uups-checker 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (670) hide show
  1. package/.gitmodules +6 -0
  2. package/AIFI_AUDIT.md +220 -0
  3. package/ALL_AUDITS_SUMMARY.md +366 -0
  4. package/ALPHA_PROXY_CRITICAL_FINDING.md +136 -0
  5. package/ALPHA_PROXY_FINAL_ANALYSIS.md +213 -0
  6. package/ALPHA_PROXY_FINAL_VERDICT.md +233 -0
  7. package/ALPHA_PROXY_SELFDESTRUCT_EXPLOIT.md +161 -0
  8. package/ARIA-foundry-test.txt +9 -0
  9. package/ARIA-mythril-analysis.txt +20 -0
  10. package/ARIA-slither-analysis.txt +38 -0
  11. package/ARIA_AI_SECURITY_AUDIT.md +290 -0
  12. package/ARIA_VERIFIED_AUDIT.md +259 -0
  13. package/ARIA_VERIFIED_slither.txt +76 -0
  14. package/ARIVA_source.txt +1 -0
  15. package/ARK_AUDIT.md +349 -0
  16. package/BANANA_AUDIT.md +365 -0
  17. package/BAS_AUDIT.md +451 -0
  18. package/BAS_TOKEN_AUDIT.md +235 -0
  19. package/BCE_EXPLOIT_ANALYSIS.md +165 -0
  20. package/BEEFY_BNB_CHAIN_ANALYSIS.md +488 -0
  21. package/BEEFY_MONAD_ANALYSIS.md +239 -0
  22. package/BEEFY_STAKING_ANALYSIS.md +136 -0
  23. package/BEEFY_XVS_WBNB_ACTUAL_FINDINGS.md +223 -0
  24. package/BEEFY_XVS_WBNB_CRITICAL_FINDINGS.md +269 -0
  25. package/BLOCKSEC_ATTACK_KNOWLEDGE_BASE.md +771 -0
  26. package/BRISE_ANALYSIS.txt +31 -0
  27. package/BRISE_BSC_DAPPS.txt +68 -0
  28. package/BRISE_EXPLOITS_FOUND.md +98 -0
  29. package/BRISE_REAL_EXPLOITS.md +115 -0
  30. package/BRISE_WHITEHAT_REPORT.md +162 -0
  31. package/BRISEstake_Analysis.txt +95 -0
  32. package/BSCSLOCKTOKEN_CRITICAL_FINDING.md +240 -0
  33. package/BSW_BISWAP_SECURITY_AUDIT.md +330 -0
  34. package/BTCST_FINAL_VERDICT.md +319 -0
  35. package/BTCST_MINING_REBASE_ANALYSIS.md +229 -0
  36. package/BTCST_ROUNDING_DEEP_DIVE.md +293 -0
  37. package/BTCST_ROUNDING_FINAL_VERDICT.md +9 -0
  38. package/BTCST_SECURITY_ANALYSIS.md +391 -0
  39. package/BTR_AUDIT.md +210 -0
  40. package/BeamBridge-analysis.md +226 -0
  41. package/BeamToken-analysis.md +201 -0
  42. package/BitgertSwap_Investigation.txt +107 -0
  43. package/CEEK_STAKING_ANALYSIS.md +0 -0
  44. package/CHAINBASE_AUDIT.md +422 -0
  45. package/COMPLETE_AUDIT_SUMMARY.md +342 -0
  46. package/CORRECTED_ANALYSIS.txt +115 -0
  47. package/DBXEN_COMPARISON_SUMMARY.md +232 -0
  48. package/DBXEN_EXPLOIT_ANALYSIS.md +530 -0
  49. package/DOPFairLaunch_raw.json +29 -0
  50. package/DOPFairLaunch_source.txt +0 -0
  51. package/DOP_BRIDGE_FINAL_ANALYSIS.txt +86 -0
  52. package/DOP_BUSD_LP_ANALYSIS.txt +44 -0
  53. package/DOP_FAIRLAUNCH_ANALYSIS.txt +61 -0
  54. package/DOP_FAIRLAUNCH_FINAL_VERDICT.txt +113 -0
  55. package/DOP_STAKING_CONTRACT_ANALYSIS.txt +67 -0
  56. package/DSYNC_ECOSYSTEM_ANALYSIS.md +221 -0
  57. package/DSyncStaking-exploit-analysis.md +153 -0
  58. package/DSyncVault-analysis.md +120 -0
  59. package/DUSD_PROXY_AUDIT.md +407 -0
  60. package/DXSALE_LOCK_AUDIT.md +0 -0
  61. package/DXSaleLock_bytecode.txt +1 -0
  62. package/ECHIDNA_QUICK_START.md +101 -0
  63. package/ELEPHANT_ECOSYSTEM_AUDIT_PLAN.md +159 -0
  64. package/ELEPHANT_ECOSYSTEM_COMPREHENSIVE_AUDIT.md +427 -0
  65. package/ELEPHANT_SECURITY_ANALYSIS.md +209 -0
  66. package/ELEPHANT_VULNERABILITIES_EXPLAINED.md +455 -0
  67. package/EXPLOIT_FIX.md +300 -0
  68. package/EXPLOIT_INSTRUCTIONS.md +273 -0
  69. package/EXPLOIT_SUMMARY.md +285 -0
  70. package/EXPLOIT_SUMMARY.txt +175 -0
  71. package/FALCON_FINANCE_AUDIT.md +258 -0
  72. package/FANDOM_AUDIT.md +359 -0
  73. package/FEE_ON_TRANSFER_ANALYSIS.md +228 -0
  74. package/FINAL_AUDIT_REPORT.md +0 -0
  75. package/FOLIO_PROXY_AUDIT.md +299 -0
  76. package/FOT_EXPLOIT_RESULTS.txt +110 -0
  77. package/FOT_TOKENS_AUDITED.md +103 -0
  78. package/HEGIC-mythril-analysis.txt +39 -0
  79. package/HEGIC_COMPLETE_ANALYSIS.md +343 -0
  80. package/HOTCROSS_SWAP_EXPLOIT_ANALYSIS.md +123 -0
  81. package/ICECREAMSWAP_EXPLOITS.md +259 -0
  82. package/IMMUNEFI_REPORT.md +314 -0
  83. package/KCCPAD_EXPLOIT_GUIDE.md +285 -0
  84. package/KEL_CEL_EXPLOIT_ANALYSIS.md +0 -0
  85. package/KOGE_AUDIT.md +328 -0
  86. package/LENDFLARE_ANALYSIS.md +239 -0
  87. package/LENDFLARE_ECHIDNA_GUIDE.md +356 -0
  88. package/LENDFLARE_EXPLOIT_INSTRUCTIONS.md +297 -0
  89. package/LENDFLARE_EXPLOIT_SUMMARY.md +292 -0
  90. package/LENDFLARE_FLASHLOAN_GUIDE.md +383 -0
  91. package/LENDFLARE_FUZZING_RESULTS.md +252 -0
  92. package/LENDFLARE_HONEYPOT_BYPASS_ANALYSIS.md +420 -0
  93. package/LENDFLARE_MANUAL_FUZZING.md +324 -0
  94. package/LENDFLARE_MYTHRIL_ANALYSIS.md +339 -0
  95. package/LENDFLARE_V3_BYPASS.md +296 -0
  96. package/LFTDECOMPILE.txt +14478 -0
  97. package/LFT_ACCOUNTING_ANALYSIS.md +0 -0
  98. package/LFT_ACCOUNTING_BUG_ANALYSIS.md +426 -0
  99. package/LFT_BACKDOOR_DEEP_DIVE.md +0 -0
  100. package/LFT_CRITICAL_EXPLOIT_CONFIRMED.md +428 -0
  101. package/LFT_EXPLOIT_VISUAL.md +253 -0
  102. package/LFT_QUICK_SUMMARY.md +124 -0
  103. package/LFT_REVERSE_EXPLOIT_ANALYSIS.md +521 -0
  104. package/MGO_AUDIT_REPORT.md +420 -0
  105. package/MYTHRIL_FINAL_REPORT.md +306 -0
  106. package/MYTHRIL_SLITHER_SUMMARY.md +244 -0
  107. package/NETX_MIGRATION_AUDIT.md +0 -0
  108. package/NPM_PUBLISH_GUIDE.md +0 -0
  109. package/NRV_CRITICAL_EXPLOIT.txt +143 -0
  110. package/NetX_Analysis.txt +76 -0
  111. package/NetX_Migration_bytecode.txt +1 -0
  112. package/NetX_Migration_source.txt +0 -0
  113. package/NetX_Token_source.txt +0 -0
  114. package/NetxWhitehatRescue +22 -0
  115. package/OILER_ATTACK_VISUAL.md +351 -0
  116. package/OILER_BLOCKSEC_TEST_RESULTS.md +421 -0
  117. package/OILER_DEEP_ANALYSIS.md +212 -0
  118. package/OILER_FINAL_EXPLOIT_REPORT.md +241 -0
  119. package/OILER_FINAL_VERDICT.md +339 -0
  120. package/OILER_REENTRANCY_EXPLAINED.md +638 -0
  121. package/OILER_REENTRANCY_FINAL_SUMMARY.md +391 -0
  122. package/OILER_REENTRANCY_REALITY_CHECK.md +393 -0
  123. package/OILER_REENTRANCY_STEP_BY_STEP.md +597 -0
  124. package/OILER_STAKING_MAINNET_ANALYSIS.md +366 -0
  125. package/OILER_STAKING_SECURITY_ANALYSIS.md +409 -0
  126. package/PANCAKESWAP_UNDERFLOW_HUNTING.md +317 -0
  127. package/POLS_MULTICHAIN_AUDIT.md +0 -0
  128. package/POSI_STAKING_AUDIT.md +0 -0
  129. package/PROXY2_SECURITY_ANALYSIS.md +0 -0
  130. package/Proxy2TACS +29748 -0
  131. package/QUICK_START.md +240 -0
  132. package/RAMP_SECURITY_ANALYSIS.md +0 -0
  133. package/README.md +238 -0
  134. package/REAUDIT_MASTER_LIST.txt +15 -0
  135. package/RING_analysis.txt +212 -0
  136. package/RPC +4 -0
  137. package/RULES.txt +20 -0
  138. package/SIREN_AUDIT.md +186 -0
  139. package/SYNC_EXPLOIT_README.md +0 -0
  140. package/SYNC_TOKEN_EXPLOIT_REPORT.md +224 -0
  141. package/TLM_raw.html +0 -0
  142. package/TLM_raw.txt +0 -0
  143. package/TLM_response.json +1 -0
  144. package/TRADOOR_AUDIT.md +253 -0
  145. package/TRUNK_AUDIT.md +285 -0
  146. package/UNIBASE_AUDIT.md +241 -0
  147. package/UNLOCK_ANALYSIS.md +0 -0
  148. package/UNLOCK_EXPLOIT.md +49 -0
  149. package/UNLOCK_EXPLOIT_ANALYSIS.md +0 -0
  150. package/UPS +232 -0
  151. package/UUPSCHECKER +208 -0
  152. package/VAULT_PROXY_AUDIT.md +457 -0
  153. package/VAULT_PROXY_FINAL_VERDICT.md +0 -0
  154. package/VERIFIED_EXPLOITS_FINAL.txt +146 -0
  155. package/WKEYDAO2_AUDIT.md +245 -0
  156. package/WSG_AUDIT.md +0 -0
