npm - uups-checker - Versions diffs - 1.0.0 - Mend

uups-checker 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (670) hide show

package/.gitmodules +6 -0
package/AIFI_AUDIT.md +220 -0
package/ALL_AUDITS_SUMMARY.md +366 -0
package/ALPHA_PROXY_CRITICAL_FINDING.md +136 -0
package/ALPHA_PROXY_FINAL_ANALYSIS.md +213 -0
package/ALPHA_PROXY_FINAL_VERDICT.md +233 -0
package/ALPHA_PROXY_SELFDESTRUCT_EXPLOIT.md +161 -0
package/ARIA-foundry-test.txt +9 -0
package/ARIA-mythril-analysis.txt +20 -0
package/ARIA-slither-analysis.txt +38 -0
package/ARIA_AI_SECURITY_AUDIT.md +290 -0
package/ARIA_VERIFIED_AUDIT.md +259 -0
package/ARIA_VERIFIED_slither.txt +76 -0
package/ARIVA_source.txt +1 -0
package/ARK_AUDIT.md +349 -0
package/BANANA_AUDIT.md +365 -0
package/BAS_AUDIT.md +451 -0
package/BAS_TOKEN_AUDIT.md +235 -0
package/BCE_EXPLOIT_ANALYSIS.md +165 -0
package/BEEFY_BNB_CHAIN_ANALYSIS.md +488 -0
package/BEEFY_MONAD_ANALYSIS.md +239 -0
package/BEEFY_STAKING_ANALYSIS.md +136 -0
package/BEEFY_XVS_WBNB_ACTUAL_FINDINGS.md +223 -0
package/BEEFY_XVS_WBNB_CRITICAL_FINDINGS.md +269 -0
package/BLOCKSEC_ATTACK_KNOWLEDGE_BASE.md +771 -0
package/BRISE_ANALYSIS.txt +31 -0
package/BRISE_BSC_DAPPS.txt +68 -0
package/BRISE_EXPLOITS_FOUND.md +98 -0
package/BRISE_REAL_EXPLOITS.md +115 -0
package/BRISE_WHITEHAT_REPORT.md +162 -0
package/BRISEstake_Analysis.txt +95 -0
package/BSCSLOCKTOKEN_CRITICAL_FINDING.md +240 -0
package/BSW_BISWAP_SECURITY_AUDIT.md +330 -0
package/BTCST_FINAL_VERDICT.md +319 -0
package/BTCST_MINING_REBASE_ANALYSIS.md +229 -0
package/BTCST_ROUNDING_DEEP_DIVE.md +293 -0
package/BTCST_ROUNDING_FINAL_VERDICT.md +9 -0
package/BTCST_SECURITY_ANALYSIS.md +391 -0
package/BTR_AUDIT.md +210 -0
package/BeamBridge-analysis.md +226 -0
package/BeamToken-analysis.md +201 -0
package/BitgertSwap_Investigation.txt +107 -0
package/CEEK_STAKING_ANALYSIS.md +0 -0
package/CHAINBASE_AUDIT.md +422 -0
package/COMPLETE_AUDIT_SUMMARY.md +342 -0
package/CORRECTED_ANALYSIS.txt +115 -0
package/DBXEN_COMPARISON_SUMMARY.md +232 -0
package/DBXEN_EXPLOIT_ANALYSIS.md +530 -0
package/DOPFairLaunch_raw.json +29 -0
package/DOPFairLaunch_source.txt +0 -0
package/DOP_BRIDGE_FINAL_ANALYSIS.txt +86 -0
package/DOP_BUSD_LP_ANALYSIS.txt +44 -0
package/DOP_FAIRLAUNCH_ANALYSIS.txt +61 -0
package/DOP_FAIRLAUNCH_FINAL_VERDICT.txt +113 -0
package/DOP_STAKING_CONTRACT_ANALYSIS.txt +67 -0
package/DSYNC_ECOSYSTEM_ANALYSIS.md +221 -0
package/DSyncStaking-exploit-analysis.md +153 -0
package/DSyncVault-analysis.md +120 -0
package/DUSD_PROXY_AUDIT.md +407 -0
package/DXSALE_LOCK_AUDIT.md +0 -0
package/DXSaleLock_bytecode.txt +1 -0
package/ECHIDNA_QUICK_START.md +101 -0
package/ELEPHANT_ECOSYSTEM_AUDIT_PLAN.md +159 -0
package/ELEPHANT_ECOSYSTEM_COMPREHENSIVE_AUDIT.md +427 -0
package/ELEPHANT_SECURITY_ANALYSIS.md +209 -0
package/ELEPHANT_VULNERABILITIES_EXPLAINED.md +455 -0
package/EXPLOIT_FIX.md +300 -0
package/EXPLOIT_INSTRUCTIONS.md +273 -0
package/EXPLOIT_SUMMARY.md +285 -0
package/EXPLOIT_SUMMARY.txt +175 -0
package/FALCON_FINANCE_AUDIT.md +258 -0
package/FANDOM_AUDIT.md +359 -0
package/FEE_ON_TRANSFER_ANALYSIS.md +228 -0
package/FINAL_AUDIT_REPORT.md +0 -0
package/FOLIO_PROXY_AUDIT.md +299 -0
package/FOT_EXPLOIT_RESULTS.txt +110 -0
package/FOT_TOKENS_AUDITED.md +103 -0
package/HEGIC-mythril-analysis.txt +39 -0
package/HEGIC_COMPLETE_ANALYSIS.md +343 -0
package/HOTCROSS_SWAP_EXPLOIT_ANALYSIS.md +123 -0
package/ICECREAMSWAP_EXPLOITS.md +259 -0
package/IMMUNEFI_REPORT.md +314 -0
package/KCCPAD_EXPLOIT_GUIDE.md +285 -0
package/KEL_CEL_EXPLOIT_ANALYSIS.md +0 -0
package/KOGE_AUDIT.md +328 -0
package/LENDFLARE_ANALYSIS.md +239 -0
package/LENDFLARE_ECHIDNA_GUIDE.md +356 -0
package/LENDFLARE_EXPLOIT_INSTRUCTIONS.md +297 -0
package/LENDFLARE_EXPLOIT_SUMMARY.md +292 -0
package/LENDFLARE_FLASHLOAN_GUIDE.md +383 -0
package/LENDFLARE_FUZZING_RESULTS.md +252 -0
package/LENDFLARE_HONEYPOT_BYPASS_ANALYSIS.md +420 -0
package/LENDFLARE_MANUAL_FUZZING.md +324 -0
package/LENDFLARE_MYTHRIL_ANALYSIS.md +339 -0
package/LENDFLARE_V3_BYPASS.md +296 -0
package/LFTDECOMPILE.txt +14478 -0
package/LFT_ACCOUNTING_ANALYSIS.md +0 -0
package/LFT_ACCOUNTING_BUG_ANALYSIS.md +426 -0
package/LFT_BACKDOOR_DEEP_DIVE.md +0 -0
package/LFT_CRITICAL_EXPLOIT_CONFIRMED.md +428 -0
package/LFT_EXPLOIT_VISUAL.md +253 -0
package/LFT_QUICK_SUMMARY.md +124 -0
package/LFT_REVERSE_EXPLOIT_ANALYSIS.md +521 -0
package/MGO_AUDIT_REPORT.md +420 -0
package/MYTHRIL_FINAL_REPORT.md +306 -0
package/MYTHRIL_SLITHER_SUMMARY.md +244 -0
package/NETX_MIGRATION_AUDIT.md +0 -0
package/NPM_PUBLISH_GUIDE.md +0 -0
package/NRV_CRITICAL_EXPLOIT.txt +143 -0
package/NetX_Analysis.txt +76 -0
package/NetX_Migration_bytecode.txt +1 -0
package/NetX_Migration_source.txt +0 -0
