uups-checker 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (670) hide show
  1. package/.gitmodules +6 -0
  2. package/AIFI_AUDIT.md +220 -0
  3. package/ALL_AUDITS_SUMMARY.md +366 -0
  4. package/ALPHA_PROXY_CRITICAL_FINDING.md +136 -0
  5. package/ALPHA_PROXY_FINAL_ANALYSIS.md +213 -0
  6. package/ALPHA_PROXY_FINAL_VERDICT.md +233 -0
  7. package/ALPHA_PROXY_SELFDESTRUCT_EXPLOIT.md +161 -0
  8. package/ARIA-foundry-test.txt +9 -0
  9. package/ARIA-mythril-analysis.txt +20 -0
  10. package/ARIA-slither-analysis.txt +38 -0
  11. package/ARIA_AI_SECURITY_AUDIT.md +290 -0
  12. package/ARIA_VERIFIED_AUDIT.md +259 -0
  13. package/ARIA_VERIFIED_slither.txt +76 -0
  14. package/ARIVA_source.txt +1 -0
  15. package/ARK_AUDIT.md +349 -0
  16. package/BANANA_AUDIT.md +365 -0
  17. package/BAS_AUDIT.md +451 -0
  18. package/BAS_TOKEN_AUDIT.md +235 -0
  19. package/BCE_EXPLOIT_ANALYSIS.md +165 -0
  20. package/BEEFY_BNB_CHAIN_ANALYSIS.md +488 -0
  21. package/BEEFY_MONAD_ANALYSIS.md +239 -0
  22. package/BEEFY_STAKING_ANALYSIS.md +136 -0
  23. package/BEEFY_XVS_WBNB_ACTUAL_FINDINGS.md +223 -0
  24. package/BEEFY_XVS_WBNB_CRITICAL_FINDINGS.md +269 -0
  25. package/BLOCKSEC_ATTACK_KNOWLEDGE_BASE.md +771 -0
  26. package/BRISE_ANALYSIS.txt +31 -0
  27. package/BRISE_BSC_DAPPS.txt +68 -0
  28. package/BRISE_EXPLOITS_FOUND.md +98 -0
  29. package/BRISE_REAL_EXPLOITS.md +115 -0
  30. package/BRISE_WHITEHAT_REPORT.md +162 -0
  31. package/BRISEstake_Analysis.txt +95 -0
  32. package/BSCSLOCKTOKEN_CRITICAL_FINDING.md +240 -0
  33. package/BSW_BISWAP_SECURITY_AUDIT.md +330 -0
  34. package/BTCST_FINAL_VERDICT.md +319 -0
  35. package/BTCST_MINING_REBASE_ANALYSIS.md +229 -0
  36. package/BTCST_ROUNDING_DEEP_DIVE.md +293 -0
  37. package/BTCST_ROUNDING_FINAL_VERDICT.md +9 -0
  38. package/BTCST_SECURITY_ANALYSIS.md +391 -0
  39. package/BTR_AUDIT.md +210 -0
  40. package/BeamBridge-analysis.md +226 -0
  41. package/BeamToken-analysis.md +201 -0
  42. package/BitgertSwap_Investigation.txt +107 -0
  43. package/CEEK_STAKING_ANALYSIS.md +0 -0
  44. package/CHAINBASE_AUDIT.md +422 -0
  45. package/COMPLETE_AUDIT_SUMMARY.md +342 -0
  46. package/CORRECTED_ANALYSIS.txt +115 -0
  47. package/DBXEN_COMPARISON_SUMMARY.md +232 -0
  48. package/DBXEN_EXPLOIT_ANALYSIS.md +530 -0
  49. package/DOPFairLaunch_raw.json +29 -0
  50. package/DOPFairLaunch_source.txt +0 -0
  51. package/DOP_BRIDGE_FINAL_ANALYSIS.txt +86 -0
  52. package/DOP_BUSD_LP_ANALYSIS.txt +44 -0
  53. package/DOP_FAIRLAUNCH_ANALYSIS.txt +61 -0
  54. package/DOP_FAIRLAUNCH_FINAL_VERDICT.txt +113 -0
  55. package/DOP_STAKING_CONTRACT_ANALYSIS.txt +67 -0
  56. package/DSYNC_ECOSYSTEM_ANALYSIS.md +221 -0
  57. package/DSyncStaking-exploit-analysis.md +153 -0
  58. package/DSyncVault-analysis.md +120 -0
  59. package/DUSD_PROXY_AUDIT.md +407 -0
  60. package/DXSALE_LOCK_AUDIT.md +0 -0
  61. package/DXSaleLock_bytecode.txt +1 -0
  62. package/ECHIDNA_QUICK_START.md +101 -0
  63. package/ELEPHANT_ECOSYSTEM_AUDIT_PLAN.md +159 -0
  64. package/ELEPHANT_ECOSYSTEM_COMPREHENSIVE_AUDIT.md +427 -0
  65. package/ELEPHANT_SECURITY_ANALYSIS.md +209 -0
  66. package/ELEPHANT_VULNERABILITIES_EXPLAINED.md +455 -0
  67. package/EXPLOIT_FIX.md +300 -0
  68. package/EXPLOIT_INSTRUCTIONS.md +273 -0
  69. package/EXPLOIT_SUMMARY.md +285 -0
  70. package/EXPLOIT_SUMMARY.txt +175 -0
  71. package/FALCON_FINANCE_AUDIT.md +258 -0
  72. package/FANDOM_AUDIT.md +359 -0
  73. package/FEE_ON_TRANSFER_ANALYSIS.md +228 -0
  74. package/FINAL_AUDIT_REPORT.md +0 -0
  75. package/FOLIO_PROXY_AUDIT.md +299 -0
  76. package/FOT_EXPLOIT_RESULTS.txt +110 -0
  77. package/FOT_TOKENS_AUDITED.md +103 -0
  78. package/HEGIC-mythril-analysis.txt +39 -0
  79. package/HEGIC_COMPLETE_ANALYSIS.md +343 -0
  80. package/HOTCROSS_SWAP_EXPLOIT_ANALYSIS.md +123 -0
  81. package/ICECREAMSWAP_EXPLOITS.md +259 -0
  82. package/IMMUNEFI_REPORT.md +314 -0
  83. package/KCCPAD_EXPLOIT_GUIDE.md +285 -0
  84. package/KEL_CEL_EXPLOIT_ANALYSIS.md +0 -0
  85. package/KOGE_AUDIT.md +328 -0
  86. package/LENDFLARE_ANALYSIS.md +239 -0
  87. package/LENDFLARE_ECHIDNA_GUIDE.md +356 -0
  88. package/LENDFLARE_EXPLOIT_INSTRUCTIONS.md +297 -0
  89. package/LENDFLARE_EXPLOIT_SUMMARY.md +292 -0
  90. package/LENDFLARE_FLASHLOAN_GUIDE.md +383 -0
  91. package/LENDFLARE_FUZZING_RESULTS.md +252 -0
  92. package/LENDFLARE_HONEYPOT_BYPASS_ANALYSIS.md +420 -0
  93. package/LENDFLARE_MANUAL_FUZZING.md +324 -0
  94. package/LENDFLARE_MYTHRIL_ANALYSIS.md +339 -0
  95. package/LENDFLARE_V3_BYPASS.md +296 -0
  96. package/LFTDECOMPILE.txt +14478 -0
  97. package/LFT_ACCOUNTING_ANALYSIS.md +0 -0
  98. package/LFT_ACCOUNTING_BUG_ANALYSIS.md +426 -0
  99. package/LFT_BACKDOOR_DEEP_DIVE.md +0 -0
  100. package/LFT_CRITICAL_EXPLOIT_CONFIRMED.md +428 -0
  101. package/LFT_EXPLOIT_VISUAL.md +253 -0
  102. package/LFT_QUICK_SUMMARY.md +124 -0
  103. package/LFT_REVERSE_EXPLOIT_ANALYSIS.md +521 -0
  104. package/MGO_AUDIT_REPORT.md +420 -0
  105. package/MYTHRIL_FINAL_REPORT.md +306 -0
  106. package/MYTHRIL_SLITHER_SUMMARY.md +244 -0
  107. package/NETX_MIGRATION_AUDIT.md +0 -0
  108. package/NPM_PUBLISH_GUIDE.md +0 -0
  109. package/NRV_CRITICAL_EXPLOIT.txt +143 -0
  110. package/NetX_Analysis.txt +76 -0
  111. package/NetX_Migration_bytecode.txt +1 -0
  112. package/NetX_Migration_source.txt +0 -0
  113. package/NetX_Token_source.txt +0 -0
  114. package/NetxWhitehatRescue +22 -0
  115. package/OILER_ATTACK_VISUAL.md +351 -0
  116. package/OILER_BLOCKSEC_TEST_RESULTS.md +421 -0
  117. package/OILER_DEEP_ANALYSIS.md +212 -0
  118. package/OILER_FINAL_EXPLOIT_REPORT.md +241 -0
  119. package/OILER_FINAL_VERDICT.md +339 -0
  120. package/OILER_REENTRANCY_EXPLAINED.md +638 -0
  121. package/OILER_REENTRANCY_FINAL_SUMMARY.md +391 -0
  122. package/OILER_REENTRANCY_REALITY_CHECK.md +393 -0
  123. package/OILER_REENTRANCY_STEP_BY_STEP.md +597 -0
  124. package/OILER_STAKING_MAINNET_ANALYSIS.md +366 -0
  125. package/OILER_STAKING_SECURITY_ANALYSIS.md +409 -0
  126. package/PANCAKESWAP_UNDERFLOW_HUNTING.md +317 -0
  127. package/POLS_MULTICHAIN_AUDIT.md +0 -0
  128. package/POSI_STAKING_AUDIT.md +0 -0
  129. package/PROXY2_SECURITY_ANALYSIS.md +0 -0
  130. package/Proxy2TACS +29748 -0
  131. package/QUICK_START.md +240 -0
  132. package/RAMP_SECURITY_ANALYSIS.md +0 -0
  133. package/README.md +238 -0
  134. package/REAUDIT_MASTER_LIST.txt +15 -0
  135. package/RING_analysis.txt +212 -0
  136. package/RPC +4 -0
  137. package/RULES.txt +20 -0
  138. package/SIREN_AUDIT.md +186 -0
  139. package/SYNC_EXPLOIT_README.md +0 -0
  140. package/SYNC_TOKEN_EXPLOIT_REPORT.md +224 -0
  141. package/TLM_raw.html +0 -0
  142. package/TLM_raw.txt +0 -0
  143. package/TLM_response.json +1 -0
  144. package/TRADOOR_AUDIT.md +253 -0
  145. package/TRUNK_AUDIT.md +285 -0
  146. package/UNIBASE_AUDIT.md +241 -0
  147. package/UNLOCK_ANALYSIS.md +0 -0
  148. package/UNLOCK_EXPLOIT.md +49 -0
  149. package/UNLOCK_EXPLOIT_ANALYSIS.md +0 -0
  150. package/UPS +232 -0
  151. package/UUPSCHECKER +208 -0
  152. package/VAULT_PROXY_AUDIT.md +457 -0
  153. package/VAULT_PROXY_FINAL_VERDICT.md +0 -0
  154. package/VERIFIED_EXPLOITS_FINAL.txt +146 -0
  155. package/WKEYDAO2_AUDIT.md +245 -0
  156. package/WSG_AUDIT.md +0 -0
  157. package/XFI_DEEP_ANALYSIS.md +327 -0
  158. package/YOOSHI_EXPLOIT_GUIDE.md +119 -0
  159. package/YSDAO_EXPLOIT_GUIDE.md +0 -0
  160. package/agent-4-bundle.md +22490 -0
  161. package/alpha-proxy-echidna.txt +1 -0
  162. package/alpha-proxy-fuzz-results.txt +81 -0
  163. package/alpha-proxy-mythril.txt +2 -0
  164. package/analyze-btcst-farm.js +54 -0
  165. package/analyze-dxsale-lock.js +75 -0
  166. package/analyze-elephant.js +69 -0
  167. package/analyze-fara-rewards.js +109 -0
  168. package/analyze-fara-storage.js +83 -0
  169. package/analyze-lft-transaction.js +158 -0
  170. package/analyze-lock-bytecode.js +59 -0
  171. package/analyze-shegic.js +0 -0
  172. package/analyze-staking-abi.js +0 -0
  173. package/analyze-sxp.js +57 -0
  174. package/analyze-tlm.js +76 -0
  175. package/analyze-trumpet.js +98 -0