  157. package/XFI_DEEP_ANALYSIS.md +327 -0
  158. package/YOOSHI_EXPLOIT_GUIDE.md +119 -0
  159. package/YSDAO_EXPLOIT_GUIDE.md +0 -0
  160. package/agent-4-bundle.md +22490 -0
  161. package/alpha-proxy-echidna.txt +1 -0
  162. package/alpha-proxy-fuzz-results.txt +81 -0
  163. package/alpha-proxy-mythril.txt +2 -0
  164. package/analyze-btcst-farm.js +54 -0
  165. package/analyze-dxsale-lock.js +75 -0
  166. package/analyze-elephant.js +69 -0
  167. package/analyze-fara-rewards.js +109 -0
  168. package/analyze-fara-storage.js +83 -0
  169. package/analyze-lft-transaction.js +158 -0
  170. package/analyze-lock-bytecode.js +59 -0
  171. package/analyze-shegic.js +0 -0
  172. package/analyze-staking-abi.js +0 -0
  173. package/analyze-sxp.js +57 -0
  174. package/analyze-tlm.js +76 -0
  175. package/analyze-trumpet.js +98 -0
  176. package/analyze-unlimited-nft.js +108 -0
  177. package/analyze_elephant.sh +27 -0
  178. package/analyze_vault.sh +32 -0
  179. package/aria-bytecode.txt +1 -0
  180. package/aria_response.json +1 -0
  181. package/ark_temp/README.md +66 -0
  182. package/ark_temp/lib/forge-std/.gitattributes +1 -0
  183. package/ark_temp/lib/forge-std/.github/CODEOWNERS +1 -0
  184. package/ark_temp/lib/forge-std/.github/dependabot.yml +6 -0
  185. package/ark_temp/lib/forge-std/.github/workflows/ci.yml +125 -0
  186. package/ark_temp/lib/forge-std/.github/workflows/sync.yml +36 -0
  187. package/ark_temp/lib/forge-std/CONTRIBUTING.md +193 -0
  188. package/ark_temp/lib/forge-std/LICENSE-APACHE +203 -0
  189. package/ark_temp/lib/forge-std/LICENSE-MIT +25 -0
  190. package/ark_temp/lib/forge-std/README.md +314 -0
  191. package/ark_temp/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  192. package/ark_temp/lib/forge-std/package.json +16 -0
  193. package/ark_temp/lib/forge-std/scripts/vm.py +636 -0
  194. package/audits/AiFi-security-audit-20260326.md +499 -0
  195. package/audits/BasedAI-Brains-security-audit-20260324.md +651 -0
  196. package/audits/BinanceAlphaWallet-pashov-ai-audit-report-20260324-170000.md +362 -0
  197. package/audits/DGToken-security-audit-20260324.md +376 -0
  198. package/audits/DSyncStaking-audit-part1.md +161 -0
  199. package/audits/DSyncStaking-security-audit-20260324.md +547 -0
  200. package/audits/DecompiledERC20-security-audit-20260325.md +397 -0
  201. package/audits/DegenVC-security-audit-20260324.md +585 -0
  202. package/audits/DelreyInu-security-audit-20260324.md +463 -0
  203. package/audits/DestraNetwork-security-audit-20260324.md +705 -0
  204. package/audits/DomiToken-security-audit-20260324.md +514 -0
  205. package/audits/LendFlareToken-security-audit-20260325.md +197 -0
  206. package/audits/LockReleaseTokenPool-security-audit-20260324.md +482 -0
  207. package/audits/MOG-pashov-ai-audit-report-20260324-164900.md +229 -0
  208. package/audits/PAALAI-security-audit-20260324.md +475 -0
  209. package/audits/PAR-security-audit-20260325.md +311 -0
  210. package/audits/PepeCoinStaking-security-audit-20260324.md +358 -0
  211. package/audits/StakingPool-security-audit-20260324.md +517 -0
  212. package/audits/SyncToken-security-audit-20260324.md +778 -0
  213. package/audits/UndeadToken-decompiled-security-audit-20260324.md +485 -0
  214. package/audits/UnknownToken-decompiled-security-audit-20260324.md +647 -0
  215. package/audits/XFIStaking-security-audit-20260324.md +682 -0
  216. package/audits/Xfinance-security-audit-20260324.md +463 -0
  217. package/audits/basedAIFarm-security-audit-20260324.md +330 -0
  218. package/audits/pepeCoin-security-audit-20260324.md +462 -0
  219. package/bin/ups +232 -0
  220. package/binance-wallet-exploit/.env.example +2 -0
  221. package/binance-wallet-exploit/EXECUTIVE_SUMMARY.md +272 -0
  222. package/binance-wallet-exploit/EXPLOIT_SUMMARY.md +104 -0
  223. package/binance-wallet-exploit/FINAL_ANALYSIS.md +326 -0
  224. package/binance-wallet-exploit/FLASHLOAN_ATTACK.md +292 -0
  225. package/binance-wallet-exploit/HONEYPOT_REPORT.md +526 -0
  226. package/binance-wallet-exploit/INVESTIGATION_COMPLETE.md +362 -0
  227. package/binance-wallet-exploit/LENDFLARE_EXPLOIT.md +219 -0
  228. package/binance-wallet-exploit/LENDFLARE_FINAL_ATTACK.md +307 -0
  229. package/binance-wallet-exploit/LENDFLARE_REAL_EXPLOIT.md +286 -0
  230. package/binance-wallet-exploit/LENDFLARE_RUGPULL.md +269 -0
  231. package/binance-wallet-exploit/LFT_ANALYSIS.md +206 -0
  232. package/binance-wallet-exploit/QUICK_START.md +75 -0
  233. package/binance-wallet-exploit/README.md +195 -0
  234. package/binance-wallet-exploit/REAL_TX_EXPLOIT_ANALYSIS.md +271 -0
  235. package/binance-wallet-exploit/REMIX_INSTRUCTIONS.md +223 -0
  236. package/binance-wallet-exploit/TEST_RESULTS.md +203 -0
  237. package/binance-wallet-exploit/cache/solidity-files-cache.json +1 -0
  238. package/binance-wallet-exploit/cache/test-failures +1 -0
  239. package/binance-wallet-exploit/lib/forge-std/.gitattributes +1 -0
  240. package/binance-wallet-exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  241. package/binance-wallet-exploit/lib/forge-std/.github/dependabot.yml +6 -0
  242. package/binance-wallet-exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  243. package/binance-wallet-exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  244. package/binance-wallet-exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  245. package/binance-wallet-exploit/lib/forge-std/LICENSE-APACHE +203 -0
  246. package/binance-wallet-exploit/lib/forge-std/LICENSE-MIT +25 -0
  247. package/binance-wallet-exploit/lib/forge-std/README.md +314 -0
  248. package/binance-wallet-exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  249. package/binance-wallet-exploit/lib/forge-std/package.json +16 -0
  250. package/binance-wallet-exploit/lib/forge-std/scripts/vm.py +636 -0
  251. package/binance-wallet-exploit/out/build-info/1e9aa7e86cf56962.json +1 -0
  252. package/binance-wallet-exploit/out/build-info/6f56f10e9d7b56eb.json +1 -0
  253. package/binance-wallet-exploit/out/build-info/7edba961ff697a24.json +1 -0
  254. package/binance-wallet-exploit/out/build-info/8c27fe3efea2f2e7.json +1 -0
  255. package/binance-wallet-exploit/out/build-info/978b680daffec63a.json +1 -0
  256. package/binance-wallet-exploit/out/build-info/9806b900b5672d0c.json +1 -0
  257. package/binance-wallet-exploit/out/build-info/b4b9ff36e9b3fc27.json +1 -0
  258. package/binance-wallet-exploit/out/build-info/b6f4df9ae05c0812.json +1 -0
  259. package/binance-wallet-exploit/out/build-info/c88dbc86551f7b5c.json +1 -0
  260. package/binance-wallet-exploit/out/build-info/e9657504010623db.json +1 -0
  261. package/cache/fuzz/failures/ARIAVerifiedFuzzTest/testFuzz_ApprovalRaceCondition +1 -0
  262. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_DirectTransferExploit +1 -0
  263. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_LargeSwapDrain +1 -0
  264. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_ApprovalExploit +1 -0
  265. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_BalanceManipulation +1 -0
  266. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_RateManipulation +1 -0
  267. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_StorageManipulation +1 -0
  268. package/cache/fuzz/failures/PARFuzzTest/testFuzz_OverflowTransfer +1 -0