package/NetX_Token_source.txt +0 -0
package/NetxWhitehatRescue +22 -0
package/OILER_ATTACK_VISUAL.md +351 -0
package/OILER_BLOCKSEC_TEST_RESULTS.md +421 -0
package/OILER_DEEP_ANALYSIS.md +212 -0
package/OILER_FINAL_EXPLOIT_REPORT.md +241 -0
package/OILER_FINAL_VERDICT.md +339 -0
package/OILER_REENTRANCY_EXPLAINED.md +638 -0
package/OILER_REENTRANCY_FINAL_SUMMARY.md +391 -0
package/OILER_REENTRANCY_REALITY_CHECK.md +393 -0
package/OILER_REENTRANCY_STEP_BY_STEP.md +597 -0
package/OILER_STAKING_MAINNET_ANALYSIS.md +366 -0
package/OILER_STAKING_SECURITY_ANALYSIS.md +409 -0
package/PANCAKESWAP_UNDERFLOW_HUNTING.md +317 -0
package/POLS_MULTICHAIN_AUDIT.md +0 -0
package/POSI_STAKING_AUDIT.md +0 -0
package/PROXY2_SECURITY_ANALYSIS.md +0 -0
package/Proxy2TACS +29748 -0
package/QUICK_START.md +240 -0
package/RAMP_SECURITY_ANALYSIS.md +0 -0
package/README.md +238 -0
package/REAUDIT_MASTER_LIST.txt +15 -0
package/RING_analysis.txt +212 -0
package/RPC +4 -0
package/RULES.txt +20 -0
package/SIREN_AUDIT.md +186 -0
package/SYNC_EXPLOIT_README.md +0 -0
package/SYNC_TOKEN_EXPLOIT_REPORT.md +224 -0
package/TLM_raw.html +0 -0
package/TLM_raw.txt +0 -0
package/TLM_response.json +1 -0
package/TRADOOR_AUDIT.md +253 -0
package/TRUNK_AUDIT.md +285 -0
package/UNIBASE_AUDIT.md +241 -0
package/UNLOCK_ANALYSIS.md +0 -0
package/UNLOCK_EXPLOIT.md +49 -0
package/UNLOCK_EXPLOIT_ANALYSIS.md +0 -0
package/UPS +232 -0
package/UUPSCHECKER +208 -0
package/VAULT_PROXY_AUDIT.md +457 -0
package/VAULT_PROXY_FINAL_VERDICT.md +0 -0
package/VERIFIED_EXPLOITS_FINAL.txt +146 -0
package/WKEYDAO2_AUDIT.md +245 -0
package/WSG_AUDIT.md +0 -0
package/XFI_DEEP_ANALYSIS.md +327 -0
package/YOOSHI_EXPLOIT_GUIDE.md +119 -0
package/YSDAO_EXPLOIT_GUIDE.md +0 -0
package/agent-4-bundle.md +22490 -0
package/alpha-proxy-echidna.txt +1 -0
package/alpha-proxy-fuzz-results.txt +81 -0
package/alpha-proxy-mythril.txt +2 -0
package/analyze-btcst-farm.js +54 -0
package/analyze-dxsale-lock.js +75 -0
package/analyze-elephant.js +69 -0
package/analyze-fara-rewards.js +109 -0
package/analyze-fara-storage.js +83 -0
package/analyze-lft-transaction.js +158 -0
package/analyze-lock-bytecode.js +59 -0
package/analyze-shegic.js +0 -0
package/analyze-staking-abi.js +0 -0
package/analyze-sxp.js +57 -0
package/analyze-tlm.js +76 -0
package/analyze-trumpet.js +98 -0
package/analyze-unlimited-nft.js +108 -0
package/analyze_elephant.sh +27 -0
package/analyze_vault.sh +32 -0
package/aria-bytecode.txt +1 -0
package/aria_response.json +1 -0
package/ark_temp/README.md +66 -0
package/ark_temp/lib/forge-std/.gitattributes +1 -0
package/ark_temp/lib/forge-std/.github/CODEOWNERS +1 -0
package/ark_temp/lib/forge-std/.github/dependabot.yml +6 -0
package/ark_temp/lib/forge-std/.github/workflows/ci.yml +125 -0
package/ark_temp/lib/forge-std/.github/workflows/sync.yml +36 -0
package/ark_temp/lib/forge-std/CONTRIBUTING.md +193 -0
package/ark_temp/lib/forge-std/LICENSE-APACHE +203 -0
package/ark_temp/lib/forge-std/LICENSE-MIT +25 -0
package/ark_temp/lib/forge-std/README.md +314 -0
package/ark_temp/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
package/ark_temp/lib/forge-std/package.json +16 -0
package/ark_temp/lib/forge-std/scripts/vm.py +636 -0
package/audits/AiFi-security-audit-20260326.md +499 -0
package/audits/BasedAI-Brains-security-audit-20260324.md +651 -0
package/audits/BinanceAlphaWallet-pashov-ai-audit-report-20260324-170000.md +362 -0
package/audits/DGToken-security-audit-20260324.md +376 -0
package/audits/DSyncStaking-audit-part1.md +161 -0
package/audits/DSyncStaking-security-audit-20260324.md +547 -0
package/audits/DecompiledERC20-security-audit-20260325.md +397 -0
package/audits/DegenVC-security-audit-20260324.md +585 -0
package/audits/DelreyInu-security-audit-20260324.md +463 -0
package/audits/DestraNetwork-security-audit-20260324.md +705 -0
package/audits/DomiToken-security-audit-20260324.md +514 -0
package/audits/LendFlareToken-security-audit-20260325.md +197 -0
package/audits/LockReleaseTokenPool-security-audit-20260324.md +482 -0
package/audits/MOG-pashov-ai-audit-report-20260324-164900.md +229 -0
package/audits/PAALAI-security-audit-20260324.md +475 -0
package/audits/PAR-security-audit-20260325.md +311 -0
package/audits/PepeCoinStaking-security-audit-20260324.md +358 -0
package/audits/StakingPool-security-audit-20260324.md +517 -0
package/audits/SyncToken-security-audit-20260324.md +778 -0
package/audits/UndeadToken-decompiled-security-audit-20260324.md +485 -0
package/audits/UnknownToken-decompiled-security-audit-20260324.md +647 -0
package/audits/XFIStaking-security-audit-20260324.md +682 -0
package/audits/Xfinance-security-audit-20260324.md +463 -0
package/audits/basedAIFarm-security-audit-20260324.md +330 -0
