):
|
|
231
|
+
self.func = func
|
|
232
|
+
self.group = group
|
|
233
|
+
self.status = status
|
|
234
|
+
self.safety = safety
|
|
235
|
+
|
|
236
|
+
@staticmethod
|
|
237
|
+
def from_dict(d: dict) -> "Cheatcode":
|
|
238
|
+
return Cheatcode(
|
|
239
|
+
Function.from_dict(d["func"]),
|
|
240
|
+
str(d["group"]),
|
|
241
|
+
str(d["status"]),
|
|
242
|
+
str(d["safety"]),
|
|
243
|
+
)
|
|
244
|
+
|
|
245
|
+
|
|
246
|
+
class Error:
|
|
247
|
+
name: str
|
|
248
|
+
description: str
|
|
249
|
+
declaration: str
|
|
250
|
+
|
|
251
|
+
def __init__(self, name: str, description: str, declaration: str):
|
|
252
|
+
self.name = name
|
|
253
|
+
self.description = description
|
|
254
|
+
self.declaration = declaration
|
|
255
|
+
|
|
256
|
+
@staticmethod
|
|
257
|
+
def from_dict(d: dict) -> "Error":
|
|
258
|
+
return Error(**d)
|
|
259
|
+
|
|
260
|
+
|
|
261
|
+
class Event:
|
|
262
|
+
name: str
|
|
263
|
+
description: str
|
|
264
|
+
declaration: str
|
|
265
|
+
|
|
266
|
+
def __init__(self, name: str, description: str, declaration: str):
|
|
267
|
+
self.name = name
|
|
268
|
+
self.description = description
|
|
269
|
+
self.declaration = declaration
|
|
270
|
+
|
|
271
|
+
@staticmethod
|
|
272
|
+
def from_dict(d: dict) -> "Event":
|
|
273
|
+
return Event(**d)
|
|
274
|
+
|
|
275
|
+
|
|
276
|
+
class EnumVariant:
|
|
277
|
+
name: str
|
|
278
|
+
description: str
|
|
279
|
+
|
|
280
|
+
def __init__(self, name: str, description: str):
|
|
281
|
+
self.name = name
|
|
282
|
+
self.description = description
|
|
283
|
+
|
|
284
|
+
|
|
285
|
+
class Enum:
|
|
286
|
+
name: str
|
|
287
|
+
description: str
|
|
288
|
+
variants: list[EnumVariant]
|
|
289
|
+
|
|
290
|
+
def __init__(self, name: str, description: str, variants: list[EnumVariant]):
|
|
291
|
+
self.name = name
|
|
292
|
+
self.description = description
|
|
293
|
+
self.variants = variants
|
|
294
|
+
|
|
295
|
+
@staticmethod
|
|
296
|
+
def from_dict(d: dict) -> "Enum":
|
|
297
|
+
return Enum(
|
|
298
|
+
d["name"],
|
|
299
|
+
d["description"],
|
|
300
|
+
list(map(lambda v: EnumVariant(**v), d["variants"])),
|
|
301
|
+
)
|
|
302
|
+
|
|
303
|
+
|
|
304
|
+
class StructField:
|
|
305
|
+
name: str
|
|
306
|
+
ty: str
|
|
307
|
+
description: str
|
|
308
|
+
|
|
309
|
+
def __init__(self, name: str, ty: str, description: str):
|
|
310
|
+
self.name = name
|
|
311
|
+
self.ty = ty
|
|
312
|
+
self.description = description
|
|
313
|
+
|
|
314
|
+
|
|
315
|
+
class Struct:
|
|
316
|
+
name: str
|
|
317
|
+
description: str
|
|
318
|
+
fields: list[StructField]
|
|
319
|
+
|
|
320
|
+
def __init__(self, name: str, description: str, fields: list[StructField]):
|
|
321
|
+
self.name = name
|
|
322
|
+