  269. package/cache/fuzz/failures/PARFuzzTest/testFuzz_Transfer +1 -0
  270. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_FrontrunAddfunds +1 -0
  271. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RewardOverflow +1 -0
  272. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RoundingExploit +1 -0
  273. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_WithdrawLimit +1 -0
  274. package/cache/solidity-files-cache.json +1 -0
  275. package/cache/test-failures +1 -0
  276. package/calculate-elephant-flashloan.js +195 -0
  277. package/check-address-approval.js +112 -0
  278. package/check-alpha-proxy.js +42 -0
  279. package/check-arbitrage.js +155 -0
  280. package/check-aria-token.js +47 -0
  281. package/check-ark.sh +20 -0
  282. package/check-btcst-mining.js +75 -0
  283. package/check-btcst-pools.js +163 -0
  284. package/check-btcst.js +88 -0
  285. package/check-caller.js +26 -0
  286. package/check-ceek-lp.js +73 -0
  287. package/check-ceek.js +47 -0
  288. package/check-dxsale-address.js +35 -0
  289. package/check-fara-exploit-timing.js +56 -0
  290. package/check-fara-real-exploit.js +73 -0
  291. package/check-flashloan-limits.js +129 -0
  292. package/check-kel-cel-pool.js +91 -0
  293. package/check-lax-staking.js +41 -0
  294. package/check-lendflare.js +165 -0
  295. package/check-lft-accounting.js +109 -0
  296. package/check-lft-roles.js +165 -0
  297. package/check-lock-time.js +47 -0
  298. package/check-min-stake.js +73 -0
  299. package/check-mystery-contract.js +52 -0
  300. package/check-next-token.js +50 -0
  301. package/check-nora-lock.js +67 -0
  302. package/check-oiler-approvals.js +116 -0
  303. package/check-oiler-proxy.js +73 -0
  304. package/check-oiler-staking.js +117 -0
  305. package/check-proxy-simple.js +71 -0
  306. package/check-recent-stakes.js +54 -0
  307. package/check-shegic-holdings.js +67 -0
  308. package/check-snowcrash-ecosystem.js +83 -0
  309. package/check-sync-lp.js +97 -0
  310. package/check-sync-stake.js +42 -0
  311. package/check-tlm.js +37 -0
  312. package/check-token-pools.js +146 -0
  313. package/check-trunk-depeg.js +181 -0
  314. package/check-tusd-decimals.js +58 -0
  315. package/check-user-storage-deep.js +81 -0
  316. package/check-welephant-pools.js +130 -0
  317. package/check-xfi-pool.js +75 -0
  318. package/check-zypher.js +32 -0
  319. package/check_proxy.sh +36 -0
  320. package/compare-tlm-chains.js +90 -0
  321. package/contract_0x05f2.html +6025 -0
  322. package/contract_0x3720.html +6361 -0
  323. package/contract_0x928e.html +5606 -0
  324. package/contract_0xc42d.html +5304 -0
  325. package/contract_page.html +5789 -0
  326. package/decode-stake-tx.js +50 -0
  327. package/deep-analyze-lock.js +82 -0
  328. package/dune_uups_proxy_query.sql +42 -0
  329. package/dune_uups_vulnerable_query.sql +0 -0
  330. package/echidna/alpha-proxy.yaml +14 -0
  331. package/echidna/elephant.yaml +7 -0
  332. package/echidna/lendflare.yaml +42 -0
  333. package/echidna.config.yaml +12 -0
  334. package/elephant_raw.json +1 -0
  335. package/eps_raw.json +1 -0
  336. package/exploit/.github/workflows/test.yml +38 -0
  337. package/exploit/.gitmodules +3 -0
  338. package/exploit/README.md +66 -0
  339. package/exploit/foundry.lock +8 -0
  340. package/exploit/lib/forge-std/.gitattributes +1 -0
  341. package/exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  342. package/exploit/lib/forge-std/.github/dependabot.yml +6 -0
  343. package/exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  344. package/exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  345. package/exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  346. package/exploit/lib/forge-std/LICENSE-APACHE +203 -0
  347. package/exploit/lib/forge-std/LICENSE-MIT +25 -0
  348. package/exploit/lib/forge-std/README.md +314 -0
  349. package/exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  350. package/exploit/lib/forge-std/package.json +16 -0
  351. package/exploit/lib/forge-std/scripts/vm.py +636 -0
  352. package/exploit_analysis.txt +51 -0
  353. package/extract_contract.py +21 -0
  354. package/extract_elephant_contracts.py +24 -0
  355. package/fara-staking-bytecode.txt +1 -0
  356. package/fara-staking-raw.txt +1 -0
  357. package/fetch-aria.js +46 -0
  358. package/fetch-contract.js +50 -0
  359. package/fetch-shegic-source.js +86 -0
  360. package/fetch-snowcrash.js +44 -0
  361. package/fetch-staking-source.js +53 -0
  362. package/fetch-tlm.js +60 -0
  363. package/fetch_elephant_source.py +32 -0
  364. package/find-ceek-staking.js +21 -0
  365. package/find-exploit-tx.js +88 -0
  366. package/find-oiler-holders.js +100 -0
  367. package/find-tlm-holder.js +36 -0
  368. package/find-vulnerable-fund.js +94 -0
  369. package/foundry.lock +8 -0
  370. package/fuzz-all.sh +53 -0
  371. package/get-aria-contract.py +40 -0
  372. package/get-lft-holders.js +89 -0
  373. package/get-tlm-source.sh +8 -0
  374. package/harvest_txs.json +1 -0
  375. package/lft-bytecode-raw.txt +1 -0
  376. package/lft-bytecode.json +1 -0
  377. package/lft-impl.bin +1 -0
  378. package/lft-implementation-bytecode.txt +1 -0
  379. package/lib/forge-std/.gitattributes +1 -0
  380. package/lib/forge-std/.github/CODEOWNERS +1 -0
  381. package/lib/forge-std/.github/dependabot.yml +6 -0
  382. package/lib/forge-std/.github/workflows/ci.yml +125 -0
  383. package/lib/forge-std/.github/workflows/sync.yml +36 -0
  384. package/lib/forge-std/CONTRIBUTING.md +193 -0
  385. package/lib/forge-std/LICENSE-APACHE +203 -0
  386. package/lib/forge-std/LICENSE-MIT +25 -0
  387. package/lib/forge-std/README.md +314 -0
  388. package/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  389. package/lib/forge-std/package.json +16 -0
  390. package/lib/forge-std/scripts/vm.py +636 -0
  391. package/lib/openzeppelin-contracts/.changeset/config.json +12 -0
  392. package/lib/openzeppelin-contracts/.codecov.yml +12 -0
  393. package/lib/openzeppelin-contracts/.editorconfig +21 -0
  394. package/lib/openzeppelin-contracts/.eslintrc +20 -0
  395. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
  396. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/config.yml +4 -0
  397. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/feature_request.md +14 -0
  398. package/lib/openzeppelin-contracts/.github/PULL_REQUEST_TEMPLATE.md +20 -0
  399. package/lib/openzeppelin-contracts/.github/actions/gas-compare/action.yml +49 -0
  400. package/lib/openzeppelin-contracts/.github/actions/setup/action.yml +21 -0
  401. package/lib/openzeppelin-contracts/.github/actions/storage-layout/action.yml +55 -0
  402. package/lib/openzeppelin-contracts/.github/workflows/actionlint.yml +18 -0
  403. package/lib/openzeppelin-contracts/.github/workflows/changeset.yml +28 -0
  404. package/lib/openzeppelin-contracts/.github/workflows/checks.yml +118 -0
  405. package/lib/openzeppelin-contracts/.github/workflows/docs.yml +19 -0
  406. package/lib/openzeppelin-contracts/.github/workflows/formal-verification.yml +68 -0
  407. package/lib/openzeppelin-contracts/.github/workflows/release-cycle.yml +214 -0
  408. package/lib/openzeppelin-contracts/.github/workflows/upgradeable.yml +34 -0
  409. package/lib/openzeppelin-contracts/.gitmodules +7 -0