package/audits/pepeCoin-security-audit-20260324.md +462 -0
package/bin/ups +232 -0
package/binance-wallet-exploit/.env.example +2 -0
package/binance-wallet-exploit/EXECUTIVE_SUMMARY.md +272 -0
package/binance-wallet-exploit/EXPLOIT_SUMMARY.md +104 -0
package/binance-wallet-exploit/FINAL_ANALYSIS.md +326 -0
package/binance-wallet-exploit/FLASHLOAN_ATTACK.md +292 -0
package/binance-wallet-exploit/HONEYPOT_REPORT.md +526 -0
package/binance-wallet-exploit/INVESTIGATION_COMPLETE.md +362 -0
package/binance-wallet-exploit/LENDFLARE_EXPLOIT.md +219 -0
package/binance-wallet-exploit/LENDFLARE_FINAL_ATTACK.md +307 -0
package/binance-wallet-exploit/LENDFLARE_REAL_EXPLOIT.md +286 -0
package/binance-wallet-exploit/LENDFLARE_RUGPULL.md +269 -0
package/binance-wallet-exploit/LFT_ANALYSIS.md +206 -0
package/binance-wallet-exploit/QUICK_START.md +75 -0
package/binance-wallet-exploit/README.md +195 -0
package/binance-wallet-exploit/REAL_TX_EXPLOIT_ANALYSIS.md +271 -0
package/binance-wallet-exploit/REMIX_INSTRUCTIONS.md +223 -0
package/binance-wallet-exploit/TEST_RESULTS.md +203 -0
package/binance-wallet-exploit/cache/solidity-files-cache.json +1 -0
package/binance-wallet-exploit/cache/test-failures +1 -0
package/binance-wallet-exploit/lib/forge-std/.gitattributes +1 -0
package/binance-wallet-exploit/lib/forge-std/.github/CODEOWNERS +1 -0
package/binance-wallet-exploit/lib/forge-std/.github/dependabot.yml +6 -0
package/binance-wallet-exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
package/binance-wallet-exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
package/binance-wallet-exploit/lib/forge-std/CONTRIBUTING.md +193 -0
package/binance-wallet-exploit/lib/forge-std/LICENSE-APACHE +203 -0
package/binance-wallet-exploit/lib/forge-std/LICENSE-MIT +25 -0
package/binance-wallet-exploit/lib/forge-std/README.md +314 -0
package/binance-wallet-exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
package/binance-wallet-exploit/lib/forge-std/package.json +16 -0
package/binance-wallet-exploit/lib/forge-std/scripts/vm.py +636 -0
package/binance-wallet-exploit/out/build-info/1e9aa7e86cf56962.json +1 -0
package/binance-wallet-exploit/out/build-info/6f56f10e9d7b56eb.json +1 -0
package/binance-wallet-exploit/out/build-info/7edba961ff697a24.json +1 -0
package/binance-wallet-exploit/out/build-info/8c27fe3efea2f2e7.json +1 -0
package/binance-wallet-exploit/out/build-info/978b680daffec63a.json +1 -0
package/binance-wallet-exploit/out/build-info/9806b900b5672d0c.json +1 -0
package/binance-wallet-exploit/out/build-info/b4b9ff36e9b3fc27.json +1 -0
package/binance-wallet-exploit/out/build-info/b6f4df9ae05c0812.json +1 -0
package/binance-wallet-exploit/out/build-info/c88dbc86551f7b5c.json +1 -0
package/binance-wallet-exploit/out/build-info/e9657504010623db.json +1 -0
package/cache/fuzz/failures/ARIAVerifiedFuzzTest/testFuzz_ApprovalRaceCondition +1 -0
package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_DirectTransferExploit +1 -0
package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_LargeSwapDrain +1 -0
package/cache/fuzz/failures/LendFlareFuzz/testFuzz_ApprovalExploit +1 -0
package/cache/fuzz/failures/LendFlareFuzz/testFuzz_BalanceManipulation +1 -0
package/cache/fuzz/failures/LendFlareFuzz/testFuzz_RateManipulation +1 -0
package/cache/fuzz/failures/LendFlareFuzz/testFuzz_StorageManipulation +1 -0
package/cache/fuzz/failures/PARFuzzTest/testFuzz_OverflowTransfer +1 -0
package/cache/fuzz/failures/PARFuzzTest/testFuzz_Transfer +1 -0
package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_FrontrunAddfunds +1 -0
package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RewardOverflow +1 -0
package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RoundingExploit +1 -0
package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_WithdrawLimit +1 -0
package/cache/solidity-files-cache.json +1 -0
package/cache/test-failures +1 -0
package/calculate-elephant-flashloan.js +195 -0
package/check-address-approval.js +112 -0
package/check-alpha-proxy.js +42 -0
package/check-arbitrage.js +155 -0
package/check-aria-token.js +47 -0
package/check-ark.sh +20 -0
package/check-btcst-mining.js +75 -0
package/check-btcst-pools.js +163 -0
package/check-btcst.js +88 -0
package/check-caller.js +26 -0
package/check-ceek-lp.js +73 -0
package/check-ceek.js +47 -0
package/check-dxsale-address.js +35 -0
package/check-fara-exploit-timing.js +56 -0
package/check-fara-real-exploit.js +73 -0
package/check-flashloan-limits.js +129 -0
package/check-kel-cel-pool.js +91 -0
package/check-lax-staking.js +41 -0
package/check-lendflare.js +165 -0
package/check-lft-accounting.js +109 -0
package/check-lft-roles.js +165 -0
package/check-lock-time.js +47 -0
package/check-min-stake.js +73 -0