  176. package/analyze-unlimited-nft.js +108 -0
  177. package/analyze_elephant.sh +27 -0
  178. package/analyze_vault.sh +32 -0
  179. package/aria-bytecode.txt +1 -0
  180. package/aria_response.json +1 -0
  181. package/ark_temp/README.md +66 -0
  182. package/ark_temp/lib/forge-std/.gitattributes +1 -0
  183. package/ark_temp/lib/forge-std/.github/CODEOWNERS +1 -0
  184. package/ark_temp/lib/forge-std/.github/dependabot.yml +6 -0
  185. package/ark_temp/lib/forge-std/.github/workflows/ci.yml +125 -0
  186. package/ark_temp/lib/forge-std/.github/workflows/sync.yml +36 -0
  187. package/ark_temp/lib/forge-std/CONTRIBUTING.md +193 -0
  188. package/ark_temp/lib/forge-std/LICENSE-APACHE +203 -0
  189. package/ark_temp/lib/forge-std/LICENSE-MIT +25 -0
  190. package/ark_temp/lib/forge-std/README.md +314 -0
  191. package/ark_temp/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  192. package/ark_temp/lib/forge-std/package.json +16 -0
  193. package/ark_temp/lib/forge-std/scripts/vm.py +636 -0
  194. package/audits/AiFi-security-audit-20260326.md +499 -0
  195. package/audits/BasedAI-Brains-security-audit-20260324.md +651 -0
  196. package/audits/BinanceAlphaWallet-pashov-ai-audit-report-20260324-170000.md +362 -0
  197. package/audits/DGToken-security-audit-20260324.md +376 -0
  198. package/audits/DSyncStaking-audit-part1.md +161 -0
  199. package/audits/DSyncStaking-security-audit-20260324.md +547 -0
  200. package/audits/DecompiledERC20-security-audit-20260325.md +397 -0
  201. package/audits/DegenVC-security-audit-20260324.md +585 -0
  202. package/audits/DelreyInu-security-audit-20260324.md +463 -0
  203. package/audits/DestraNetwork-security-audit-20260324.md +705 -0
  204. package/audits/DomiToken-security-audit-20260324.md +514 -0
  205. package/audits/LendFlareToken-security-audit-20260325.md +197 -0
  206. package/audits/LockReleaseTokenPool-security-audit-20260324.md +482 -0
  207. package/audits/MOG-pashov-ai-audit-report-20260324-164900.md +229 -0
  208. package/audits/PAALAI-security-audit-20260324.md +475 -0
  209. package/audits/PAR-security-audit-20260325.md +311 -0
  210. package/audits/PepeCoinStaking-security-audit-20260324.md +358 -0
  211. package/audits/StakingPool-security-audit-20260324.md +517 -0
  212. package/audits/SyncToken-security-audit-20260324.md +778 -0
  213. package/audits/UndeadToken-decompiled-security-audit-20260324.md +485 -0
  214. package/audits/UnknownToken-decompiled-security-audit-20260324.md +647 -0
  215. package/audits/XFIStaking-security-audit-20260324.md +682 -0
  216. package/audits/Xfinance-security-audit-20260324.md +463 -0
  217. package/audits/basedAIFarm-security-audit-20260324.md +330 -0
  218. package/audits/pepeCoin-security-audit-20260324.md +462 -0
  219. package/bin/ups +232 -0
  220. package/binance-wallet-exploit/.env.example +2 -0
  221. package/binance-wallet-exploit/EXECUTIVE_SUMMARY.md +272 -0
  222. package/binance-wallet-exploit/EXPLOIT_SUMMARY.md +104 -0
  223. package/binance-wallet-exploit/FINAL_ANALYSIS.md +326 -0
  224. package/binance-wallet-exploit/FLASHLOAN_ATTACK.md +292 -0
  225. package/binance-wallet-exploit/HONEYPOT_REPORT.md +526 -0
  226. package/binance-wallet-exploit/INVESTIGATION_COMPLETE.md +362 -0
  227. package/binance-wallet-exploit/LENDFLARE_EXPLOIT.md +219 -0
  228. package/binance-wallet-exploit/LENDFLARE_FINAL_ATTACK.md +307 -0
  229. package/binance-wallet-exploit/LENDFLARE_REAL_EXPLOIT.md +286 -0
  230. package/binance-wallet-exploit/LENDFLARE_RUGPULL.md +269 -0
  231. package/binance-wallet-exploit/LFT_ANALYSIS.md +206 -0
  232. package/binance-wallet-exploit/QUICK_START.md +75 -0
  233. package/binance-wallet-exploit/README.md +195 -0
  234. package/binance-wallet-exploit/REAL_TX_EXPLOIT_ANALYSIS.md +271 -0
  235. package/binance-wallet-exploit/REMIX_INSTRUCTIONS.md +223 -0
  236. package/binance-wallet-exploit/TEST_RESULTS.md +203 -0
  237. package/binance-wallet-exploit/cache/solidity-files-cache.json +1 -0
  238. package/binance-wallet-exploit/cache/test-failures +1 -0
  239. package/binance-wallet-exploit/lib/forge-std/.gitattributes +1 -0
  240. package/binance-wallet-exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  241. package/binance-wallet-exploit/lib/forge-std/.github/dependabot.yml +6 -0
  242. package/binance-wallet-exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  243. package/binance-wallet-exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  244. package/binance-wallet-exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  245. package/binance-wallet-exploit/lib/forge-std/LICENSE-APACHE +203 -0
  246. package/binance-wallet-exploit/lib/forge-std/LICENSE-MIT +25 -0
  247. package/binance-wallet-exploit/lib/forge-std/README.md +314 -0
  248. package/binance-wallet-exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  249. package/binance-wallet-exploit/lib/forge-std/package.json +16 -0
  250. package/binance-wallet-exploit/lib/forge-std/scripts/vm.py +636 -0
  251. package/binance-wallet-exploit/out/build-info/1e9aa7e86cf56962.json +1 -0
  252. package/binance-wallet-exploit/out/build-info/6f56f10e9d7b56eb.json +1 -0
  253. package/binance-wallet-exploit/out/build-info/7edba961ff697a24.json +1 -0
  254. package/binance-wallet-exploit/out/build-info/8c27fe3efea2f2e7.json +1 -0
  255. package/binance-wallet-exploit/out/build-info/978b680daffec63a.json +1 -0
  256. package/binance-wallet-exploit/out/build-info/9806b900b5672d0c.json +1 -0
  257. package/binance-wallet-exploit/out/build-info/b4b9ff36e9b3fc27.json +1 -0
  258. package/binance-wallet-exploit/out/build-info/b6f4df9ae05c0812.json +1 -0
  259. package/binance-wallet-exploit/out/build-info/c88dbc86551f7b5c.json +1 -0
  260. package/binance-wallet-exploit/out/build-info/e9657504010623db.json +1 -0
  261. package/cache/fuzz/failures/ARIAVerifiedFuzzTest/testFuzz_ApprovalRaceCondition +1 -0
  262. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_DirectTransferExploit +1 -0
  263. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_LargeSwapDrain +1 -0
  264. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_ApprovalExploit +1 -0
  265. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_BalanceManipulation +1 -0
  266. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_RateManipulation +1 -0
  267. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_StorageManipulation +1 -0
  268. package/cache/fuzz/failures/PARFuzzTest/testFuzz_OverflowTransfer +1 -0
  269. package/cache/fuzz/failures/PARFuzzTest/testFuzz_Transfer +1 -0
  270. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_FrontrunAddfunds +1 -0
  271. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RewardOverflow +1 -0
  272. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RoundingExploit +1 -0
  273. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_WithdrawLimit +1 -0
  274. package/cache/solidity-files-cache.json +1 -0
  275. package/cache/test-failures +1 -0
  276. package/calculate-elephant-flashloan.js +195 -0
  277. package/check-address-approval.js +112 -0
  278. package/check-alpha-proxy.js +42 -0
  279. package/check-arbitrage.js +155 -0
  280. package/check-aria-token.js +47 -0
  281. package/check-ark.sh +20 -0
  282. package/check-btcst-mining.js +75 -0
  283. package/check-btcst-pools.js +163 -0
  284. package/check-btcst.js +88 -0
  285. package/check-caller.js +26 -0
  286. package/check-ceek-lp.js +73 -0
  287. package/check-ceek.js +47 -0
  288. package/check-dxsale-address.js +35 -0
  289. package/check-fara-exploit-timing.js +56 -0
  290. package/check-fara-real-exploit.js +73 -0
  291. package/check-flashloan-limits.js +129 -0
  292. package/check-kel-cel-pool.js +91 -0
  293. package/check-lax-staking.js +41 -0
  294. package/check-lendflare.js +165 -0
  295. package/check-lft-accounting.js +109 -0
  296. package/check-lft-roles.js +165 -0
  297. package/check-lock-time.js +47 -0
  298. package/check-min-stake.js +73 -0
  299. package/check-mystery-contract.js +52 -0
  300. package/check-next-token.js +50 -0
  301. package/check-nora-lock.js +67 -0
  302. package/check-oiler-approvals.js +116 -0