self.description = description
|
|
323
|
+
self.fields = fields
|
|
324
|
+
|
|
325
|
+
@staticmethod
|
|
326
|
+
def from_dict(d: dict) -> "Struct":
|
|
327
|
+
return Struct(
|
|
328
|
+
d["name"],
|
|
329
|
+
d["description"],
|
|
330
|
+
list(map(lambda f: StructField(**f), d["fields"])),
|
|
331
|
+
)
|
|
332
|
+
|
|
333
|
+
|
|
334
|
+
class Cheatcodes:
|
|
335
|
+
errors: list[Error]
|
|
336
|
+
events: list[Event]
|
|
337
|
+
enums: list[Enum]
|
|
338
|
+
structs: list[Struct]
|
|
339
|
+
cheatcodes: list[Cheatcode]
|
|
340
|
+
|
|
341
|
+
def __init__(
|
|
342
|
+
self,
|
|
343
|
+
errors: list[Error],
|
|
344
|
+
events: list[Event],
|
|
345
|
+
enums: list[Enum],
|
|
346
|
+
structs: list[Struct],
|
|
347
|
+
cheatcodes: list[Cheatcode],
|
|
348
|
+
):
|
|
349
|
+
self.errors = errors
|
|
350
|
+
self.events = events
|
|
351
|
+
self.enums = enums
|
|
352
|
+
self.structs = structs
|
|
353
|
+
self.cheatcodes = cheatcodes
|
|
354
|
+
|
|
355
|
+
@staticmethod
|
|
356
|
+
def from_dict(d: dict) -> "Cheatcodes":
|
|
357
|
+
return Cheatcodes(
|
|
358
|
+
errors=[Error.from_dict(e) for e in d["errors"]],
|
|
359
|
+
events=[Event.from_dict(e) for e in d["events"]],
|
|
360
|
+
enums=[Enum.from_dict(e) for e in d["enums"]],
|
|
361
|
+
structs=[Struct.from_dict(e) for e in d["structs"]],
|
|
362
|
+
cheatcodes=[Cheatcode.from_dict(e) for e in d["cheatcodes"]],
|
|
363
|
+
)
|
|
364
|
+
|
|
365
|
+
@staticmethod
|
|
366
|
+
def from_json(s) -> "Cheatcodes":
|
|
367
|
+
return Cheatcodes.from_dict(json.loads(s))
|
|
368
|
+
|
|
369
|
+
@staticmethod
|
|
370
|
+
def from_json_file(file_path: str) -> "Cheatcodes":
|
|
371
|
+
with open(file_path, "r") as f:
|
|
372
|
+
return Cheatcodes.from_dict(json.load(f))
|
|
373
|
+
|
|
374
|
+
|
|
375
|
+
class Item(PyEnum):
|
|
376
|
+
ERROR: str = "error"
|
|
377
|
+
EVENT: str = "event"
|
|
378
|
+
ENUM: str = "enum"
|
|
379
|
+
STRUCT: str = "struct"
|
|
380
|
+
FUNCTION: str = "function"
|
|
381
|
+
|
|
382
|
+
|
|
383
|
+
class ItemOrder:
|
|
384
|
+
_list: list[Item]
|
|
385
|
+
|
|
386
|
+
def __init__(self, list: list[Item]) -> None:
|
|
387
|
+
assert len(list) <= len(Item), "list must not contain more items than Item"
|
|
388
|
+
assert len(list) == len(set(list)), "list must not contain duplicates"
|
|
389
|
+
self._list = list
|
|
390
|
+
pass
|
|
391
|
+
|
|
392
|
+
def get_list(self) -> list[Item]:
|
|
393
|
+
return self._list
|
|
394
|
+
|
|
395
|
+
@staticmethod
|
|
396
|
+
def default() -> "ItemOrder":
|
|
397
|
+
return ItemOrder(
|
|
398
|
+
[
|
|
399
|
+
Item.ERROR,
|
|
400
|
+
Item.EVENT,
|
|
401
|
+
Item.ENUM,
|
|
402
|
+
Item.STRUCT,
|
|
403
|
+
Item.FUNCTION,
|
|
404
|
+
]
|
|
405
|
+
)
|
|
406
|
+
|
|
407
|
+
|
|
408
|
+