package/check-mystery-contract.js +52 -0
package/check-next-token.js +50 -0
package/check-nora-lock.js +67 -0
package/check-oiler-approvals.js +116 -0
package/check-oiler-proxy.js +73 -0
package/check-oiler-staking.js +117 -0
package/check-proxy-simple.js +71 -0
package/check-recent-stakes.js +54 -0
package/check-shegic-holdings.js +67 -0
package/check-snowcrash-ecosystem.js +83 -0
package/check-sync-lp.js +97 -0
package/check-sync-stake.js +42 -0
package/check-tlm.js +37 -0
package/check-token-pools.js +146 -0
package/check-trunk-depeg.js +181 -0
package/check-tusd-decimals.js +58 -0
package/check-user-storage-deep.js +81 -0
package/check-welephant-pools.js +130 -0
package/check-xfi-pool.js +75 -0
package/check-zypher.js +32 -0
package/check_proxy.sh +36 -0
package/compare-tlm-chains.js +90 -0
package/contract_0x05f2.html +6025 -0
package/contract_0x3720.html +6361 -0
package/contract_0x928e.html +5606 -0
package/contract_0xc42d.html +5304 -0
package/contract_page.html +5789 -0
package/decode-stake-tx.js +50 -0
package/deep-analyze-lock.js +82 -0
package/dune_uups_proxy_query.sql +42 -0
package/dune_uups_vulnerable_query.sql +0 -0
package/echidna/alpha-proxy.yaml +14 -0
package/echidna/elephant.yaml +7 -0
package/echidna/lendflare.yaml +42 -0
package/echidna.config.yaml +12 -0
package/elephant_raw.json +1 -0
package/eps_raw.json +1 -0
package/exploit/.github/workflows/test.yml +38 -0
package/exploit/.gitmodules +3 -0
package/exploit/README.md +66 -0
package/exploit/foundry.lock +8 -0
package/exploit/lib/forge-std/.gitattributes +1 -0
package/exploit/lib/forge-std/.github/CODEOWNERS +1 -0
package/exploit/lib/forge-std/.github/dependabot.yml +6 -0
package/exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
package/exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
package/exploit/lib/forge-std/CONTRIBUTING.md +193 -0
package/exploit/lib/forge-std/LICENSE-APACHE +203 -0
package/exploit/lib/forge-std/LICENSE-MIT +25 -0
package/exploit/lib/forge-std/README.md +314 -0
package/exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
package/exploit/lib/forge-std/package.json +16 -0
package/exploit/lib/forge-std/scripts/vm.py +636 -0
package/exploit_analysis.txt +51 -0
package/extract_contract.py +21 -0
package/extract_elephant_contracts.py +24 -0
package/fara-staking-bytecode.txt +1 -0
package/fara-staking-raw.txt +1 -0
package/fetch-aria.js +46 -0
package/fetch-contract.js +50 -0
package/fetch-shegic-source.js +86 -0
package/fetch-snowcrash.js +44 -0
package/fetch-staking-source.js +53 -0
package/fetch-tlm.js +60 -0
package/fetch_elephant_source.py +32 -0
package/find-ceek-staking.js +21 -0
package/find-exploit-tx.js +88 -0
package/find-oiler-holders.js +100 -0
package/find-tlm-holder.js +36 -0
package/find-vulnerable-fund.js +94 -0
package/foundry.lock +8 -0
package/fuzz-all.sh +53 -0
package/get-aria-contract.py +40 -0
package/get-lft-holders.js +89 -0
package/get-tlm-source.sh +8 -0
package/harvest_txs.json +1 -0
package/lft-bytecode-raw.txt +1 -0
package/lft-bytecode.json +1 -0
package/lft-impl.bin +1 -0
package/lft-implementation-bytecode.txt +1 -0
package/lib/forge-std/.gitattributes +1 -0
package/lib/forge-std/.github/CODEOWNERS +1 -0
package/lib/forge-std/.github/dependabot.yml +6 -0
package/lib/forge-std/.github/workflows/ci.yml +125 -0
package/lib/forge-std/.github/workflows/sync.yml +36 -0
package/lib/forge-std/CONTRIBUTING.md +193 -0
package/lib/forge-std/LICENSE-APACHE +203 -0
package/lib/forge-std/LICENSE-MIT +25 -0
package/lib/forge-std/README.md +314 -0
package/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
package/lib/forge-std/package.json +16 -0
package/lib/forge-std/scripts/vm.py +636 -0
package/lib/openzeppelin-contracts/.changeset/config.json +12 -0
package/lib/openzeppelin-contracts/.codecov.yml +12 -0
package/lib/openzeppelin-contracts/.editorconfig +21 -0
package/lib/openzeppelin-contracts/.eslintrc +20 -0
package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/config.yml +4 -0
package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/feature_request.md +14 -0
package/lib/openzeppelin-contracts/.github/PULL_REQUEST_TEMPLATE.md +20 -0
package/lib/openzeppelin-contracts/.github/actions/gas-compare/action.yml +49 -0
package/lib/openzeppelin-contracts/.github/actions/setup/action.yml +21 -0
package/lib/openzeppelin-contracts/.github/actions/storage-layout/action.yml +55 -0
package/lib/openzeppelin-contracts/.github/workflows/actionlint.yml +18 -0
package/lib/openzeppelin-contracts/.github/workflows/changeset.yml +28 -0
package/lib/openzeppelin-contracts/.github/workflows/checks.yml +118 -0
package/lib/openzeppelin-contracts/.github/workflows/docs.yml +19 -0
package/lib/openzeppelin-contracts/.github/workflows/formal-verification.yml +68 -0