  303. package/check-oiler-proxy.js +73 -0
  304. package/check-oiler-staking.js +117 -0
  305. package/check-proxy-simple.js +71 -0
  306. package/check-recent-stakes.js +54 -0
  307. package/check-shegic-holdings.js +67 -0
  308. package/check-snowcrash-ecosystem.js +83 -0
  309. package/check-sync-lp.js +97 -0
  310. package/check-sync-stake.js +42 -0
  311. package/check-tlm.js +37 -0
  312. package/check-token-pools.js +146 -0
  313. package/check-trunk-depeg.js +181 -0
  314. package/check-tusd-decimals.js +58 -0
  315. package/check-user-storage-deep.js +81 -0
  316. package/check-welephant-pools.js +130 -0
  317. package/check-xfi-pool.js +75 -0
  318. package/check-zypher.js +32 -0
  319. package/check_proxy.sh +36 -0
  320. package/compare-tlm-chains.js +90 -0
  321. package/contract_0x05f2.html +6025 -0
  322. package/contract_0x3720.html +6361 -0
  323. package/contract_0x928e.html +5606 -0
  324. package/contract_0xc42d.html +5304 -0
  325. package/contract_page.html +5789 -0
  326. package/decode-stake-tx.js +50 -0
  327. package/deep-analyze-lock.js +82 -0
  328. package/dune_uups_proxy_query.sql +42 -0
  329. package/dune_uups_vulnerable_query.sql +0 -0
  330. package/echidna/alpha-proxy.yaml +14 -0
  331. package/echidna/elephant.yaml +7 -0
  332. package/echidna/lendflare.yaml +42 -0
  333. package/echidna.config.yaml +12 -0
  334. package/elephant_raw.json +1 -0
  335. package/eps_raw.json +1 -0
  336. package/exploit/.github/workflows/test.yml +38 -0
  337. package/exploit/.gitmodules +3 -0
  338. package/exploit/README.md +66 -0
  339. package/exploit/foundry.lock +8 -0
  340. package/exploit/lib/forge-std/.gitattributes +1 -0
  341. package/exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  342. package/exploit/lib/forge-std/.github/dependabot.yml +6 -0
  343. package/exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  344. package/exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  345. package/exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  346. package/exploit/lib/forge-std/LICENSE-APACHE +203 -0
  347. package/exploit/lib/forge-std/LICENSE-MIT +25 -0
  348. package/exploit/lib/forge-std/README.md +314 -0
  349. package/exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  350. package/exploit/lib/forge-std/package.json +16 -0
  351. package/exploit/lib/forge-std/scripts/vm.py +636 -0
  352. package/exploit_analysis.txt +51 -0
  353. package/extract_contract.py +21 -0
  354. package/extract_elephant_contracts.py +24 -0
  355. package/fara-staking-bytecode.txt +1 -0
  356. package/fara-staking-raw.txt +1 -0
  357. package/fetch-aria.js +46 -0
  358. package/fetch-contract.js +50 -0
  359. package/fetch-shegic-source.js +86 -0
  360. package/fetch-snowcrash.js +44 -0
  361. package/fetch-staking-source.js +53 -0
  362. package/fetch-tlm.js +60 -0
  363. package/fetch_elephant_source.py +32 -0
  364. package/find-ceek-staking.js +21 -0
  365. package/find-exploit-tx.js +88 -0
  366. package/find-oiler-holders.js +100 -0
  367. package/find-tlm-holder.js +36 -0
  368. package/find-vulnerable-fund.js +94 -0
  369. package/foundry.lock +8 -0
  370. package/fuzz-all.sh +53 -0
  371. package/get-aria-contract.py +40 -0
  372. package/get-lft-holders.js +89 -0
  373. package/get-tlm-source.sh +8 -0
  374. package/harvest_txs.json +1 -0
  375. package/lft-bytecode-raw.txt +1 -0
  376. package/lft-bytecode.json +1 -0
  377. package/lft-impl.bin +1 -0
  378. package/lft-implementation-bytecode.txt +1 -0
  379. package/lib/forge-std/.gitattributes +1 -0
  380. package/lib/forge-std/.github/CODEOWNERS +1 -0
  381. package/lib/forge-std/.github/dependabot.yml +6 -0
  382. package/lib/forge-std/.github/workflows/ci.yml +125 -0
  383. package/lib/forge-std/.github/workflows/sync.yml +36 -0
  384. package/lib/forge-std/CONTRIBUTING.md +193 -0
  385. package/lib/forge-std/LICENSE-APACHE +203 -0
  386. package/lib/forge-std/LICENSE-MIT +25 -0
  387. package/lib/forge-std/README.md +314 -0
  388. package/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  389. package/lib/forge-std/package.json +16 -0
  390. package/lib/forge-std/scripts/vm.py +636 -0
  391. package/lib/openzeppelin-contracts/.changeset/config.json +12 -0
  392. package/lib/openzeppelin-contracts/.codecov.yml +12 -0
  393. package/lib/openzeppelin-contracts/.editorconfig +21 -0
  394. package/lib/openzeppelin-contracts/.eslintrc +20 -0
  395. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
  396. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/config.yml +4 -0
  397. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/feature_request.md +14 -0
  398. package/lib/openzeppelin-contracts/.github/PULL_REQUEST_TEMPLATE.md +20 -0
  399. package/lib/openzeppelin-contracts/.github/actions/gas-compare/action.yml +49 -0
  400. package/lib/openzeppelin-contracts/.github/actions/setup/action.yml +21 -0
  401. package/lib/openzeppelin-contracts/.github/actions/storage-layout/action.yml +55 -0
  402. package/lib/openzeppelin-contracts/.github/workflows/actionlint.yml +18 -0
  403. package/lib/openzeppelin-contracts/.github/workflows/changeset.yml +28 -0
  404. package/lib/openzeppelin-contracts/.github/workflows/checks.yml +118 -0
  405. package/lib/openzeppelin-contracts/.github/workflows/docs.yml +19 -0
  406. package/lib/openzeppelin-contracts/.github/workflows/formal-verification.yml +68 -0
  407. package/lib/openzeppelin-contracts/.github/workflows/release-cycle.yml +214 -0
  408. package/lib/openzeppelin-contracts/.github/workflows/upgradeable.yml +34 -0
  409. package/lib/openzeppelin-contracts/.gitmodules +7 -0
  410. package/lib/openzeppelin-contracts/.mocharc.js +4 -0
  411. package/lib/openzeppelin-contracts/.prettierrc +15 -0
  412. package/lib/openzeppelin-contracts/.solcover.js +13 -0
  413. package/lib/openzeppelin-contracts/CHANGELOG.md +972 -0
  414. package/lib/openzeppelin-contracts/CODE_OF_CONDUCT.md +73 -0
  415. package/lib/openzeppelin-contracts/CONTRIBUTING.md +36 -0
  416. package/lib/openzeppelin-contracts/GUIDELINES.md +148 -0
  417. package/lib/openzeppelin-contracts/LICENSE +22 -0
  418. package/lib/openzeppelin-contracts/README.md +107 -0
  419. package/lib/openzeppelin-contracts/RELEASING.md +45 -0
  420. package/lib/openzeppelin-contracts/SECURITY.md +42 -0
  421. package/lib/openzeppelin-contracts/audits/2017-03.md +292 -0
  422. package/lib/openzeppelin-contracts/audits/2018-10.pdf +0 -0
  423. package/lib/openzeppelin-contracts/audits/2022-10-Checkpoints.pdf +0 -0
  424. package/lib/openzeppelin-contracts/audits/2022-10-ERC4626.pdf +0 -0
  425. package/lib/openzeppelin-contracts/audits/2023-05-v4.9.pdf +0 -0
  426. package/lib/openzeppelin-contracts/audits/2023-10-v5.0.pdf +0 -0
  427. package/lib/openzeppelin-contracts/audits/README.md +17 -0
  428. package/lib/openzeppelin-contracts/certora/Makefile +54 -0
  429. package/lib/openzeppelin-contracts/certora/README.md +60 -0
  430. package/lib/openzeppelin-contracts/certora/diff/access_manager_AccessManager.sol.patch +97 -0
  431. package/lib/openzeppelin-contracts/certora/reports/2021-10.pdf +0 -0
  432. package/lib/openzeppelin-contracts/certora/reports/2022-03.pdf +0 -0
  433. package/lib/openzeppelin-contracts/certora/reports/2022-05.pdf +0 -0
  434. package/lib/openzeppelin-contracts/certora/run.js +160 -0
  435. package/lib/openzeppelin-contracts/certora/specs/AccessControl.spec +119 -0
  436. package/lib/openzeppelin-contracts/certora/specs/AccessControlDefaultAdminRules.spec +464 -0
  437. package/lib/openzeppelin-contracts/certora/specs/DoubleEndedQueue.spec +300 -0
  438. package/lib/openzeppelin-contracts/certora/specs/ERC20.spec +352 -0
  439. package/lib/openzeppelin-contracts/certora/specs/ERC20FlashMint.spec +55 -0
  440. package/lib/openzeppelin-contracts/certora/specs/ERC20Wrapper.spec +198 -0
  441. package/lib/openzeppelin-contracts/certora/specs/ERC721.spec +679 -0
  442. package/lib/openzeppelin-contracts/certora/specs/EnumerableMap.spec +333 -0
  443. package/lib/openzeppelin-contracts/certora/specs/EnumerableSet.spec +246 -0