class CheatcodesPrinter:
|
|
409
|
+
buffer: str
|
|
410
|
+
|
|
411
|
+
prelude: bool
|
|
412
|
+
spdx_identifier: str
|
|
413
|
+
solidity_requirement: str
|
|
414
|
+
|
|
415
|
+
block_doc_style: bool
|
|
416
|
+
|
|
417
|
+
indent_level: int
|
|
418
|
+
_indent_str: str
|
|
419
|
+
|
|
420
|
+
nl_str: str
|
|
421
|
+
|
|
422
|
+
items_order: ItemOrder
|
|
423
|
+
|
|
424
|
+
def __init__(
|
|
425
|
+
self,
|
|
426
|
+
buffer: str = "",
|
|
427
|
+
prelude: bool = True,
|
|
428
|
+
spdx_identifier: str = "UNLICENSED",
|
|
429
|
+
solidity_requirement: str = "",
|
|
430
|
+
block_doc_style: bool = False,
|
|
431
|
+
indent_level: int = 0,
|
|
432
|
+
indent_with: int | str = 4,
|
|
433
|
+
nl_str: str = "\n",
|
|
434
|
+
items_order: ItemOrder = ItemOrder.default(),
|
|
435
|
+
):
|
|
436
|
+
self.prelude = prelude
|
|
437
|
+
self.spdx_identifier = spdx_identifier
|
|
438
|
+
self.solidity_requirement = solidity_requirement
|
|
439
|
+
self.block_doc_style = block_doc_style
|
|
440
|
+
self.buffer = buffer
|
|
441
|
+
self.indent_level = indent_level
|
|
442
|
+
self.nl_str = nl_str
|
|
443
|
+
|
|
444
|
+
if isinstance(indent_with, int):
|
|
445
|
+
assert indent_with >= 0
|
|
446
|
+
self._indent_str = " " * indent_with
|
|
447
|
+
elif isinstance(indent_with, str):
|
|
448
|
+
self._indent_str = indent_with
|
|
449
|
+
else:
|
|
450
|
+
assert False, "indent_with must be int or str"
|
|
451
|
+
|
|
452
|
+
self.items_order = items_order
|
|
453
|
+
|
|
454
|
+
def finish(self) -> str:
|
|
455
|
+
ret = self.buffer.rstrip()
|
|
456
|
+
self.buffer = ""
|
|
457
|
+
return ret
|
|
458
|
+
|
|
459
|
+
def p_contract(self, contract: Cheatcodes, name: str, inherits: str = ""):
|
|
460
|
+
if self.prelude:
|
|
461
|
+
self.p_prelude(contract)
|
|
462
|
+
|
|
463
|
+
self._p_str("interface ")
|
|
464
|
+
name = name.strip()
|
|
465
|
+
if name != "":
|
|
466
|
+
self._p_str(name)
|
|
467
|
+
self._p_str(" ")
|
|
468
|
+
if inherits != "":
|
|
469
|
+
self._p_str("is ")
|
|
470
|
+
self._p_str(inherits)
|
|
471
|
+
self._p_str(" ")
|
|
472
|
+
self._p_str("{")
|
|
473
|
+
self._p_nl()
|
|
474
|
+
self._with_indent(lambda: self._p_items(contract))
|
|
475
|
+
self._p_str("}")
|
|
476
|
+
self._p_nl()
|
|
477
|
+
|
|
478
|
+
def _p_items(self, contract: Cheatcodes):
|
|
479
|
+
for item in self.items_order.get_list():
|
|
480
|
+
if item == Item.ERROR:
|
|
481
|
+
self.p_errors(contract.errors)
|
|
482
|
+
elif item == Item.EVENT:
|
|
483
|
+
self.p_events(contract.events)
|
|
484
|
+
elif item == Item.ENUM:
|
|
485
|
+
self.p_enums(contract.enums)
|
|
486
|
+
elif item == Item.STRUCT:
|
|
487
|
+
self.p_structs(contract.structs)
|
|
488
|
+
elif item == Item.FUNCTION:
|
|
489
|
+
self.p_functions(contract.cheatcodes)