package/lib/openzeppelin-contracts/.github/workflows/release-cycle.yml +214 -0
package/lib/openzeppelin-contracts/.github/workflows/upgradeable.yml +34 -0
package/lib/openzeppelin-contracts/.gitmodules +7 -0
package/lib/openzeppelin-contracts/.mocharc.js +4 -0
package/lib/openzeppelin-contracts/.prettierrc +15 -0
package/lib/openzeppelin-contracts/.solcover.js +13 -0
package/lib/openzeppelin-contracts/CHANGELOG.md +972 -0
package/lib/openzeppelin-contracts/CODE_OF_CONDUCT.md +73 -0
package/lib/openzeppelin-contracts/CONTRIBUTING.md +36 -0
package/lib/openzeppelin-contracts/GUIDELINES.md +148 -0
package/lib/openzeppelin-contracts/LICENSE +22 -0
package/lib/openzeppelin-contracts/README.md +107 -0
package/lib/openzeppelin-contracts/RELEASING.md +45 -0
package/lib/openzeppelin-contracts/SECURITY.md +42 -0
package/lib/openzeppelin-contracts/audits/2017-03.md +292 -0
package/lib/openzeppelin-contracts/audits/2018-10.pdf +0 -0
package/lib/openzeppelin-contracts/audits/2022-10-Checkpoints.pdf +0 -0
package/lib/openzeppelin-contracts/audits/2022-10-ERC4626.pdf +0 -0
package/lib/openzeppelin-contracts/audits/2023-05-v4.9.pdf +0 -0
package/lib/openzeppelin-contracts/audits/2023-10-v5.0.pdf +0 -0
package/lib/openzeppelin-contracts/audits/README.md +17 -0
package/lib/openzeppelin-contracts/certora/Makefile +54 -0
package/lib/openzeppelin-contracts/certora/README.md +60 -0
package/lib/openzeppelin-contracts/certora/diff/access_manager_AccessManager.sol.patch +97 -0
package/lib/openzeppelin-contracts/certora/reports/2021-10.pdf +0 -0
package/lib/openzeppelin-contracts/certora/reports/2022-03.pdf +0 -0
package/lib/openzeppelin-contracts/certora/reports/2022-05.pdf +0 -0
package/lib/openzeppelin-contracts/certora/run.js +160 -0
package/lib/openzeppelin-contracts/certora/specs/AccessControl.spec +119 -0
package/lib/openzeppelin-contracts/certora/specs/AccessControlDefaultAdminRules.spec +464 -0
package/lib/openzeppelin-contracts/certora/specs/DoubleEndedQueue.spec +300 -0
package/lib/openzeppelin-contracts/certora/specs/ERC20.spec +352 -0
package/lib/openzeppelin-contracts/certora/specs/ERC20FlashMint.spec +55 -0
package/lib/openzeppelin-contracts/certora/specs/ERC20Wrapper.spec +198 -0
package/lib/openzeppelin-contracts/certora/specs/ERC721.spec +679 -0
package/lib/openzeppelin-contracts/certora/specs/EnumerableMap.spec +333 -0
package/lib/openzeppelin-contracts/certora/specs/EnumerableSet.spec +246 -0
package/lib/openzeppelin-contracts/certora/specs/Initializable.spec +165 -0
package/lib/openzeppelin-contracts/certora/specs/Ownable.spec +77 -0
package/lib/openzeppelin-contracts/certora/specs/Ownable2Step.spec +108 -0
package/lib/openzeppelin-contracts/certora/specs/Pausable.spec +96 -0
package/lib/openzeppelin-contracts/certora/specs/TimelockController.spec +274 -0
package/lib/openzeppelin-contracts/certora/specs/helpers/helpers.spec +7 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControl.spec +8 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControlDefaultAdminRules.spec +36 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC20.spec +11 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC2612.spec +5 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashBorrower.spec +3 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashLender.spec +5 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC5313.spec +3 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC721.spec +17 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC721Receiver.spec +3 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable.spec +5 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable2Step.spec +7 -0
package/lib/openzeppelin-contracts/certora/specs.json +86 -0
package/lib/openzeppelin-contracts/contracts/access/README.adoc +43 -0
package/lib/openzeppelin-contracts/contracts/finance/README.adoc +14 -0
package/lib/openzeppelin-contracts/contracts/governance/README.adoc +167 -0
package/lib/openzeppelin-contracts/contracts/interfaces/README.adoc +82 -0
package/lib/openzeppelin-contracts/contracts/metatx/README.adoc +12 -0
package/lib/openzeppelin-contracts/contracts/package.json +32 -0
package/lib/openzeppelin-contracts/contracts/proxy/README.adoc +87 -0
package/lib/openzeppelin-contracts/contracts/token/ERC1155/README.adoc +41 -0
package/lib/openzeppelin-contracts/contracts/token/ERC20/README.adoc +67 -0
package/lib/openzeppelin-contracts/contracts/token/ERC721/README.adoc +67 -0
package/lib/openzeppelin-contracts/contracts/token/common/README.adoc +10 -0
package/lib/openzeppelin-contracts/contracts/utils/README.adoc +88 -0
package/lib/openzeppelin-contracts/contracts/vendor/compound/LICENSE +11 -0
package/lib/openzeppelin-contracts/docs/README.md +16 -0