  410. package/lib/openzeppelin-contracts/.mocharc.js +4 -0
  411. package/lib/openzeppelin-contracts/.prettierrc +15 -0
  412. package/lib/openzeppelin-contracts/.solcover.js +13 -0
  413. package/lib/openzeppelin-contracts/CHANGELOG.md +972 -0
  414. package/lib/openzeppelin-contracts/CODE_OF_CONDUCT.md +73 -0
  415. package/lib/openzeppelin-contracts/CONTRIBUTING.md +36 -0
  416. package/lib/openzeppelin-contracts/GUIDELINES.md +148 -0
  417. package/lib/openzeppelin-contracts/LICENSE +22 -0
  418. package/lib/openzeppelin-contracts/README.md +107 -0
  419. package/lib/openzeppelin-contracts/RELEASING.md +45 -0
  420. package/lib/openzeppelin-contracts/SECURITY.md +42 -0
  421. package/lib/openzeppelin-contracts/audits/2017-03.md +292 -0
  422. package/lib/openzeppelin-contracts/audits/2018-10.pdf +0 -0
  423. package/lib/openzeppelin-contracts/audits/2022-10-Checkpoints.pdf +0 -0
  424. package/lib/openzeppelin-contracts/audits/2022-10-ERC4626.pdf +0 -0
  425. package/lib/openzeppelin-contracts/audits/2023-05-v4.9.pdf +0 -0
  426. package/lib/openzeppelin-contracts/audits/2023-10-v5.0.pdf +0 -0
  427. package/lib/openzeppelin-contracts/audits/README.md +17 -0
  428. package/lib/openzeppelin-contracts/certora/Makefile +54 -0
  429. package/lib/openzeppelin-contracts/certora/README.md +60 -0
  430. package/lib/openzeppelin-contracts/certora/diff/access_manager_AccessManager.sol.patch +97 -0
  431. package/lib/openzeppelin-contracts/certora/reports/2021-10.pdf +0 -0
  432. package/lib/openzeppelin-contracts/certora/reports/2022-03.pdf +0 -0
  433. package/lib/openzeppelin-contracts/certora/reports/2022-05.pdf +0 -0
  434. package/lib/openzeppelin-contracts/certora/run.js +160 -0
  435. package/lib/openzeppelin-contracts/certora/specs/AccessControl.spec +119 -0
  436. package/lib/openzeppelin-contracts/certora/specs/AccessControlDefaultAdminRules.spec +464 -0
  437. package/lib/openzeppelin-contracts/certora/specs/DoubleEndedQueue.spec +300 -0
  438. package/lib/openzeppelin-contracts/certora/specs/ERC20.spec +352 -0
  439. package/lib/openzeppelin-contracts/certora/specs/ERC20FlashMint.spec +55 -0
  440. package/lib/openzeppelin-contracts/certora/specs/ERC20Wrapper.spec +198 -0
  441. package/lib/openzeppelin-contracts/certora/specs/ERC721.spec +679 -0
  442. package/lib/openzeppelin-contracts/certora/specs/EnumerableMap.spec +333 -0
  443. package/lib/openzeppelin-contracts/certora/specs/EnumerableSet.spec +246 -0
  444. package/lib/openzeppelin-contracts/certora/specs/Initializable.spec +165 -0
  445. package/lib/openzeppelin-contracts/certora/specs/Ownable.spec +77 -0
  446. package/lib/openzeppelin-contracts/certora/specs/Ownable2Step.spec +108 -0
  447. package/lib/openzeppelin-contracts/certora/specs/Pausable.spec +96 -0
  448. package/lib/openzeppelin-contracts/certora/specs/TimelockController.spec +274 -0
  449. package/lib/openzeppelin-contracts/certora/specs/helpers/helpers.spec +7 -0
  450. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControl.spec +8 -0
  451. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControlDefaultAdminRules.spec +36 -0
  452. package/lib/openzeppelin-contracts/certora/specs/methods/IERC20.spec +11 -0
  453. package/lib/openzeppelin-contracts/certora/specs/methods/IERC2612.spec +5 -0
  454. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashBorrower.spec +3 -0
  455. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashLender.spec +5 -0
  456. package/lib/openzeppelin-contracts/certora/specs/methods/IERC5313.spec +3 -0
  457. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721.spec +17 -0
  458. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721Receiver.spec +3 -0
  459. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable.spec +5 -0
  460. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable2Step.spec +7 -0
  461. package/lib/openzeppelin-contracts/certora/specs.json +86 -0
  462. package/lib/openzeppelin-contracts/contracts/access/README.adoc +43 -0
  463. package/lib/openzeppelin-contracts/contracts/finance/README.adoc +14 -0
  464. package/lib/openzeppelin-contracts/contracts/governance/README.adoc +167 -0
  465. package/lib/openzeppelin-contracts/contracts/interfaces/README.adoc +82 -0
  466. package/lib/openzeppelin-contracts/contracts/metatx/README.adoc +12 -0
  467. package/lib/openzeppelin-contracts/contracts/package.json +32 -0
  468. package/lib/openzeppelin-contracts/contracts/proxy/README.adoc +87 -0
  469. package/lib/openzeppelin-contracts/contracts/token/ERC1155/README.adoc +41 -0
  470. package/lib/openzeppelin-contracts/contracts/token/ERC20/README.adoc +67 -0
  471. package/lib/openzeppelin-contracts/contracts/token/ERC721/README.adoc +67 -0
  472. package/lib/openzeppelin-contracts/contracts/token/common/README.adoc +10 -0
  473. package/lib/openzeppelin-contracts/contracts/utils/README.adoc +88 -0
  474. package/lib/openzeppelin-contracts/contracts/vendor/compound/LICENSE +11 -0
  475. package/lib/openzeppelin-contracts/docs/README.md +16 -0
  476. package/lib/openzeppelin-contracts/docs/antora.yml +7 -0
  477. package/lib/openzeppelin-contracts/docs/config.js +21 -0
  478. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3a.png +0 -0
  479. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3b.png +0 -0
  480. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-6.png +0 -0
  481. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack.png +0 -0
  482. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-deposit.png +0 -0
  483. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-mint.png +0 -0
  484. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-linear.png +0 -0
  485. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglog.png +0 -0
  486. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglogext.png +0 -0
  487. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-exec.png +0 -0
  488. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-vote.png +0 -0
  489. package/lib/openzeppelin-contracts/docs/modules/ROOT/nav.adoc +23 -0
  490. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/access-control.adoc +204 -0
  491. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/backwards-compatibility.adoc +48 -0
  492. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/crowdsales.adoc +11 -0
  493. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/drafts.adoc +19 -0
  494. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc1155.adoc +145 -0
  495. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20-supply.adoc +71 -0
  496. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20.adoc +77 -0
  497. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc4626.adoc +214 -0
  498. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc721.adoc +79 -0
  499. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/extending-contracts.adoc +77 -0
  500. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/faq.adoc +13 -0
  501. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/governance.adoc +240 -0
  502. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/index.adoc +79 -0
  503. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/tokens.adoc +31 -0
  504. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/upgradeable.adoc +77 -0