  444. package/lib/openzeppelin-contracts/certora/specs/Initializable.spec +165 -0
  445. package/lib/openzeppelin-contracts/certora/specs/Ownable.spec +77 -0
  446. package/lib/openzeppelin-contracts/certora/specs/Ownable2Step.spec +108 -0
  447. package/lib/openzeppelin-contracts/certora/specs/Pausable.spec +96 -0
  448. package/lib/openzeppelin-contracts/certora/specs/TimelockController.spec +274 -0
  449. package/lib/openzeppelin-contracts/certora/specs/helpers/helpers.spec +7 -0
  450. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControl.spec +8 -0
  451. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControlDefaultAdminRules.spec +36 -0
  452. package/lib/openzeppelin-contracts/certora/specs/methods/IERC20.spec +11 -0
  453. package/lib/openzeppelin-contracts/certora/specs/methods/IERC2612.spec +5 -0
  454. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashBorrower.spec +3 -0
  455. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashLender.spec +5 -0
  456. package/lib/openzeppelin-contracts/certora/specs/methods/IERC5313.spec +3 -0
  457. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721.spec +17 -0
  458. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721Receiver.spec +3 -0
  459. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable.spec +5 -0
  460. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable2Step.spec +7 -0
  461. package/lib/openzeppelin-contracts/certora/specs.json +86 -0
  462. package/lib/openzeppelin-contracts/contracts/access/README.adoc +43 -0
  463. package/lib/openzeppelin-contracts/contracts/finance/README.adoc +14 -0
  464. package/lib/openzeppelin-contracts/contracts/governance/README.adoc +167 -0
  465. package/lib/openzeppelin-contracts/contracts/interfaces/README.adoc +82 -0
  466. package/lib/openzeppelin-contracts/contracts/metatx/README.adoc +12 -0
  467. package/lib/openzeppelin-contracts/contracts/package.json +32 -0
  468. package/lib/openzeppelin-contracts/contracts/proxy/README.adoc +87 -0
  469. package/lib/openzeppelin-contracts/contracts/token/ERC1155/README.adoc +41 -0
  470. package/lib/openzeppelin-contracts/contracts/token/ERC20/README.adoc +67 -0
  471. package/lib/openzeppelin-contracts/contracts/token/ERC721/README.adoc +67 -0
  472. package/lib/openzeppelin-contracts/contracts/token/common/README.adoc +10 -0
  473. package/lib/openzeppelin-contracts/contracts/utils/README.adoc +88 -0
  474. package/lib/openzeppelin-contracts/contracts/vendor/compound/LICENSE +11 -0
  475. package/lib/openzeppelin-contracts/docs/README.md +16 -0
  476. package/lib/openzeppelin-contracts/docs/antora.yml +7 -0
  477. package/lib/openzeppelin-contracts/docs/config.js +21 -0
  478. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3a.png +0 -0
  479. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3b.png +0 -0
  480. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-6.png +0 -0
  481. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack.png +0 -0
  482. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-deposit.png +0 -0
  483. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-mint.png +0 -0
  484. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-linear.png +0 -0
  485. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglog.png +0 -0
  486. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglogext.png +0 -0
  487. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-exec.png +0 -0
  488. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-vote.png +0 -0
  489. package/lib/openzeppelin-contracts/docs/modules/ROOT/nav.adoc +23 -0
  490. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/access-control.adoc +204 -0
  491. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/backwards-compatibility.adoc +48 -0
  492. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/crowdsales.adoc +11 -0
  493. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/drafts.adoc +19 -0
  494. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc1155.adoc +145 -0
  495. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20-supply.adoc +71 -0
  496. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20.adoc +77 -0
  497. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc4626.adoc +214 -0
  498. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc721.adoc +79 -0
  499. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/extending-contracts.adoc +77 -0
  500. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/faq.adoc +13 -0
  501. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/governance.adoc +240 -0
  502. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/index.adoc +79 -0
  503. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/tokens.adoc +31 -0
  504. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/upgradeable.adoc +77 -0
  505. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/utilities.adoc +185 -0
  506. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/wizard.adoc +15 -0
  507. package/lib/openzeppelin-contracts/docs/templates/contract.hbs +111 -0
  508. package/lib/openzeppelin-contracts/docs/templates/helpers.js +46 -0
  509. package/lib/openzeppelin-contracts/docs/templates/page.hbs +4 -0
  510. package/lib/openzeppelin-contracts/docs/templates/properties.js +64 -0
  511. package/lib/openzeppelin-contracts/hardhat/env-artifacts.js +24 -0
  512. package/lib/openzeppelin-contracts/hardhat/env-contract.js +25 -0
  513. package/lib/openzeppelin-contracts/hardhat/ignore-unreachable-warnings.js +45 -0
  514. package/lib/openzeppelin-contracts/hardhat/skip-foundry-tests.js +6 -0
  515. package/lib/openzeppelin-contracts/hardhat/task-test-get-files.js +25 -0
  516. package/lib/openzeppelin-contracts/hardhat.config.js +131 -0
  517. package/lib/openzeppelin-contracts/lib/erc4626-tests/LICENSE +661 -0
  518. package/lib/openzeppelin-contracts/lib/erc4626-tests/README.md +116 -0
  519. package/lib/openzeppelin-contracts/lib/forge-std/.github/workflows/ci.yml +92 -0
  520. package/lib/openzeppelin-contracts/lib/forge-std/.gitmodules +3 -0
  521. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-APACHE +203 -0
  522. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-MIT +25 -0
  523. package/lib/openzeppelin-contracts/lib/forge-std/README.md +250 -0
  524. package/lib/openzeppelin-contracts/lib/forge-std/package.json +16 -0
  525. package/lib/openzeppelin-contracts/logo.svg +15 -0
  526. package/lib/openzeppelin-contracts/netlify.toml +3 -0
  527. package/lib/openzeppelin-contracts/package-lock.json +16544 -0
  528. package/lib/openzeppelin-contracts/package.json +96 -0
  529. package/lib/openzeppelin-contracts/remappings.txt +1 -0
  530. package/lib/openzeppelin-contracts/renovate.json +4 -0
  531. package/lib/openzeppelin-contracts/requirements.txt +1 -0
  532. package/lib/openzeppelin-contracts/scripts/checks/compare-layout.js +20 -0
  533. package/lib/openzeppelin-contracts/scripts/checks/compareGasReports.js +243 -0
  534. package/lib/openzeppelin-contracts/scripts/checks/extract-layout.js +38 -0
  535. package/lib/openzeppelin-contracts/scripts/checks/generation.sh +6 -0
  536. package/lib/openzeppelin-contracts/scripts/checks/inheritance-ordering.js +54 -0
  537. package/lib/openzeppelin-contracts/scripts/gen-nav.js +41 -0
  538. package/lib/openzeppelin-contracts/scripts/generate/format-lines.js +16 -0
  539. package/lib/openzeppelin-contracts/scripts/generate/run.js +49 -0
  540. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.js +247 -0
  541. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.opts.js +17 -0
  542. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.t.js +146 -0
  543. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableMap.js +283 -0
  544. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableSet.js +250 -0
  545. package/lib/openzeppelin-contracts/scripts/generate/templates/SafeCast.js +126 -0
  546. package/lib/openzeppelin-contracts/scripts/generate/templates/StorageSlot.js +78 -0
  547. package/lib/openzeppelin-contracts/scripts/generate/templates/conversion.js +30 -0
  548. package/lib/openzeppelin-contracts/scripts/git-user-config.sh +6 -0