|
|
490
|
+
else:
|
|
491
|
+
assert False, f"unknown item {item}"
|
|
492
|
+
|
|
493
|
+
def p_prelude(self, contract: Cheatcodes | None = None):
|
|
494
|
+
self._p_str(f"// SPDX-License-Identifier: {self.spdx_identifier}")
|
|
495
|
+
self._p_nl()
|
|
496
|
+
|
|
497
|
+
if self.solidity_requirement != "":
|
|
498
|
+
req = self.solidity_requirement
|
|
499
|
+
else:
|
|
500
|
+
req = ">=0.8.13 <0.9.0"
|
|
501
|
+
self._p_str(f"pragma solidity {req};")
|
|
502
|
+
self._p_nl()
|
|
503
|
+
|
|
504
|
+
self._p_nl()
|
|
505
|
+
|
|
506
|
+
def p_errors(self, errors: list[Error]):
|
|
507
|
+
for error in errors:
|
|
508
|
+
self._p_line(lambda: self.p_error(error))
|
|
509
|
+
|
|
510
|
+
def p_error(self, error: Error):
|
|
511
|
+
self._p_comment(error.description, doc=True)
|
|
512
|
+
self._p_line(lambda: self._p_str(error.declaration))
|
|
513
|
+
|
|
514
|
+
def p_events(self, events: list[Event]):
|
|
515
|
+
for event in events:
|
|
516
|
+
self._p_line(lambda: self.p_event(event))
|
|
517
|
+
|
|
518
|
+
def p_event(self, event: Event):
|
|
519
|
+
self._p_comment(event.description, doc=True)
|
|
520
|
+
self._p_line(lambda: self._p_str(event.declaration))
|
|
521
|
+
|
|
522
|
+
def p_enums(self, enums: list[Enum]):
|
|
523
|
+
for enum in enums:
|
|
524
|
+
self._p_line(lambda: self.p_enum(enum))
|
|
525
|
+
|
|
526
|
+
def p_enum(self, enum: Enum):
|
|
527
|
+
self._p_comment(enum.description, doc=True)
|
|
528
|
+
self._p_line(lambda: self._p_str(f"enum {enum.name} {{"))
|
|
529
|
+
self._with_indent(lambda: self.p_enum_variants(enum.variants))
|
|
530
|
+
self._p_line(lambda: self._p_str("}"))
|
|
531
|
+
|
|
532
|
+
def p_enum_variants(self, variants: list[EnumVariant]):
|
|
533
|
+
for i, variant in enumerate(variants):
|
|
534
|
+
self._p_indent()
|
|
535
|
+
self._p_comment(variant.description)
|
|
536
|
+
|
|
537
|
+
self._p_indent()
|
|
538
|
+
self._p_str(variant.name)
|
|
539
|
+
if i < len(variants) - 1:
|
|
540
|
+
self._p_str(",")
|
|
541
|
+
self._p_nl()
|
|
542
|
+
|
|
543
|
+
def p_structs(self, structs: list[Struct]):
|
|
544
|
+
for struct in structs:
|
|
545
|
+
self._p_line(lambda: self.p_struct(struct))
|
|
546
|
+
|
|
547
|
+
def p_struct(self, struct: Struct):
|
|
548
|
+
self._p_comment(struct.description, doc=True)
|
|
549
|
+
self._p_line(lambda: self._p_str(f"struct {struct.name} {{"))
|
|
550
|
+
self._with_indent(lambda: self.p_struct_fields(struct.fields))
|
|
551
|
+
self._p_line(lambda: self._p_str("}"))
|
|
552
|
+
|
|
553
|
+
def p_struct_fields(self, fields: list[StructField]):
|
|
554
|
+
for field in fields:
|
|
555
|
+
self._p_line(lambda: self.p_struct_field(field))
|
|
556
|
+
|
|
557
|
+
def p_struct_field(self, field: StructField):