  505. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/utilities.adoc +185 -0
  506. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/wizard.adoc +15 -0
  507. package/lib/openzeppelin-contracts/docs/templates/contract.hbs +111 -0
  508. package/lib/openzeppelin-contracts/docs/templates/helpers.js +46 -0
  509. package/lib/openzeppelin-contracts/docs/templates/page.hbs +4 -0
  510. package/lib/openzeppelin-contracts/docs/templates/properties.js +64 -0
  511. package/lib/openzeppelin-contracts/hardhat/env-artifacts.js +24 -0
  512. package/lib/openzeppelin-contracts/hardhat/env-contract.js +25 -0
  513. package/lib/openzeppelin-contracts/hardhat/ignore-unreachable-warnings.js +45 -0
  514. package/lib/openzeppelin-contracts/hardhat/skip-foundry-tests.js +6 -0
  515. package/lib/openzeppelin-contracts/hardhat/task-test-get-files.js +25 -0
  516. package/lib/openzeppelin-contracts/hardhat.config.js +131 -0
  517. package/lib/openzeppelin-contracts/lib/erc4626-tests/LICENSE +661 -0
  518. package/lib/openzeppelin-contracts/lib/erc4626-tests/README.md +116 -0
  519. package/lib/openzeppelin-contracts/lib/forge-std/.github/workflows/ci.yml +92 -0
  520. package/lib/openzeppelin-contracts/lib/forge-std/.gitmodules +3 -0
  521. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-APACHE +203 -0
  522. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-MIT +25 -0
  523. package/lib/openzeppelin-contracts/lib/forge-std/README.md +250 -0
  524. package/lib/openzeppelin-contracts/lib/forge-std/package.json +16 -0
  525. package/lib/openzeppelin-contracts/logo.svg +15 -0
  526. package/lib/openzeppelin-contracts/netlify.toml +3 -0
  527. package/lib/openzeppelin-contracts/package-lock.json +16544 -0
  528. package/lib/openzeppelin-contracts/package.json +96 -0
  529. package/lib/openzeppelin-contracts/remappings.txt +1 -0
  530. package/lib/openzeppelin-contracts/renovate.json +4 -0
  531. package/lib/openzeppelin-contracts/requirements.txt +1 -0
  532. package/lib/openzeppelin-contracts/scripts/checks/compare-layout.js +20 -0
  533. package/lib/openzeppelin-contracts/scripts/checks/compareGasReports.js +243 -0
  534. package/lib/openzeppelin-contracts/scripts/checks/extract-layout.js +38 -0
  535. package/lib/openzeppelin-contracts/scripts/checks/generation.sh +6 -0
  536. package/lib/openzeppelin-contracts/scripts/checks/inheritance-ordering.js +54 -0
  537. package/lib/openzeppelin-contracts/scripts/gen-nav.js +41 -0
  538. package/lib/openzeppelin-contracts/scripts/generate/format-lines.js +16 -0
  539. package/lib/openzeppelin-contracts/scripts/generate/run.js +49 -0
  540. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.js +247 -0
  541. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.opts.js +17 -0
  542. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.t.js +146 -0
  543. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableMap.js +283 -0
  544. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableSet.js +250 -0
  545. package/lib/openzeppelin-contracts/scripts/generate/templates/SafeCast.js +126 -0
  546. package/lib/openzeppelin-contracts/scripts/generate/templates/StorageSlot.js +78 -0
  547. package/lib/openzeppelin-contracts/scripts/generate/templates/conversion.js +30 -0
  548. package/lib/openzeppelin-contracts/scripts/git-user-config.sh +6 -0
  549. package/lib/openzeppelin-contracts/scripts/helpers.js +37 -0
  550. package/lib/openzeppelin-contracts/scripts/prepack.sh +23 -0
  551. package/lib/openzeppelin-contracts/scripts/prepare-docs.sh +26 -0
  552. package/lib/openzeppelin-contracts/scripts/release/format-changelog.js +33 -0
  553. package/lib/openzeppelin-contracts/scripts/release/synchronize-versions.js +15 -0
  554. package/lib/openzeppelin-contracts/scripts/release/update-comment.js +34 -0
  555. package/lib/openzeppelin-contracts/scripts/release/version.sh +11 -0
  556. package/lib/openzeppelin-contracts/scripts/release/workflow/exit-prerelease.sh +8 -0
  557. package/lib/openzeppelin-contracts/scripts/release/workflow/github-release.js +48 -0
  558. package/lib/openzeppelin-contracts/scripts/release/workflow/integrity-check.sh +20 -0
  559. package/lib/openzeppelin-contracts/scripts/release/workflow/pack.sh +26 -0
  560. package/lib/openzeppelin-contracts/scripts/release/workflow/publish.sh +26 -0
  561. package/lib/openzeppelin-contracts/scripts/release/workflow/rerun.js +7 -0
  562. package/lib/openzeppelin-contracts/scripts/release/workflow/set-changesets-pr-title.js +17 -0
  563. package/lib/openzeppelin-contracts/scripts/release/workflow/start.sh +35 -0
  564. package/lib/openzeppelin-contracts/scripts/release/workflow/state.js +112 -0
  565. package/lib/openzeppelin-contracts/scripts/remove-ignored-artifacts.js +45 -0
  566. package/lib/openzeppelin-contracts/scripts/solhint-custom/index.js +84 -0
  567. package/lib/openzeppelin-contracts/scripts/solhint-custom/package.json +5 -0
  568. package/lib/openzeppelin-contracts/scripts/update-docs-branch.js +65 -0
  569. package/lib/openzeppelin-contracts/scripts/upgradeable/README.md +21 -0
  570. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-apply.sh +19 -0
  571. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-save.sh +18 -0
  572. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile-onto.sh +54 -0
  573. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile.sh +47 -0
  574. package/lib/openzeppelin-contracts/scripts/upgradeable/upgradeable.patch +360 -0
  575. package/lib/openzeppelin-contracts/slither.config.json +5 -0
  576. package/lib/openzeppelin-contracts/solhint.config.js +20 -0
  577. package/mythril-lft-output.txt +1 -0
  578. package/mythril-lft-symbolic.txt +18 -0
  579. package/mythril-lft.sh +20 -0
  580. package/mythril-symbolic-output.txt +1 -0
  581. package/mythril-symbolic.sh +42 -0
  582. package/out/build-info/0026b78428192979.json +1 -0
  583. package/out/build-info/03c4fc3b88486eba.json +1 -0
  584. package/out/build-info/0540afa9b9a5c5a6.json +1 -0
  585. package/out/build-info/081932f505bc08b9.json +1 -0
  586. package/out/build-info/0da104ba0d6642d5.json +1 -0
  587. package/out/build-info/197281971dbb5f23.json +1 -0
  588. package/out/build-info/197e7e332832a232.json +1 -0
  589. package/out/build-info/1a1cab9136eb5f94.json +1 -0
  590. package/out/build-info/1b320204eb162aa2.json +1 -0
  591. package/out/build-info/1e03f94398052674.json +1 -0
  592. package/out/build-info/22ac085949602937.json +1 -0
  593. package/out/build-info/234ef37453a9fa64.json +1 -0
  594. package/out/build-info/2447db7b1878fa8e.json +1 -0
  595. package/out/build-info/25568daeb484f5ff.json +1 -0
  596. package/out/build-info/27465853244c49ce.json +1 -0
  597. package/out/build-info/2c57a9e0f087453b.json +1 -0
  598. package/out/build-info/3c62ae7de8da68c4.json +1 -0
  599. package/out/build-info/3e771ae109e97bb3.json +1 -0
  600. package/out/build-info/460499bc0a3465c4.json +1 -0
  601. package/out/build-info/47ce37e50a4f115e.json +1 -0
  602. package/out/build-info/4fcce5c63cf427d6.json +1 -0
  603. package/out/build-info/4fd0a53fe63fddbb.json +1 -0
  604. package/out/build-info/50f1247db9d769cc.json +1 -0
  605. package/out/build-info/5317d0181a7a5e02.json +1 -0
  606. package/out/build-info/594df509275ceb5b.json +1 -0