package/lib/openzeppelin-contracts/docs/antora.yml +7 -0
package/lib/openzeppelin-contracts/docs/config.js +21 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3a.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3b.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-6.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-deposit.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-mint.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-linear.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglog.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglogext.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-exec.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-vote.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/nav.adoc +23 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/access-control.adoc +204 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/backwards-compatibility.adoc +48 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/crowdsales.adoc +11 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/drafts.adoc +19 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc1155.adoc +145 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20-supply.adoc +71 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20.adoc +77 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc4626.adoc +214 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc721.adoc +79 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/extending-contracts.adoc +77 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/faq.adoc +13 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/governance.adoc +240 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/index.adoc +79 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/tokens.adoc +31 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/upgradeable.adoc +77 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/utilities.adoc +185 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/wizard.adoc +15 -0
package/lib/openzeppelin-contracts/docs/templates/contract.hbs +111 -0
package/lib/openzeppelin-contracts/docs/templates/helpers.js +46 -0
package/lib/openzeppelin-contracts/docs/templates/page.hbs +4 -0
package/lib/openzeppelin-contracts/docs/templates/properties.js +64 -0
package/lib/openzeppelin-contracts/hardhat/env-artifacts.js +24 -0
package/lib/openzeppelin-contracts/hardhat/env-contract.js +25 -0
package/lib/openzeppelin-contracts/hardhat/ignore-unreachable-warnings.js +45 -0
package/lib/openzeppelin-contracts/hardhat/skip-foundry-tests.js +6 -0
package/lib/openzeppelin-contracts/hardhat/task-test-get-files.js +25 -0
package/lib/openzeppelin-contracts/hardhat.config.js +131 -0
package/lib/openzeppelin-contracts/lib/erc4626-tests/LICENSE +661 -0
package/lib/openzeppelin-contracts/lib/erc4626-tests/README.md +116 -0
package/lib/openzeppelin-contracts/lib/forge-std/.github/workflows/ci.yml +92 -0
package/lib/openzeppelin-contracts/lib/forge-std/.gitmodules +3 -0
package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-APACHE +203 -0
package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-MIT +25 -0
package/lib/openzeppelin-contracts/lib/forge-std/README.md +250 -0
package/lib/openzeppelin-contracts/lib/forge-std/package.json +16 -0
package/lib/openzeppelin-contracts/logo.svg +15 -0
package/lib/openzeppelin-contracts/netlify.toml +3 -0
package/lib/openzeppelin-contracts/package-lock.json +16544 -0
package/lib/openzeppelin-contracts/package.json +96 -0
package/lib/openzeppelin-contracts/remappings.txt +1 -0
package/lib/openzeppelin-contracts/renovate.json +4 -0
package/lib/openzeppelin-contracts/requirements.txt +1 -0
package/lib/openzeppelin-contracts/scripts/checks/compare-layout.js +20 -0
package/lib/openzeppelin-contracts/scripts/checks/compareGasReports.js +243 -0
package/lib/openzeppelin-contracts/scripts/checks/extract-layout.js +38 -0
package/lib/openzeppelin-contracts/scripts/checks/generation.sh +6 -0
package/lib/openzeppelin-contracts/scripts/checks/inheritance-ordering.js +54 -0
package/lib/openzeppelin-contracts/scripts/gen-nav.js +41 -0
package/lib/openzeppelin-contracts/scripts/generate/format-lines.js +16 -0
package/lib/openzeppelin-contracts/scripts/generate/run.js +49 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.js +247 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.opts.js +17 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.t.js +146 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableMap.js +283 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableSet.js +250 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/SafeCast.js +126 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/StorageSlot.js +78 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/conversion.js +30 -0