|
|
558
|
+
self._p_comment(field.description)
|
|
559
|
+
self._p_indented(lambda: self._p_str(f"{field.ty} {field.name};"))
|
|
560
|
+
|
|
561
|
+
def p_functions(self, cheatcodes: list[Cheatcode]):
|
|
562
|
+
for cheatcode in cheatcodes:
|
|
563
|
+
self._p_line(lambda: self.p_function(cheatcode.func))
|
|
564
|
+
|
|
565
|
+
def p_function(self, func: Function):
|
|
566
|
+
self._p_comment(func.description, doc=True)
|
|
567
|
+
self._p_line(lambda: self._p_str(func.declaration))
|
|
568
|
+
|
|
569
|
+
def _p_comment(self, s: str, doc: bool = False):
|
|
570
|
+
s = s.strip()
|
|
571
|
+
if s == "":
|
|
572
|
+
return
|
|
573
|
+
|
|
574
|
+
s = map(lambda line: line.lstrip(), s.split("\n"))
|
|
575
|
+
if self.block_doc_style:
|
|
576
|
+
self._p_str("/*")
|
|
577
|
+
if doc:
|
|
578
|
+
self._p_str("*")
|
|
579
|
+
self._p_nl()
|
|
580
|
+
for line in s:
|
|
581
|
+
self._p_indent()
|
|
582
|
+
self._p_str(" ")
|
|
583
|
+
if doc:
|
|
584
|
+
self._p_str("* ")
|
|
585
|
+
self._p_str(line)
|
|
586
|
+
self._p_nl()
|
|
587
|
+
self._p_indent()
|
|
588
|
+
self._p_str(" */")
|
|
589
|
+
self._p_nl()
|
|
590
|
+
else:
|
|
591
|
+
first_line = True
|
|
592
|
+
for line in s:
|
|
593
|
+
if not first_line:
|
|
594
|
+
self._p_indent()
|
|
595
|
+
first_line = False
|
|
596
|
+
|
|
597
|
+
if doc:
|
|
598
|
+
self._p_str("/// ")
|
|
599
|
+
else:
|
|
600
|
+
self._p_str("// ")
|
|
601
|
+
self._p_str(line)
|
|
602
|
+
self._p_nl()
|
|
603
|
+
|
|
604
|
+
def _with_indent(self, f: VoidFn):
|
|
605
|
+
self._inc_indent()
|
|
606
|
+
f()
|
|
607
|
+
self._dec_indent()
|
|
608
|
+
|
|
609
|
+
def _p_line(self, f: VoidFn):
|
|
610
|
+
self._p_indent()
|
|
611
|
+
f()
|
|
612
|
+
self._p_nl()
|
|
613
|
+
|
|
614
|
+
def _p_indented(self, f: VoidFn):
|
|
615
|
+
self._p_indent()
|
|
616
|
+
f()
|
|
617
|
+
|
|
618
|
+
def _p_indent(self):
|
|
619
|
+
for _ in range(self.indent_level):
|
|
620
|
+
self._p_str(self._indent_str)
|
|
621
|
+
|
|
622
|
+
def _p_nl(self):
|
|
623
|
+
self._p_str(self.nl_str)
|
|
624
|
+
|
|
625
|
+
def _p_str(self, txt: str):
|
|
626
|
+
self.buffer += txt
|
|
627
|
+
|
|
628
|
+
def _inc_indent(self):
|
|
629
|
+
self.indent_level += 1
|
|
630
|
+
|
|
631
|
+
def _dec_indent(self):
|
|
632
|
+
self.indent_level -= 1
|
|
633
|
+
|
|
634
|
+
|
|
635
|
+
if __name__ == "__main__":
|
|
636
|
+
main()
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
CRITICAL ANALYSIS - SWAP FUNCTION
|
|
2
|
+
==================================
|
|
3
|
+
|
|
4
|
+
Looking at the swap() function decompiled logic:
|
|
5
|
+
|
|
6
|
+
```solidity
|
|
7
|
+
function swap(uint8 tokenType) external withinSwapWindow nonReentrant {
|
|
8
|
+
// ... token selection logic ...