  549. package/lib/openzeppelin-contracts/scripts/helpers.js +37 -0
  550. package/lib/openzeppelin-contracts/scripts/prepack.sh +23 -0
  551. package/lib/openzeppelin-contracts/scripts/prepare-docs.sh +26 -0
  552. package/lib/openzeppelin-contracts/scripts/release/format-changelog.js +33 -0
  553. package/lib/openzeppelin-contracts/scripts/release/synchronize-versions.js +15 -0
  554. package/lib/openzeppelin-contracts/scripts/release/update-comment.js +34 -0
  555. package/lib/openzeppelin-contracts/scripts/release/version.sh +11 -0
  556. package/lib/openzeppelin-contracts/scripts/release/workflow/exit-prerelease.sh +8 -0
  557. package/lib/openzeppelin-contracts/scripts/release/workflow/github-release.js +48 -0
  558. package/lib/openzeppelin-contracts/scripts/release/workflow/integrity-check.sh +20 -0
  559. package/lib/openzeppelin-contracts/scripts/release/workflow/pack.sh +26 -0
  560. package/lib/openzeppelin-contracts/scripts/release/workflow/publish.sh +26 -0
  561. package/lib/openzeppelin-contracts/scripts/release/workflow/rerun.js +7 -0
  562. package/lib/openzeppelin-contracts/scripts/release/workflow/set-changesets-pr-title.js +17 -0
  563. package/lib/openzeppelin-contracts/scripts/release/workflow/start.sh +35 -0
  564. package/lib/openzeppelin-contracts/scripts/release/workflow/state.js +112 -0
  565. package/lib/openzeppelin-contracts/scripts/remove-ignored-artifacts.js +45 -0
  566. package/lib/openzeppelin-contracts/scripts/solhint-custom/index.js +84 -0
  567. package/lib/openzeppelin-contracts/scripts/solhint-custom/package.json +5 -0
  568. package/lib/openzeppelin-contracts/scripts/update-docs-branch.js +65 -0
  569. package/lib/openzeppelin-contracts/scripts/upgradeable/README.md +21 -0
  570. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-apply.sh +19 -0
  571. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-save.sh +18 -0
  572. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile-onto.sh +54 -0
  573. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile.sh +47 -0
  574. package/lib/openzeppelin-contracts/scripts/upgradeable/upgradeable.patch +360 -0
  575. package/lib/openzeppelin-contracts/slither.config.json +5 -0
  576. package/lib/openzeppelin-contracts/solhint.config.js +20 -0
  577. package/mythril-lft-output.txt +1 -0
  578. package/mythril-lft-symbolic.txt +18 -0
  579. package/mythril-lft.sh +20 -0
  580. package/mythril-symbolic-output.txt +1 -0
  581. package/mythril-symbolic.sh +42 -0
  582. package/out/build-info/0026b78428192979.json +1 -0
  583. package/out/build-info/03c4fc3b88486eba.json +1 -0
  584. package/out/build-info/0540afa9b9a5c5a6.json +1 -0
  585. package/out/build-info/081932f505bc08b9.json +1 -0
  586. package/out/build-info/0da104ba0d6642d5.json +1 -0
  587. package/out/build-info/197281971dbb5f23.json +1 -0
  588. package/out/build-info/197e7e332832a232.json +1 -0
  589. package/out/build-info/1a1cab9136eb5f94.json +1 -0
  590. package/out/build-info/1b320204eb162aa2.json +1 -0
  591. package/out/build-info/1e03f94398052674.json +1 -0
  592. package/out/build-info/22ac085949602937.json +1 -0
  593. package/out/build-info/234ef37453a9fa64.json +1 -0
  594. package/out/build-info/2447db7b1878fa8e.json +1 -0
  595. package/out/build-info/25568daeb484f5ff.json +1 -0
  596. package/out/build-info/27465853244c49ce.json +1 -0
  597. package/out/build-info/2c57a9e0f087453b.json +1 -0
  598. package/out/build-info/3c62ae7de8da68c4.json +1 -0
  599. package/out/build-info/3e771ae109e97bb3.json +1 -0
  600. package/out/build-info/460499bc0a3465c4.json +1 -0
  601. package/out/build-info/47ce37e50a4f115e.json +1 -0
  602. package/out/build-info/4fcce5c63cf427d6.json +1 -0
  603. package/out/build-info/4fd0a53fe63fddbb.json +1 -0
  604. package/out/build-info/50f1247db9d769cc.json +1 -0
  605. package/out/build-info/5317d0181a7a5e02.json +1 -0
  606. package/out/build-info/594df509275ceb5b.json +1 -0
  607. package/out/build-info/61983ac3f6141719.json +1 -0
  608. package/out/build-info/638c4548307122fe.json +1 -0
  609. package/out/build-info/67c2c43bdb7c0ded.json +1 -0
  610. package/out/build-info/777f42643aad37b7.json +1 -0
  611. package/out/build-info/7d7856f19e845354.json +1 -0
  612. package/out/build-info/83976260b6f71e94.json +1 -0
  613. package/out/build-info/83c23882000b963d.json +1 -0
  614. package/out/build-info/84b2cce8f70b36be.json +1 -0
  615. package/out/build-info/8bc13d31d7c3206a.json +1 -0
  616. package/out/build-info/8e183bd4d9d8cf88.json +1 -0
  617. package/out/build-info/94bfe1e7cafa8ff5.json +1 -0
  618. package/out/build-info/99ec7d5e8d8ff360.json +1 -0
  619. package/out/build-info/9ac044b29daa7d5e.json +1 -0
  620. package/out/build-info/9b203227ff5d2e63.json +1 -0
  621. package/out/build-info/9d18c5872c4282dd.json +1 -0
  622. package/out/build-info/9f77f04f33baf9a3.json +1 -0
  623. package/out/build-info/a6e1caf974787982.json +1 -0
  624. package/out/build-info/a94b6348867a62d6.json +1 -0
  625. package/out/build-info/ad93721947a8b195.json +1 -0
  626. package/out/build-info/b42daddb5aa4b19f.json +1 -0
  627. package/out/build-info/bf13512ae899f7e8.json +1 -0
  628. package/out/build-info/c39f86c20a548c4a.json +1 -0
  629. package/out/build-info/cb12bb975a2f4e65.json +1 -0
  630. package/out/build-info/d0c6788fadc2aa60.json +1 -0
  631. package/out/build-info/d2726bf94ed5b845.json +1 -0
  632. package/out/build-info/d4eb00da50cce5cb.json +1 -0
  633. package/out/build-info/db931924a3bc8bdd.json +1 -0
  634. package/out/build-info/e1a503d49bc77401.json +1 -0
  635. package/out/build-info/efe5396f8892ce77.json +1 -0
  636. package/out/build-info/f536d90ced745969.json +1 -0
  637. package/out/build-info/fed38823c7019b82.json +1 -0
  638. package/package.json +51 -0
  639. package/page.html +5384 -0
  640. package/pancakeswap-simple-tvl.sql +15 -0
  641. package/pancakeswap-top-pools.sql +29 -0
  642. package/pancakeswap-tvl-optimized.sql +57 -0
  643. package/pancakeswap-tvl-query.sql +60 -0
  644. package/pancakeswap-underflow-hunting.sql +51 -0
  645. package/pancakeswap-vulnerability-queries.sql +200 -0
  646. package/posi_page.html +6369 -0
  647. package/posi_response.json +29 -0
  648. package/proxy_page.html +500 -0
  649. package/run_mythril_elephant.sh +18 -0
  650. package/sHEGIC-bytecode.bin +6 -0
  651. package/sHEGIC-mythril-analysis.txt +1 -0
  652. package/sHEGIC-mythril-full.txt +134 -0
  653. package/sHEGIC_ANALYSIS.md +135 -0
  654. package/sHEGIC_EXPLOIT_ANALYSIS.md +317 -0
  655. package/sHEGIC_MYTHRIL_ANALYSIS.md +361 -0
  656. package/scrape-snowcrash.js +28 -0
  657. package/scripts/yooshi_drain.sh +154 -0
  658. package/shi_raw.json +1 -0
  659. package/temp.json +1 -0
  660. package/temp_harvest.json +1 -0
  661. package/temp_pika.json +1 -0
  662. package/temp_posi.json +1 -0
  663. package/temp_response.json +1 -0
  664. package/test-lft-hidden-balance.js +108 -0
  665. package/test-xfi-exploit.js +140 -0
  666. package/trunk-liquidity-rescue.js +164 -0
  667. package/vBABY_page.html +6153 -0
  668. package/vBABY_response.json +29 -0
  669. package/wsg_response.json +1 -0
  670. package/yooldo_page.html +10371 -0
package/lib/openzeppelin-contracts/certora/specs/ERC721.spec ADDED
@@ -0,0 +1,679 @@
1
+ import "helpers/helpers.spec";
2
+ import "methods/IERC721.spec";
3
+ import "methods/IERC721Receiver.spec";
4
+
5
+ methods {
6
+ // exposed for FV
7
+ function mint(address,uint256) external;
8
+ function safeMint(address,uint256) external;
9
+ function safeMint(address,uint256,bytes) external;
10
+ function burn(uint256) external;
11
+
12
+ function unsafeOwnerOf(uint256) external returns (address) envfree;
13
+ function unsafeGetApproved(uint256) external returns (address) envfree;
14
+ }
15
+
16
+ /*
17
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
18
+ │ Helpers │
19
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
20
+ */
21
+
22
+ definition authSanity(env e) returns bool = e.msg.sender != 0;
23
+
24
+ // Could be broken in theory, but not in practice
25
+ definition balanceLimited(address account) returns bool = balanceOf(account) < max_uint256;