package/lib/openzeppelin-contracts/scripts/git-user-config.sh +6 -0
package/lib/openzeppelin-contracts/scripts/helpers.js +37 -0
package/lib/openzeppelin-contracts/scripts/prepack.sh +23 -0
package/lib/openzeppelin-contracts/scripts/prepare-docs.sh +26 -0
package/lib/openzeppelin-contracts/scripts/release/format-changelog.js +33 -0
package/lib/openzeppelin-contracts/scripts/release/synchronize-versions.js +15 -0
package/lib/openzeppelin-contracts/scripts/release/update-comment.js +34 -0
package/lib/openzeppelin-contracts/scripts/release/version.sh +11 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/exit-prerelease.sh +8 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/github-release.js +48 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/integrity-check.sh +20 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/pack.sh +26 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/publish.sh +26 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/rerun.js +7 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/set-changesets-pr-title.js +17 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/start.sh +35 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/state.js +112 -0
package/lib/openzeppelin-contracts/scripts/remove-ignored-artifacts.js +45 -0
package/lib/openzeppelin-contracts/scripts/solhint-custom/index.js +84 -0
package/lib/openzeppelin-contracts/scripts/solhint-custom/package.json +5 -0
package/lib/openzeppelin-contracts/scripts/update-docs-branch.js +65 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/README.md +21 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/patch-apply.sh +19 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/patch-save.sh +18 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/transpile-onto.sh +54 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/transpile.sh +47 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/upgradeable.patch +360 -0
package/lib/openzeppelin-contracts/slither.config.json +5 -0
package/lib/openzeppelin-contracts/solhint.config.js +20 -0
package/mythril-lft-output.txt +1 -0
package/mythril-lft-symbolic.txt +18 -0
package/mythril-lft.sh +20 -0
package/mythril-symbolic-output.txt +1 -0
package/mythril-symbolic.sh +42 -0
package/out/build-info/0026b78428192979.json +1 -0
package/out/build-info/03c4fc3b88486eba.json +1 -0
package/out/build-info/0540afa9b9a5c5a6.json +1 -0
package/out/build-info/081932f505bc08b9.json +1 -0
package/out/build-info/0da104ba0d6642d5.json +1 -0
package/out/build-info/197281971dbb5f23.json +1 -0
package/out/build-info/197e7e332832a232.json +1 -0
package/out/build-info/1a1cab9136eb5f94.json +1 -0
package/out/build-info/1b320204eb162aa2.json +1 -0
package/out/build-info/1e03f94398052674.json +1 -0
package/out/build-info/22ac085949602937.json +1 -0
package/out/build-info/234ef37453a9fa64.json +1 -0
package/out/build-info/2447db7b1878fa8e.json +1 -0
package/out/build-info/25568daeb484f5ff.json +1 -0
package/out/build-info/27465853244c49ce.json +1 -0
package/out/build-info/2c57a9e0f087453b.json +1 -0
package/out/build-info/3c62ae7de8da68c4.json +1 -0
package/out/build-info/3e771ae109e97bb3.json +1 -0
package/out/build-info/460499bc0a3465c4.json +1 -0
package/out/build-info/47ce37e50a4f115e.json +1 -0
package/out/build-info/4fcce5c63cf427d6.json +1 -0
package/out/build-info/4fd0a53fe63fddbb.json +1 -0
package/out/build-info/50f1247db9d769cc.json +1 -0
package/out/build-info/5317d0181a7a5e02.json +1 -0
package/out/build-info/594df509275ceb5b.json +1 -0
package/out/build-info/61983ac3f6141719.json +1 -0
package/out/build-info/638c4548307122fe.json +1 -0
package/out/build-info/67c2c43bdb7c0ded.json +1 -0
package/out/build-info/777f42643aad37b7.json +1 -0
package/out/build-info/7d7856f19e845354.json +1 -0
package/out/build-info/83976260b6f71e94.json +1 -0
package/out/build-info/83c23882000b963d.json +1 -0
package/out/build-info/84b2cce8f70b36be.json +1 -0
package/out/build-info/8bc13d31d7c3206a.json +1 -0
package/out/build-info/8e183bd4d9d8cf88.json +1 -0
package/out/build-info/94bfe1e7cafa8ff5.json +1 -0
package/out/build-info/99ec7d5e8d8ff360.json +1 -0
package/out/build-info/9ac044b29daa7d5e.json +1 -0
package/out/build-info/9b203227ff5d2e63.json +1 -0
package/out/build-info/9d18c5872c4282dd.json +1 -0
package/out/build-info/9f77f04f33baf9a3.json +1 -0
package/out/build-info/a6e1caf974787982.json +1 -0
package/out/build-info/a94b6348867a62d6.json +1 -0
package/out/build-info/ad93721947a8b195.json +1 -0
package/out/build-info/b42daddb5aa4b19f.json +1 -0
package/out/build-info/bf13512ae899f7e8.json +1 -0
package/out/build-info/c39f86c20a548c4a.json +1 -0