  607. package/out/build-info/61983ac3f6141719.json +1 -0
  608. package/out/build-info/638c4548307122fe.json +1 -0
  609. package/out/build-info/67c2c43bdb7c0ded.json +1 -0
  610. package/out/build-info/777f42643aad37b7.json +1 -0
  611. package/out/build-info/7d7856f19e845354.json +1 -0
  612. package/out/build-info/83976260b6f71e94.json +1 -0
  613. package/out/build-info/83c23882000b963d.json +1 -0
  614. package/out/build-info/84b2cce8f70b36be.json +1 -0
  615. package/out/build-info/8bc13d31d7c3206a.json +1 -0
  616. package/out/build-info/8e183bd4d9d8cf88.json +1 -0
  617. package/out/build-info/94bfe1e7cafa8ff5.json +1 -0
  618. package/out/build-info/99ec7d5e8d8ff360.json +1 -0
  619. package/out/build-info/9ac044b29daa7d5e.json +1 -0
  620. package/out/build-info/9b203227ff5d2e63.json +1 -0
  621. package/out/build-info/9d18c5872c4282dd.json +1 -0
  622. package/out/build-info/9f77f04f33baf9a3.json +1 -0
  623. package/out/build-info/a6e1caf974787982.json +1 -0
  624. package/out/build-info/a94b6348867a62d6.json +1 -0
  625. package/out/build-info/ad93721947a8b195.json +1 -0
  626. package/out/build-info/b42daddb5aa4b19f.json +1 -0
  627. package/out/build-info/bf13512ae899f7e8.json +1 -0
  628. package/out/build-info/c39f86c20a548c4a.json +1 -0
  629. package/out/build-info/cb12bb975a2f4e65.json +1 -0
  630. package/out/build-info/d0c6788fadc2aa60.json +1 -0
  631. package/out/build-info/d2726bf94ed5b845.json +1 -0
  632. package/out/build-info/d4eb00da50cce5cb.json +1 -0
  633. package/out/build-info/db931924a3bc8bdd.json +1 -0
  634. package/out/build-info/e1a503d49bc77401.json +1 -0
  635. package/out/build-info/efe5396f8892ce77.json +1 -0
  636. package/out/build-info/f536d90ced745969.json +1 -0
  637. package/out/build-info/fed38823c7019b82.json +1 -0
  638. package/package.json +51 -0
  639. package/page.html +5384 -0
  640. package/pancakeswap-simple-tvl.sql +15 -0
  641. package/pancakeswap-top-pools.sql +29 -0
  642. package/pancakeswap-tvl-optimized.sql +57 -0
  643. package/pancakeswap-tvl-query.sql +60 -0
  644. package/pancakeswap-underflow-hunting.sql +51 -0
  645. package/pancakeswap-vulnerability-queries.sql +200 -0
  646. package/posi_page.html +6369 -0
  647. package/posi_response.json +29 -0
  648. package/proxy_page.html +500 -0
  649. package/run_mythril_elephant.sh +18 -0
  650. package/sHEGIC-bytecode.bin +6 -0
  651. package/sHEGIC-mythril-analysis.txt +1 -0
  652. package/sHEGIC-mythril-full.txt +134 -0
  653. package/sHEGIC_ANALYSIS.md +135 -0
  654. package/sHEGIC_EXPLOIT_ANALYSIS.md +317 -0
  655. package/sHEGIC_MYTHRIL_ANALYSIS.md +361 -0
  656. package/scrape-snowcrash.js +28 -0
  657. package/scripts/yooshi_drain.sh +154 -0
  658. package/shi_raw.json +1 -0
  659. package/temp.json +1 -0
  660. package/temp_harvest.json +1 -0
  661. package/temp_pika.json +1 -0
  662. package/temp_posi.json +1 -0
  663. package/temp_response.json +1 -0
  664. package/test-lft-hidden-balance.js +108 -0
  665. package/test-xfi-exploit.js +140 -0
  666. package/trunk-liquidity-rescue.js +164 -0
  667. package/vBABY_page.html +6153 -0
  668. package/vBABY_response.json +29 -0
  669. package/wsg_response.json +1 -0
  670. package/yooldo_page.html +10371 -0
package/lib/openzeppelin-contracts/certora/specs/EnumerableMap.spec ADDED
@@ -0,0 +1,333 @@
1
+ import "helpers/helpers.spec";
2
+
3
+ methods {
4
+ // library
5
+ function set(bytes32,bytes32) external returns (bool) envfree;
6
+ function remove(bytes32) external returns (bool) envfree;
7
+ function contains(bytes32) external returns (bool) envfree;
8
+ function length() external returns (uint256) envfree;
9
+ function key_at(uint256) external returns (bytes32) envfree;
10
+ function value_at(uint256) external returns (bytes32) envfree;
11
+ function tryGet_contains(bytes32) external returns (bool) envfree;
12
+ function tryGet_value(bytes32) external returns (bytes32) envfree;
13
+ function get(bytes32) external returns (bytes32) envfree;
14
+
15
+ // FV
16
+ function _indexOf(bytes32) external returns (uint256) envfree;
17
+ }
18
+
19
+ /*
20
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
21
+ │ Helpers │
22
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
23
+ */
24
+ definition sanity() returns bool =
25
+ length() < max_uint256;
26
+
27
+ /*
28
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
29
+ │ Invariant: the value mapping is empty for keys that are not in the EnumerableMap. │
30
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
31
+ */
32
+ invariant noValueIfNotContained(bytes32 key)
33
+ !contains(key) => tryGet_value(key) == to_bytes32(0)
34
+ {
35
+ preserved set(bytes32 otherKey, bytes32 someValue) {
36
+ require sanity();
37
+ }
38
+ }
39
+
40
+ /*
41
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
42
+ │ Invariant: All indexed keys are contained │
43
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
44
+ */
45
+ invariant indexedContained(uint256 index)
46
+ index < length() => contains(key_at(index))
47
+ {
48
+ preserved {
49
+ requireInvariant consistencyIndex(index);
50
+ requireInvariant consistencyIndex(require_uint256(length() - 1));
51
+ }
52
+ }
53
+
54
+ /*
55
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
56
+ │ Invariant: A value can only be stored at a single location │
57
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
58
+ */
59
+ invariant atUniqueness(uint256 index1, uint256 index2)
60
+ index1 == index2 <=> key_at(index1) == key_at(index2)
61
+ {
62
+ preserved remove(bytes32 key) {
63
+ requireInvariant atUniqueness(index1, require_uint256(length() - 1));
64
+ requireInvariant atUniqueness(index2, require_uint256(length() - 1));
65
+ }
66
+ }
67
+
68
+ /*
69
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
70
+ │ Invariant: index <> value relationship is consistent │
71
+ │ │
72
+ │ Note that the two consistencyXxx invariants, put together, prove that at_ and _indexOf are inverse of one another. │
73
+ │ This proves that we have a bijection between indices (the enumerability part) and keys (the entries that are set │
74
+ │ and removed from the EnumerableMap). │
75
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
76
+ */
77
+ invariant consistencyIndex(uint256 index)
78
+ index < length() => to_mathint(_indexOf(key_at(index))) == index + 1
79
+ {
80
+ preserved remove(bytes32 key) {
81
+ requireInvariant consistencyIndex(require_uint256(length() - 1));
82
+ }
83
+ }
84
+
85
+ invariant consistencyKey(bytes32 key)
86
+ contains(key) => (
87
+ _indexOf(key) > 0 &&
88
+ _indexOf(key) <= length() &&
89
+ key_at(require_uint256(_indexOf(key) - 1)) == key
90
+ )
91
+ {
92
+ preserved remove(bytes32 otherKey) {
93
+ requireInvariant consistencyKey(otherKey);
94
+ requireInvariant atUniqueness(
95
+ require_uint256(_indexOf(key) - 1),
96
+ require_uint256(_indexOf(otherKey) - 1)
97
+ );
98
+ }
99
+ }
100
+
101
+ /*
102
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
103
+ │ Rule: state only changes by setting or removing elements │
104
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
105
+ */
106
+ rule stateChange(env e, bytes32 key) {
107
+ require sanity();
108
+ requireInvariant consistencyKey(key);
109
+
110
+ uint256 lengthBefore = length();
111
+ bool containsBefore = contains(key);
112