26
+
27
+ function helperTransferWithRevert(env e, method f, address from, address to, uint256 tokenId) {
28
+ if (f.selector == sig:transferFrom(address,address,uint256).selector) {
29
+ transferFrom@withrevert(e, from, to, tokenId);
30
+ } else if (f.selector == sig:safeTransferFrom(address,address,uint256).selector) {
31
+ safeTransferFrom@withrevert(e, from, to, tokenId);
32
+ } else if (f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector) {
33
+ bytes params;
34
+ require params.length < 0xffff;
35
+ safeTransferFrom@withrevert(e, from, to, tokenId, params);
36
+ } else {
37
+ calldataarg args;
38
+ f@withrevert(e, args);
39
+ }
40
+ }
41
+
42
+ function helperMintWithRevert(env e, method f, address to, uint256 tokenId) {
43
+ if (f.selector == sig:mint(address,uint256).selector) {
44
+ mint@withrevert(e, to, tokenId);
45
+ } else if (f.selector == sig:safeMint(address,uint256).selector) {
46
+ safeMint@withrevert(e, to, tokenId);
47
+ } else if (f.selector == sig:safeMint(address,uint256,bytes).selector) {
48
+ bytes params;
49
+ require params.length < 0xffff;
50
+ safeMint@withrevert(e, to, tokenId, params);
51
+ } else {
52
+ require false;
53
+ }
54
+ }
55
+
56
+ function helperSoundFnCall(env e, method f) {
57
+ if (f.selector == sig:mint(address,uint256).selector) {
58
+ address to; uint256 tokenId;
59
+ require balanceLimited(to);
60
+ requireInvariant notMintedUnset(tokenId);
61
+ mint(e, to, tokenId);
62
+ } else if (f.selector == sig:safeMint(address,uint256).selector) {
63
+ address to; uint256 tokenId;
64
+ require balanceLimited(to);
65
+ requireInvariant notMintedUnset(tokenId);
66
+ safeMint(e, to, tokenId);
67
+ } else if (f.selector == sig:safeMint(address,uint256,bytes).selector) {
68
+ address to; uint256 tokenId; bytes data;
69
+ require data.length < 0xffff;
70
+ require balanceLimited(to);
71
+ requireInvariant notMintedUnset(tokenId);
72
+ safeMint(e, to, tokenId, data);
73
+ } else if (f.selector == sig:burn(uint256).selector) {
74
+ uint256 tokenId;
75
+ requireInvariant ownerHasBalance(tokenId);
76
+ requireInvariant notMintedUnset(tokenId);
77
+ burn(e, tokenId);
78
+ } else if (f.selector == sig:transferFrom(address,address,uint256).selector) {
79
+ address from; address to; uint256 tokenId;
80
+ require balanceLimited(to);
81
+ requireInvariant ownerHasBalance(tokenId);
82
+ requireInvariant notMintedUnset(tokenId);
83
+ transferFrom(e, from, to, tokenId);
84
+ } else if (f.selector == sig:safeTransferFrom(address,address,uint256).selector) {
85
+ address from; address to; uint256 tokenId;
86
+ require balanceLimited(to);
87
+ requireInvariant ownerHasBalance(tokenId);
88
+ requireInvariant notMintedUnset(tokenId);
89
+ safeTransferFrom(e, from, to, tokenId);
90
+ } else if (f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector) {
91
+ address from; address to; uint256 tokenId; bytes data;
92
+ require data.length < 0xffff;
93
+ require balanceLimited(to);
94
+ requireInvariant ownerHasBalance(tokenId);
95
+ requireInvariant notMintedUnset(tokenId);
96
+ safeTransferFrom(e, from, to, tokenId, data);
97
+ } else {
98
+ calldataarg args;
99
+ f(e, args);
100
+ }
101
+ }
102
+
103
+ /*
104
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
105
+ │ Ghost & hooks: ownership count │
106
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
107
+ */
108
+ ghost mathint _ownedTotal {
109
+ init_state axiom _ownedTotal == 0;
110
+ }
111
+
112
+ ghost mapping(address => mathint) _ownedByUser {
113
+ init_state axiom forall address a. _ownedByUser[a] == 0;
114
+ }
115
+
116
+ hook Sstore _owners[KEY uint256 tokenId] address newOwner (address oldOwner) STORAGE {
117
+ _ownedByUser[newOwner] = _ownedByUser[newOwner] + to_mathint(newOwner != 0 ? 1 : 0);
118
+ _ownedByUser[oldOwner] = _ownedByUser[oldOwner] - to_mathint(oldOwner != 0 ? 1 : 0);
119
+ _ownedTotal = _ownedTotal + to_mathint(newOwner != 0 ? 1 : 0) - to_mathint(oldOwner != 0 ? 1 : 0);
120
+ }
121
+
122
+ /*
123
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
124
+ │ Ghost & hooks: sum of all balances │
125
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
126
+ */
127
+ ghost mathint _supply {
128
+ init_state axiom _supply == 0;
129
+ }
130
+
131
+ ghost mapping(address => mathint) _balances {
132
+ init_state axiom forall address a. _balances[a] == 0;
133
+ }
134
+
135
+ hook Sstore _balances[KEY address addr] uint256 newValue (uint256 oldValue) STORAGE {
136
+ _supply = _supply - oldValue + newValue;
137
+ }
138
+
139
+ // TODO: This used to not be necessary. We should try to remove it. In order to do so, we will probably need to add
140
+ // many "preserved" directive that require the "balanceOfConsistency" invariant on the accounts involved.
141
+ hook Sload uint256 value _balances[KEY address user] STORAGE {
142
+ require _balances[user] == to_mathint(value);
143
+ }
144
+
145
+ /*
146
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
147
+ │ Invariant: number of owned tokens is the sum of all balances │
148
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
149
+ */
150
+ invariant ownedTotalIsSumOfBalances()
151
+ _ownedTotal == _supply
152
+ {
153
+ preserved mint(address to, uint256 tokenId) with (env e) {
154
+ require balanceLimited(to);
155
+ }
156
+ preserved safeMint(address to, uint256 tokenId) with (env e) {
157
+ require balanceLimited(to);
158
+ }
159
+ preserved safeMint(address to, uint256 tokenId, bytes data) with (env e) {
160
+ require balanceLimited(to);
161
+ }
162
+ preserved burn(uint256 tokenId) with (env e) {
163
+ requireInvariant ownerHasBalance(tokenId);
164
+ requireInvariant balanceOfConsistency(ownerOf(tokenId));
165
+ }
166
+ preserved transferFrom(address from, address to, uint256 tokenId) with (env e) {
167
+ require balanceLimited(to);
168
+ requireInvariant ownerHasBalance(tokenId);
169
+ requireInvariant balanceOfConsistency(from);
170
+ requireInvariant balanceOfConsistency(to);
171
+ }
172
+ preserved safeTransferFrom(address from, address to, uint256 tokenId) with (env e) {
173
+ require balanceLimited(to);
174
+ requireInvariant ownerHasBalance(tokenId);
175
+ requireInvariant balanceOfConsistency(from);
176
+ requireInvariant balanceOfConsistency(to);
177
+ }
178
+ preserved safeTransferFrom(address from, address to, uint256 tokenId, bytes data) with (env e) {
179
+ require balanceLimited(to);
180
+ requireInvariant ownerHasBalance(tokenId);
181
+ requireInvariant balanceOfConsistency(from);
182
+ requireInvariant balanceOfConsistency(to);
183
+ }
184
+ }
185
+
186
+ /*
187
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
188
+ │ Invariant: balanceOf is the number of tokens owned │
189
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
190
+ */
191
+ invariant balanceOfConsistency(address user)
192
+ to_mathint(balanceOf(user)) == _ownedByUser[user] &&
193
+ to_mathint(balanceOf(user)) == _balances[user]
194
+ {
195
+ preserved {
196
+ require balanceLimited(user);
197
+ }
198
+ }
199
+
200
+ /*
201
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
202
+ │ Invariant: owner of a token must have some balance │
203
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
204
+ */
205
+ invariant ownerHasBalance(uint256 tokenId)
206
+ balanceOf(ownerOf(tokenId)) > 0
207
+ {
208
+ preserved {
209
+ requireInvariant balanceOfConsistency(ownerOf(tokenId));
210
+ require balanceLimited(ownerOf(tokenId));
211
+ }
212
+ }
213
+
214
+ /*
215
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
216
+ │ Rule: balance of address(0) is 0 │
217
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
218
+ */
219
+ rule zeroAddressBalanceRevert() {
220
+ balanceOf@withrevert(0);
221
+ assert lastReverted;
222
+ }
223
+
224
+ /*
225
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
226
+ │ Invariant: address(0) has no authorized operator │
227
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
228
+ */
229
+ invariant zeroAddressHasNoApprovedOperator(address a)
230
+ !isApprovedForAll(0, a)
231
+ {
232
+ preserved with (env e) {
233
+ require nonzerosender(e);
234
+ }
235
+ }
236
+
237
+ /*