|
|
9
|
+
|
|
10
|
+
uint256 userBalance = IERC20(tokenAddress).balanceOf(msg.sender);
|
|
11
|
+
require(userBalance > 0, errorMsg);
|
|
12
|
+
|
|
13
|
+
// CRITICAL: Only checks NetX balance on BSC chains
|
|
14
|
+
if (block.chainid == 56 || block.chainid == 97) {
|
|
15
|
+
uint256 contractNetxBalance = IERC20(netxToken).balanceOf(address(this));
|
|
16
|
+
require(contractNetxBalance >= userBalance, "Insufficient NetX balance");
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
uint256 balanceBefore = IERC20(tokenAddress).balanceOf(address(this));
|
|
20
|
+
IERC20(tokenAddress).transferFrom(msg.sender, address(this), userBalance);
|
|
21
|
+
uint256 balanceAfter = IERC20(tokenAddress).balanceOf(address(this));
|
|
22
|
+
|
|
23
|
+
require(balanceAfter - balanceBefore == userBalance, "Transfer failed");
|
|
24
|
+
|
|
25
|
+
// CRITICAL: Only transfers NetX on BSC chains
|
|
26
|
+
if (block.chainid == 56 || block.chainid == 97) {
|
|
27
|
+
IERC20(netxToken).transfer(msg.sender, userBalance);
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
WAIT! I see the issue now!
|
|
33
|
+
|
|
34
|
+
The function:
|
|
35
|
+
1. Takes old tokens from user
|
|
36
|
+
2. Only gives NetX back if on BSC (chainid 56/97)
|
|
37
|
+
|
|
38
|
+
But this contract IS on BSC (chainid 56), so this logic is fine.
|
|
39
|
+
|
|
40
|
+
HOWEVER - Let me check if there's a fee-on-transfer token issue...
|
|
41
|
+
|
|
42
|
+
If any of the old tokens (token1, token2, token3, oldNetx) are fee-on-transfer tokens:
|
|
43
|
+
- User has 100 tokens
|
|
44
|
+
- transferFrom takes 100 from user
|
|
45
|
+
- Contract receives 90 (10% fee)
|
|
46
|
+
- balanceAfter - balanceBefore = 90
|
|
47
|
+
- require(90 == 100) FAILS!
|
|
48
|
+
|
|
49
|
+
So fee-on-transfer tokens would BLOCK the swap, not enable an exploit.
|
|
50
|
+
|
|
51
|
+
Let me look for other issues...
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import re
|
|
2
|
+
import html
|
|
3
|
+
|
|
4
|
+
with open('POSI_Staking_Full.sol', 'r') as f:
|
|
5
|
+
content = f.read()
|
|
6
|
+
|
|
7
|
+
# Find all <pre> tags with contract code
|
|
8
|
+
matches = re.findall(r"<pre class='js-sourcecopyarea editor'[^>]*>(.*?)</pre>", content, re.DOTALL)
|
|
9
|
+
|
|
10
|
+
if matches:
|
|
11
|
+
# Decode HTML entities
|
|
12
|
+
code = html.unescape(matches[0])
|
|
13
|
+
# Remove any remaining HTML tags
|
|
14
|
+
code = re.sub(r'<[^>]+>', '', code)
|
|
15
|
+
|
|
16
|
+
with open('POSI_Staking_Clean.sol', 'w') as f:
|
|
17
|
+
f.write(code)
|
|
18
|
+
|
|
19
|
+
print(f"Extracted {len(code)} characters")
|
|
20
|
+
else:
|
|
21
|
+
print("No contract code found")
|