+ bytes32 valueBefore = tryGet_value(key);
113
+
114
+ method f;
115
+ calldataarg args;
116
+ f(e, args);
117
+
118
+ uint256 lengthAfter = length();
119
+ bool containsAfter = contains(key);
120
+ bytes32 valueAfter = tryGet_value(key);
121
+
122
+ assert lengthBefore != lengthAfter => (
123
+ (f.selector == sig:set(bytes32,bytes32).selector && to_mathint(lengthAfter) == lengthBefore + 1) ||
124
+ (f.selector == sig:remove(bytes32).selector && to_mathint(lengthAfter) == lengthBefore - 1)
125
+ );
126
+
127
+ assert containsBefore != containsAfter => (
128
+ (f.selector == sig:set(bytes32,bytes32).selector && containsAfter) ||
129
+ (f.selector == sig:remove(bytes32).selector && !containsAfter)
130
+ );
131
+
132
+ assert valueBefore != valueAfter => (
133
+ (f.selector == sig:set(bytes32,bytes32).selector && containsAfter) ||
134
+ (f.selector == sig:remove(bytes32).selector && !containsAfter && valueAfter == to_bytes32(0))
135
+ );
136
+ }
137
+
138
+ /*
139
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
140
+ │ Rule: check liveness of view functions. │
141
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
142
+ */
143
+ rule liveness_1(bytes32 key) {
144
+ requireInvariant consistencyKey(key);
145
+
146
+ // contains never revert
147
+ bool contains = contains@withrevert(key);
148
+ assert !lastReverted;
149
+
150
+ // tryGet never reverts (key)
151
+ tryGet_contains@withrevert(key);
152
+ assert !lastReverted;
153
+
154
+ // tryGet never reverts (value)
155
+ tryGet_value@withrevert(key);
156
+ assert !lastReverted;
157
+
158
+ // get reverts iff the key is not in the map
159
+ get@withrevert(key);
160
+ assert !lastReverted <=> contains;
161
+ }
162
+
163
+ rule liveness_2(uint256 index) {
164
+ requireInvariant consistencyIndex(index);
165
+
166
+ // length never revert
167
+ uint256 length = length@withrevert();
168
+ assert !lastReverted;
169
+
170
+ // key_at reverts iff the index is out of bound
171
+ key_at@withrevert(index);
172
+ assert !lastReverted <=> index < length;
173
+
174
+ // value_at reverts iff the index is out of bound
175
+ value_at@withrevert(index);
176
+ assert !lastReverted <=> index < length;
177
+ }
178
+
179
+ /*
180
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
181
+ │ Rule: get and tryGet return the expected values. │
182
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
183
+ */
184
+ rule getAndTryGet(bytes32 key) {
185
+ requireInvariant noValueIfNotContained(key);
186
+
187
+ bool contained = contains(key);
188
+ bool tryContained = tryGet_contains(key);
189
+ bytes32 tryValue = tryGet_value(key);
190
+ bytes32 value = get@withrevert(key); // revert is not contained
191
+
192
+ assert contained == tryContained;
193
+ assert contained => tryValue == value;
194
+ assert !contained => tryValue == to_bytes32(0);
195
+ }
196
+
197
+ /*
198
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
199
+ │ Rule: set key-value in EnumerableMap │
200
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
201
+ */
202
+ rule set(bytes32 key, bytes32 value, bytes32 otherKey) {
203
+ require sanity();
204
+
205
+ uint256 lengthBefore = length();
206
+ bool containsBefore = contains(key);
207
+ bool containsOtherBefore = contains(otherKey);
208
+ bytes32 otherValueBefore = tryGet_value(otherKey);
209
+
210
+ bool added = set@withrevert(key, value);
211
+ bool success = !lastReverted;
212
+
213
+ assert success && contains(key) && get(key) == value,
214
+ "liveness & immediate effect";
215
+
216
+ assert added <=> !containsBefore,
217
+ "return value: added iff not contained";
218
+
219
+ assert to_mathint(length()) == lengthBefore + to_mathint(added ? 1 : 0),
220
+ "effect: length increases iff added";
221
+
222
+ assert added => (key_at(lengthBefore) == key && value_at(lengthBefore) == value),
223
+ "effect: add at the end";
224
+
225
+ assert containsOtherBefore != contains(otherKey) => (added && key == otherKey),
226
+ "side effect: other keys are not affected";
227
+
228
+ assert otherValueBefore != tryGet_value(otherKey) => key == otherKey,
229
+ "side effect: values attached to other keys are not affected";
230
+ }
231
+
232
+ /*
233
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
234
+ │ Rule: remove key from EnumerableMap │
235
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
236
+ */
237
+ rule remove(bytes32 key, bytes32 otherKey) {
238
+ requireInvariant consistencyKey(key);
239
+ requireInvariant consistencyKey(otherKey);
240
+
241
+ uint256 lengthBefore = length();
242
+ bool containsBefore = contains(key);
243
+ bool containsOtherBefore = contains(otherKey);
244
+ bytes32 otherValueBefore = tryGet_value(otherKey);
245
+
246
+ bool removed = remove@withrevert(key);
247
+ bool success = !lastReverted;
248
+
249
+ assert success && !contains(key),
250
+ "liveness & immediate effect";
251
+
252
+ assert removed <=> containsBefore,
253
+ "return value: removed iff contained";
254
+
255
+ assert to_mathint(length()) == lengthBefore - to_mathint(removed ? 1 : 0),
256
+ "effect: length decreases iff removed";
257
+
258
+ assert containsOtherBefore != contains(otherKey) => (removed && key == otherKey),
259
+ "side effect: other keys are not affected";
260
+
261
+ assert otherValueBefore != tryGet_value(otherKey) => key == otherKey,
262
+ "side effect: values attached to other keys are not affected";
263
+ }
264
+
265
+ /*
266
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
267
+ │ Rule: when adding a new key, the other keys remain in set, at the same index. │
268
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
269
+ */
270
+ rule setEnumerability(bytes32 key, bytes32 value, uint256 index) {
271
+ require sanity();
272
+
273
+ bytes32 atKeyBefore = key_at(index);
274
+ bytes32 atValueBefore = value_at(index);
275
+
276
+ set(key, value);
277
+
278
+ bytes32 atKeyAfter = key_at@withrevert(index);
279
+ assert !lastReverted;
280
+
281
+ bytes32 atValueAfter = value_at@withrevert(index);
282
+ assert !lastReverted;
283
+
284
+ assert atKeyAfter == atKeyBefore;
285
+ assert atValueAfter != atValueBefore => (
286
+ key == atKeyBefore &&
287
+ value == atValueAfter
288
+ );
289
+ }
290
+
291
+ /*
292
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
293
+ │ Rule: when removing a existing key, the other keys remain in set, at the same index (except for the last one). │
294
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
295
+ */
296
+ rule removeEnumerability(bytes32 key, uint256 index) {
297
+ uint256 last = require_uint256(length() - 1);
298
+
299
+ requireInvariant consistencyKey(key);
300
+ requireInvariant consistencyIndex(index);
301
+ requireInvariant consistencyIndex(last);
302
+
303
+ bytes32 atKeyBefore = key_at(index);
304
+ bytes32 atValueBefore = value_at(index);
305
+ bytes32 lastKeyBefore = key_at(last);
306
+ bytes32 lastValueBefore = value_at(last);
307
+
308
+ remove(key);
309
+
310
+ // can't read last value & keys (length decreased)
311
+ bytes32 atKeyAfter = key_at@withrevert(index);
312
+ assert lastReverted <=> index == last;
313
+
314
+ bytes32 atValueAfter = value_at@withrevert(index);
315
+ assert lastReverted <=> index == last;
316
+
317
+ // One value that is allowed to change is if previous value was removed,
318
+ // in that case the last value before took its place.