238
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
239
+ │ Invariant: tokens that do not exist are not owned and not approved │
240
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
241
+ */
242
+ invariant notMintedUnset(uint256 tokenId)
243
+ unsafeOwnerOf(tokenId) == 0 => unsafeGetApproved(tokenId) == 0;
244
+
245
+ /*
246
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
247
+ │ Rule: unsafeOwnerOf and unsafeGetApproved don't revert + ownerOf and getApproved revert if token does not exist │
248
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
249
+ */
250
+ rule notMintedRevert(uint256 tokenId) {
251
+ requireInvariant notMintedUnset(tokenId);
252
+
253
+ address _owner = unsafeOwnerOf@withrevert(tokenId);
254
+ assert !lastReverted;
255
+
256
+ address _approved = unsafeGetApproved@withrevert(tokenId);
257
+ assert !lastReverted;
258
+
259
+ address owner = ownerOf@withrevert(tokenId);
260
+ assert lastReverted <=> _owner == 0;
261
+ assert !lastReverted => _owner == owner;
262
+
263
+ address approved = getApproved@withrevert(tokenId);
264
+ assert lastReverted <=> _owner == 0;
265
+ assert !lastReverted => _approved == approved;
266
+ }
267
+
268
+ /*
269
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
270
+ │ Rules: total supply can only change through mint and burn │
271
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
272
+ */
273
+ rule supplyChange(env e) {
274
+ require nonzerosender(e);
275
+ requireInvariant zeroAddressHasNoApprovedOperator(e.msg.sender);
276
+
277
+ mathint supplyBefore = _supply;
278
+ method f; helperSoundFnCall(e, f);
279
+ mathint supplyAfter = _supply;
280
+
281
+ assert supplyAfter > supplyBefore => (
282
+ supplyAfter == supplyBefore + 1 &&
283
+ (
284
+ f.selector == sig:mint(address,uint256).selector ||
285
+ f.selector == sig:safeMint(address,uint256).selector ||
286
+ f.selector == sig:safeMint(address,uint256,bytes).selector
287
+ )
288
+ );
289
+ assert supplyAfter < supplyBefore => (
290
+ supplyAfter == supplyBefore - 1 &&
291
+ f.selector == sig:burn(uint256).selector
292
+ );
293
+ }
294
+
295
+ /*
296
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
297
+ │ Rules: balanceOf can only change through mint, burn or transfers. balanceOf cannot change by more than 1. │
298
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
299
+ */
300
+ rule balanceChange(env e, address account) {
301
+ requireInvariant balanceOfConsistency(account);
302
+ require balanceLimited(account);
303
+
304
+ mathint balanceBefore = balanceOf(account);
305
+ method f; helperSoundFnCall(e, f);
306
+ mathint balanceAfter = balanceOf(account);
307
+
308
+ // balance can change by at most 1
309
+ assert balanceBefore != balanceAfter => (
310
+ balanceAfter == balanceBefore - 1 ||
311
+ balanceAfter == balanceBefore + 1
312
+ );
313
+
314
+ // only selected function can change balances
315
+ assert balanceBefore != balanceAfter => (
316
+ f.selector == sig:transferFrom(address,address,uint256).selector ||
317
+ f.selector == sig:safeTransferFrom(address,address,uint256).selector ||
318
+ f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector ||
319
+ f.selector == sig:mint(address,uint256).selector ||
320
+ f.selector == sig:safeMint(address,uint256).selector ||
321
+ f.selector == sig:safeMint(address,uint256,bytes).selector ||
322
+ f.selector == sig:burn(uint256).selector
323
+ );
324
+ }
325
+
326
+ /*
327
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
328
+ │ Rules: ownership can only change through mint, burn or transfers. │
329
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
330
+ */
331
+ rule ownershipChange(env e, uint256 tokenId) {
332
+ require nonzerosender(e);
333
+ requireInvariant zeroAddressHasNoApprovedOperator(e.msg.sender);
334
+
335
+ address ownerBefore = unsafeOwnerOf(tokenId);
336
+ method f; helperSoundFnCall(e, f);
337
+ address ownerAfter = unsafeOwnerOf(tokenId);
338
+
339
+ assert ownerBefore == 0 && ownerAfter != 0 => (
340
+ f.selector == sig:mint(address,uint256).selector ||
341
+ f.selector == sig:safeMint(address,uint256).selector ||
342
+ f.selector == sig:safeMint(address,uint256,bytes).selector
343
+ );
344
+
345
+ assert ownerBefore != 0 && ownerAfter == 0 => (
346
+ f.selector == sig:burn(uint256).selector
347
+ );
348
+
349
+ assert (ownerBefore != ownerAfter && ownerBefore != 0 && ownerAfter != 0) => (
350
+ f.selector == sig:transferFrom(address,address,uint256).selector ||
351
+ f.selector == sig:safeTransferFrom(address,address,uint256).selector ||
352
+ f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector
353
+ );
354
+ }
355
+
356
+ /*
357
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
358
+ │ Rules: token approval can only change through approve or transfers (implicitly). │
359
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
360
+ */
361
+ rule approvalChange(env e, uint256 tokenId) {
362
+ address approvalBefore = unsafeGetApproved(tokenId);
363
+ method f; helperSoundFnCall(e, f);
364
+ address approvalAfter = unsafeGetApproved(tokenId);
365
+
366
+ // approve can set any value, other functions reset
367
+ assert approvalBefore != approvalAfter => (
368
+ f.selector == sig:approve(address,uint256).selector ||
369
+ (
370
+ (
371
+ f.selector == sig:transferFrom(address,address,uint256).selector ||
372
+ f.selector == sig:safeTransferFrom(address,address,uint256).selector ||
373
+ f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector ||
374
+ f.selector == sig:burn(uint256).selector
375
+ ) && approvalAfter == 0
376
+ )
377
+ );
378
+ }
379
+
380
+ /*
381
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
382
+ │ Rules: approval for all tokens can only change through isApprovedForAll. │
383
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
384
+ */
385
+ rule approvedForAllChange(env e, address owner, address spender) {
386
+ bool approvedForAllBefore = isApprovedForAll(owner, spender);
387
+ method f; helperSoundFnCall(e, f);
388
+ bool approvedForAllAfter = isApprovedForAll(owner, spender);
389
+
390
+ assert approvedForAllBefore != approvedForAllAfter => f.selector == sig:setApprovalForAll(address,bool).selector;
391
+ }
392
+
393
+ /*
394
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
395
+ │ Rule: transferFrom behavior and side effects │
396
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
397
+ */
398
+ rule transferFrom(env e, address from, address to, uint256 tokenId) {
399
+ require nonpayable(e);
400
+ require authSanity(e);
401
+
402
+ address operator = e.msg.sender;
403
+ uint256 otherTokenId;
404
+ address otherAccount;
405
+
406
+ requireInvariant ownerHasBalance(tokenId);
407
+ require balanceLimited(to);
408
+
409
+ uint256 balanceOfFromBefore = balanceOf(from);
410
+ uint256 balanceOfToBefore = balanceOf(to);
411
+ uint256 balanceOfOtherBefore = balanceOf(otherAccount);
412
+ address ownerBefore = unsafeOwnerOf(tokenId);
413
+ address otherOwnerBefore = unsafeOwnerOf(otherTokenId);
414
+ address approvalBefore = unsafeGetApproved(tokenId);
415
+ address otherApprovalBefore = unsafeGetApproved(otherTokenId);
416
+
417
+ transferFrom@withrevert(e, from, to, tokenId);
418
+ bool success = !lastReverted;
419
+
420
+ // liveness
421
+ assert success <=> (
422
+ from == ownerBefore &&
423
+ from != 0 &&
424
+ to != 0 &&
425
+ (operator == from || operator == approvalBefore || isApprovedForAll(ownerBefore, operator))
426
+ );
427
+
428
+ // effect
429
+ assert success => (
430
+ to_mathint(balanceOf(from)) == balanceOfFromBefore - assert_uint256(from != to ? 1 : 0) &&
431
+ to_mathint(balanceOf(to)) == balanceOfToBefore + assert_uint256(from != to ? 1 : 0) &&
432
+ unsafeOwnerOf(tokenId) == to &&
433
+ unsafeGetApproved(tokenId) == 0
434
+ );
435
+
436
+ // no side effect
437
+ assert balanceOf(otherAccount) != balanceOfOtherBefore => (otherAccount == from || otherAccount == to);
438
+ assert unsafeOwnerOf(otherTokenId) != otherOwnerBefore => otherTokenId == tokenId;
439
+ assert unsafeGetApproved(otherTokenId) != otherApprovalBefore => otherTokenId == tokenId;
440
+ }
441
+
442
+ /*
443
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
444
+ │ Rule: safeTransferFrom behavior and side effects │
445
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
446
+ */
447
+ rule safeTransferFrom(env e, method f, address from, address to, uint256 tokenId) filtered { f ->
448
+ f.selector == sig:safeTransferFrom(address,address,uint256).selector ||
449
+ f.selector == sig:safeTransferFrom(address,address,uint256,bytes).selector
450
+ } {
451
+ require nonpayable(e);
452
+ require authSanity(e);
453
+
454
+ address operator = e.msg.sender;
455
+ uint256 otherTokenId;
456
+ address otherAccount;
457
+
458
+ requireInvariant ownerHasBalance(tokenId);
459
+ require balanceLimited(to);
460
+
461
+ uint256 balanceOfFromBefore = balanceOf(from);
462
+ uint256 balanceOfToBefore = balanceOf(to);
463
+ uint256 balanceOfOtherBefore = balanceOf(otherAccount);
464
+ address ownerBefore = unsafeOwnerOf(tokenId);
465
+ address otherOwnerBefore = unsafeOwnerOf(otherTokenId);
466
+ address approvalBefore = unsafeGetApproved(tokenId);
467
+ address otherApprovalBefore = unsafeGetApproved(otherTokenId);
468
+
469
+ helperTransferWithRevert(e, f, from, to, tokenId);
470
+ bool success = !lastReverted;
471
+
472
+ assert success <=> (
473
+ from == ownerBefore &&
474
+ from != 0 &&
475
+ to != 0 &&
476
+ (operator == from || operator == approvalBefore || isApprovedForAll(ownerBefore, operator))
477
+ );
478
+
479
+ // effect
480
+ assert success => (
481
+ to_mathint(balanceOf(from)) == balanceOfFromBefore - assert_uint256(from != to ? 1: 0) &&
482
+ to_mathint(balanceOf(to)) == balanceOfToBefore + assert_uint256(from != to ? 1: 0) &&
483
+ unsafeOwnerOf(tokenId) == to &&
484
+ unsafeGetApproved(tokenId) == 0
485
+ );
486
+
487
+ // no side effect
488
+ assert balanceOf(otherAccount) != balanceOfOtherBefore => (otherAccount == from || otherAccount == to);
489
+ assert unsafeOwnerOf(otherTokenId) != otherOwnerBefore => otherTokenId == tokenId;
490
+ assert unsafeGetApproved(otherTokenId) != otherApprovalBefore => otherTokenId == tokenId;
491
+ }
492
+
493
+ /*
494
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
495
+ │ Rule: mint behavior and side effects │
496
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
497
+ */
498
+ rule mint(env e, address to, uint256 tokenId) {
499
+ require nonpayable(e);
500
+ requireInvariant notMintedUnset(tokenId);
501
+
502
+ uint256 otherTokenId;
503
+ address otherAccount;
504
+
505
+ require balanceLimited(to);
506
+
507
+ mathint supplyBefore = _supply;
508
+ uint256 balanceOfToBefore = balanceOf(to);
509
+ uint256 balanceOfOtherBefore = balanceOf(otherAccount);
510
+ address ownerBefore = unsafeOwnerOf(tokenId);
511
+ address otherOwnerBefore = unsafeOwnerOf(otherTokenId);
512
+
513
+ mint@withrevert(e, to, tokenId);
514
+ bool success = !lastReverted;
515
+
516
+ // liveness
517
+ assert success <=> (
518
+ ownerBefore == 0 &&
519
+ to != 0
520
+ );
521
+
522
+ // effect
523
+ assert success => (
524
+ _supply == supplyBefore + 1 &&
525
+ to_mathint(balanceOf(to)) == balanceOfToBefore + 1 &&
526
+ unsafeOwnerOf(tokenId) == to
527
+ );
528
+
529
+ // no side effect
530
+ assert balanceOf(otherAccount) != balanceOfOtherBefore => otherAccount == to;
531
+ assert unsafeOwnerOf(otherTokenId) != otherOwnerBefore => otherTokenId == tokenId;
532
+ }
533
+
534
+ /*
535
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
536
+ │ Rule: safeMint behavior and side effects │
537
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
538
+ */
539
+ rule safeMint(env e, method f, address to, uint256 tokenId) filtered { f ->
540
+ f.selector == sig:safeMint(address,uint256).selector ||
541
+ f.selector == sig:safeMint(address,uint256,bytes).selector
542
+ } {
543
+ require nonpayable(e);
544
+ requireInvariant notMintedUnset(tokenId);
545
+
546
+ uint256 otherTokenId;
547
+ address otherAccount;
548
+
549
+ require balanceLimited(to);
550
+
551
+ mathint supplyBefore = _supply;
552
+ uint256 balanceOfToBefore = balanceOf(to);
553
+ uint256 balanceOfOtherBefore = balanceOf(otherAccount);
554
+ address ownerBefore = unsafeOwnerOf(tokenId);
555
+ address otherOwnerBefore = unsafeOwnerOf(otherTokenId);
556
+
557
+ helperMintWithRevert(e, f, to, tokenId);
558
+ bool success = !lastReverted;
559
+
560
+ assert success <=> (
561
+ ownerBefore == 0 &&
562
+ to != 0
563
+ );
564
+
565
+ // effect
566
+ assert success => (
567
+ _supply == supplyBefore + 1 &&
568
+ to_mathint(balanceOf(to)) == balanceOfToBefore + 1 &&
569
+ unsafeOwnerOf(tokenId) == to
570
+ );
571
+
572
+ // no side effect
573
+ assert balanceOf(otherAccount) != balanceOfOtherBefore => otherAccount == to;
574
+ assert unsafeOwnerOf(otherTokenId) != otherOwnerBefore => otherTokenId == tokenId;
575
+ }
576
+
577
+ /*
578
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
579
+ │ Rule: burn behavior and side effects │
580
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
581
+ */
582
+ rule burn(env e, uint256 tokenId) {
583
+ require nonpayable(e);
584
+
585
+ address from = unsafeOwnerOf(tokenId);
586
+ uint256 otherTokenId;
587
+ address otherAccount;
588
+
589
+ requireInvariant ownerHasBalance(tokenId);
590
+
591
+ mathint supplyBefore = _supply;
592
+ uint256 balanceOfFromBefore = balanceOf(from);
593
+ uint256 balanceOfOtherBefore = balanceOf(otherAccount);
594
+ address ownerBefore = unsafeOwnerOf(tokenId);
595
+ address otherOwnerBefore = unsafeOwnerOf(otherTokenId);
596
+ address otherApprovalBefore = unsafeGetApproved(otherTokenId);
597
+
598
+ burn@withrevert(e, tokenId);
599
+ bool success = !lastReverted;
600
+
601
+ // liveness
602
+ assert success <=> (
603
+ ownerBefore != 0
604
+ );
605
+
606
+ // effect
607
+ assert success => (
608
+ _supply == supplyBefore - 1 &&
609
+ to_mathint(balanceOf(from)) == balanceOfFromBefore - 1 &&
610
+ unsafeOwnerOf(tokenId) == 0 &&
611
+ unsafeGetApproved(tokenId) == 0
612
+ );
613
+
614
+ // no side effect
615
+ assert balanceOf(otherAccount) != balanceOfOtherBefore => otherAccount == from;
616
+ assert unsafeOwnerOf(otherTokenId) != otherOwnerBefore => otherTokenId == tokenId;
617
+ assert unsafeGetApproved(otherTokenId) != otherApprovalBefore => otherTokenId == tokenId;
618
+ }
619
+
620
+ /*
621
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
622
+ │ Rule: approve behavior and side effects │
623
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
624
+ */
625
+ rule approve(env e, address spender, uint256 tokenId) {
626
+ require nonpayable(e);
627
+ require authSanity(e);
628
+
629
+ address caller = e.msg.sender;
630
+ address owner = unsafeOwnerOf(tokenId);
631
+ uint256 otherTokenId;
632
+
633
+ address otherApprovalBefore = unsafeGetApproved(otherTokenId);
634
+
635
+ approve@withrevert(e, spender, tokenId);
636
+ bool success = !lastReverted;
637
+
638
+ // liveness
639
+ assert success <=> (
640
+ owner != 0 &&
641
+ (owner == caller || isApprovedForAll(owner, caller))
642
+ );
643
+
644
+ // effect
645
+ assert success => unsafeGetApproved(tokenId) == spender;
646
+
647
+ // no side effect
648
+ assert unsafeGetApproved(otherTokenId) != otherApprovalBefore => otherTokenId == tokenId;
649
+ }
650
+
651
+ /*
652
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
653
+ │ Rule: setApprovalForAll behavior and side effects │
654
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
655
+ */
656
+ rule setApprovalForAll(env e, address operator, bool approved) {
657
+ require nonpayable(e);
658
+
659
+ address owner = e.msg.sender;
660
+ address otherOwner;
661
+ address otherOperator;
662
+
663
+ bool otherIsApprovedForAllBefore = isApprovedForAll(otherOwner, otherOperator);
664
+
665
+ setApprovalForAll@withrevert(e, operator, approved);
666
+ bool success = !lastReverted;
667
+
668
+ // liveness
669
+ assert success <=> operator != 0;
670
+
671
+ // effect
672
+ assert success => isApprovedForAll(owner, operator) == approved;
673
+
674
+ // no side effect
675
+ assert isApprovedForAll(otherOwner, otherOperator) != otherIsApprovedForAllBefore => (
676
+ otherOwner == owner &&
677
+ otherOperator == operator
678
+ );
679
+ }