319
+ assert (
320
+ index != last &&
321
+ atKeyBefore != atKeyAfter
322
+ ) => (
323
+ atKeyBefore == key &&
324
+ atKeyAfter == lastKeyBefore
325
+ );
326
+
327
+ assert (
328
+ index != last &&
329
+ atValueBefore != atValueAfter
330
+ ) => (
331
+ atValueAfter == lastValueBefore
332
+ );
333
+ }
package/lib/openzeppelin-contracts/certora/specs/EnumerableSet.spec ADDED
@@ -0,0 +1,246 @@
1
+ import "helpers/helpers.spec";
2
+
3
+ methods {
4
+ // library
5
+ function add(bytes32) external returns (bool) envfree;
6
+ function remove(bytes32) external returns (bool) envfree;
7
+ function contains(bytes32) external returns (bool) envfree;
8
+ function length() external returns (uint256) envfree;
9
+ function at_(uint256) external returns (bytes32) envfree;
10
+
11
+ // FV
12
+ function _indexOf(bytes32) external returns (uint256) envfree;
13
+ }
14
+
15
+ /*
16
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
17
+ │ Helpers │
18
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
19
+ */
20
+ definition sanity() returns bool =
21
+ length() < max_uint256;
22
+
23
+ /*
24
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
25
+ │ Invariant: All indexed keys are contained │
26
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
27
+ */
28
+ invariant indexedContained(uint256 index)
29
+ index < length() => contains(at_(index))
30
+ {
31
+ preserved {
32
+ requireInvariant consistencyIndex(index);
33
+ requireInvariant consistencyIndex(require_uint256(length() - 1));
34
+ }
35
+ }
36
+
37
+ /*
38
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
39
+ │ Invariant: A value can only be stored at a single location │
40
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
41
+ */
42
+ invariant atUniqueness(uint256 index1, uint256 index2)
43
+ index1 == index2 <=> at_(index1) == at_(index2)
44
+ {
45
+ preserved remove(bytes32 key) {
46
+ requireInvariant atUniqueness(index1, require_uint256(length() - 1));
47
+ requireInvariant atUniqueness(index2, require_uint256(length() - 1));
48
+ }
49
+ }
50
+
51
+ /*
52
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
53
+ │ Invariant: index <> key relationship is consistent │
54
+ │ │
55
+ │ Note that the two consistencyXxx invariants, put together, prove that at_ and _indexOf are inverse of one another. │
56
+ │ This proves that we have a bijection between indices (the enumerability part) and keys (the entries that are added │
57
+ │ and removed from the EnumerableSet). │
58
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
59
+ */
60
+ invariant consistencyIndex(uint256 index)
61
+ index < length() => _indexOf(at_(index)) == require_uint256(index + 1)
62
+ {
63
+ preserved remove(bytes32 key) {
64
+ requireInvariant consistencyIndex(require_uint256(length() - 1));
65
+ }
66
+ }
67
+
68
+ invariant consistencyKey(bytes32 key)
69
+ contains(key) => (
70
+ _indexOf(key) > 0 &&
71
+ _indexOf(key) <= length() &&
72
+ at_(require_uint256(_indexOf(key) - 1)) == key
73
+ )
74
+ {
75
+ preserved remove(bytes32 otherKey) {
76
+ requireInvariant consistencyKey(otherKey);
77
+ requireInvariant atUniqueness(
78
+ require_uint256(_indexOf(key) - 1),
79
+ require_uint256(_indexOf(otherKey) - 1)
80
+ );
81
+ }
82
+ }
83
+
84
+ /*
85
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
86
+ │ Rule: state only changes by adding or removing elements │
87
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
88
+ */
89
+ rule stateChange(env e, bytes32 key) {
90
+ require sanity();
91
+ requireInvariant consistencyKey(key);
92
+
93
+ uint256 lengthBefore = length();
94
+ bool containsBefore = contains(key);
95
+
96
+ method f;
97
+ calldataarg args;
98
+ f(e, args);
99
+
100
+ uint256 lengthAfter = length();
101
+ bool containsAfter = contains(key);
102
+
103
+ assert lengthBefore != lengthAfter => (
104
+ (f.selector == sig:add(bytes32).selector && lengthAfter == require_uint256(lengthBefore + 1)) ||
105
+ (f.selector == sig:remove(bytes32).selector && lengthAfter == require_uint256(lengthBefore - 1))
106
+ );
107
+
108
+ assert containsBefore != containsAfter => (
109
+ (f.selector == sig:add(bytes32).selector && containsAfter) ||
110
+ (f.selector == sig:remove(bytes32).selector && containsBefore)
111
+ );
112
+ }
113
+
114
+ /*
115
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
116
+ │ Rule: check liveness of view functions. │
117
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
118
+ */
119
+ rule liveness_1(bytes32 key) {
120
+ requireInvariant consistencyKey(key);
121
+
122
+ // contains never revert
123
+ contains@withrevert(key);
124
+ assert !lastReverted;
125
+ }
126
+
127
+ rule liveness_2(uint256 index) {
128
+ requireInvariant consistencyIndex(index);
129
+
130
+ // length never revert
131
+ uint256 length = length@withrevert();
132
+ assert !lastReverted;
133
+
134
+ // at reverts iff the index is out of bound
135
+ at_@withrevert(index);
136
+ assert !lastReverted <=> index < length;
137
+ }
138
+
139
+ /*
140
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
141
+ │ Rule: add key to EnumerableSet if not already contained │
142
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
143
+ */
144
+ rule add(bytes32 key, bytes32 otherKey) {
145
+ require sanity();
146
+
147
+ uint256 lengthBefore = length();
148
+ bool containsBefore = contains(key);
149
+ bool containsOtherBefore = contains(otherKey);
150
+
151
+ bool added = add@withrevert(key);
152
+ bool success = !lastReverted;
153
+
154
+ assert success && contains(key),
155
+ "liveness & immediate effect";
156
+
157
+ assert added <=> !containsBefore,
158
+ "return value: added iff not contained";
159
+
160
+ assert length() == require_uint256(lengthBefore + to_mathint(added ? 1 : 0)),
161
+ "effect: length increases iff added";
162
+
163
+ assert added => at_(lengthBefore) == key,
164
+ "effect: add at the end";
165
+
166
+ assert containsOtherBefore != contains(otherKey) => (added && key == otherKey),
167
+ "side effect: other keys are not affected";
168
+ }
169
+
170
+ /*
171
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
172
+ │ Rule: remove key from EnumerableSet if already contained │
173
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
174
+ */
175
+ rule remove(bytes32 key, bytes32 otherKey) {
176
+ requireInvariant consistencyKey(key);
177
+ requireInvariant consistencyKey(otherKey);
178
+
179
+ uint256 lengthBefore = length();
180
+ bool containsBefore = contains(key);
181
+ bool containsOtherBefore = contains(otherKey);
182
+
183
+ bool removed = remove@withrevert(key);
184
+ bool success = !lastReverted;
185
+
186
+ assert success && !contains(key),
187
+ "liveness & immediate effect";
188
+
189
+ assert removed <=> containsBefore,
190
+ "return value: removed iff contained";
191
+
192
+ assert length() == require_uint256(lengthBefore - to_mathint(removed ? 1 : 0)),
193
+ "effect: length decreases iff removed";
194
+
195
+ assert containsOtherBefore != contains(otherKey) => (removed && key == otherKey),
196
+ "side effect: other keys are not affected";
197
+ }
198
+
199
+ /*
200
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
201
+ │ Rule: when adding a new key, the other keys remain in set, at the same index. │
202
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
203
+ */
204
+ rule addEnumerability(bytes32 key, uint256 index) {
205
+ require sanity();
206
+
207
+ bytes32 atBefore = at_(index);
208
+ add(key);
209
+ bytes32 atAfter = at_@withrevert(index);
210
+ bool atAfterSuccess = !lastReverted;
211
+
212
+ assert atAfterSuccess;
213
+ assert atBefore == atAfter;
214
+ }
215
+
216
+ /*
217
+ ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
218
+ │ Rule: when removing a existing key, the other keys remain in set, at the same index (except for the last one). │
219
+ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
220
+ */
221
+ rule removeEnumerability(bytes32 key, uint256 index) {
222
+ uint256 last = require_uint256(length() - 1);
223
+
224
+ requireInvariant consistencyKey(key);
225
+ requireInvariant consistencyIndex(index);
226
+ requireInvariant consistencyIndex(last);
227
+
228
+ bytes32 atBefore = at_(index);
229
+ bytes32 lastBefore = at_(last);
230
+
231
+ remove(key);
232
+
233
+ // can't read last value (length decreased)
234
+ bytes32 atAfter = at_@withrevert(index);
235
+ assert lastReverted <=> index == last;
236
+
237
+ // One value that is allowed to change is if previous value was removed,
238
+ // in that case the last value before took its place.
239
+ assert (
240
+ index != last &&
241
+ atBefore != atAfter
242
+ ) => (
243
+ atBefore == key &&
244
+ atAfter == lastBefore
245
+ );
246
+ }