package/out/build-info/cb12bb975a2f4e65.json +1 -0
package/out/build-info/d0c6788fadc2aa60.json +1 -0
package/out/build-info/d2726bf94ed5b845.json +1 -0
package/out/build-info/d4eb00da50cce5cb.json +1 -0
package/out/build-info/db931924a3bc8bdd.json +1 -0
package/out/build-info/e1a503d49bc77401.json +1 -0
package/out/build-info/efe5396f8892ce77.json +1 -0
package/out/build-info/f536d90ced745969.json +1 -0
package/out/build-info/fed38823c7019b82.json +1 -0
package/package.json +51 -0
package/page.html +5384 -0
package/pancakeswap-simple-tvl.sql +15 -0
package/pancakeswap-top-pools.sql +29 -0
package/pancakeswap-tvl-optimized.sql +57 -0
package/pancakeswap-tvl-query.sql +60 -0
package/pancakeswap-underflow-hunting.sql +51 -0
package/pancakeswap-vulnerability-queries.sql +200 -0
package/posi_page.html +6369 -0
package/posi_response.json +29 -0
package/proxy_page.html +500 -0
package/run_mythril_elephant.sh +18 -0
package/sHEGIC-bytecode.bin +6 -0
package/sHEGIC-mythril-analysis.txt +1 -0
package/sHEGIC-mythril-full.txt +134 -0
package/sHEGIC_ANALYSIS.md +135 -0
package/sHEGIC_EXPLOIT_ANALYSIS.md +317 -0
package/sHEGIC_MYTHRIL_ANALYSIS.md +361 -0
package/scrape-snowcrash.js +28 -0
package/scripts/yooshi_drain.sh +154 -0
package/shi_raw.json +1 -0
package/temp.json +1 -0
package/temp_harvest.json +1 -0
package/temp_pika.json +1 -0
package/temp_posi.json +1 -0
package/temp_response.json +1 -0
package/test-lft-hidden-balance.js +108 -0
package/test-xfi-exploit.js +140 -0
package/trunk-liquidity-rescue.js +164 -0
package/vBABY_page.html +6153 -0
package/vBABY_response.json +29 -0
package/wsg_response.json +1 -0
package/yooldo_page.html +10371 -0

package/DSyncVault-analysis.md ADDED Viewed

@@ -0,0 +1,120 @@
+# DSync Vault Contract - Quick Analysis
+## Contract Type
+This is a **UUPS Upgradeable Vault Contract** with:
+- Role-based access control (PAYER_ROLE, PAYEE_ROLE, DEFAULT_ADMIN_ROLE)
+- ERC20, ERC721, and ETH transfer capabilities
+- Batch transfer functions
+- Upgradeable proxy pattern
+## Key Addresses
+- Proxy Implementation: `0xe03e12f83aba2e6b955f96b5acf64082bb8ac162`
+- UUPS UUID: `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
+## Roles
+- **PAYER_ROLE**: `0x8ec07e268e32cae7f300b49ad34f20106d088445cb9d9b2d62cbd864638308b2`
+  - Can initiate transfers (transferErc20, transferEther, transferErc721)
+  - Can batch transfer
+- **PAYEE_ROLE**: `0x95ed160efa56927d40641b26c79df8395a2e4f8f170168fedfa462234b4c3a46`
+  - Must be granted to recipients before they can receive funds
+  - Checked in all transfer functions
+- **DEFAULT_ADMIN_ROLE**: `0x0`
+  - Can grant/revoke other roles
+  - Owner has this role by default
+## Connection to DSync?
+**UNCLEAR** - This is a generic vault contract that could be used with ANY tokens, including DSync. There's no hardcoded DSync token address in the decompiled code.
+However, if this vault is used with DSync tokens, it would inherit all the DSync token risks (60% sell tax, blacklist, etc.).
+## Critical Findings
+### 🔴 CRITICAL: Upgradeable Without Timelock
+The contract is UUPS upgradeable with NO timelock:
+```solidity
+function upgradeTo(address newImplementation) public nonPayable {
+    require(msg.sender == _owner);
+    // No timelock - immediate upgrade!
+    @_setImplementation_795(newImplementation);
+}
+```
+**Impact**: Owner can upgrade to malicious implementation instantly and drain all funds.
+### 🔴 CRITICAL: Dual Role Check Creates Confusion
+In batch transfers, there are TWO role checks:
+```solidity
+function batchTransferErc20(...) {
+    @_checkRole_295(msg.sender, PAYER_ROLE);  // Check 1: Sender must be PAYER
+    while (v0 < payees.length) {
+        @_checkRole_295(payees[v0], PAYEE_ROLE);  // Check 2: Each recipient must be PAYEE
+        @safeTransfer_1536(amounts[v0], payees[v0], tokens[v0]);
+    }
+}
+```
+**Issue**: Recipients must have PAYEE_ROLE to receive funds. This is unusual and could lock funds if role is revoked.
+### 🟠 HIGH: No Emergency Pause
+Contract has no pause mechanism. If exploited, funds continue to be at risk.
+### 🟠 HIGH: Centralized Control
+Owner has complete control:
+- Can upgrade contract
+- Can grant/revoke all roles
+- Can change implementation
+## Is This Exploitable?
+**NO** - Not directly exploitable by outsiders because:
+1. **Role-based access control** - Need PAYER_ROLE to transfer
+2. **PAYEE_ROLE required** - Recipients must be whitelisted
+3. **Owner-controlled upgrades** - Only owner can upgrade
+**BUT** - If you ARE the owner or have PAYER_ROLE, you could:
+- Transfer all funds to yourself (if you also have PAYEE_ROLE)
+- Upgrade to malicious implementation
+- Grant yourself all roles
+## Risk Assessment
+**For Users**: 🔴 HIGH RISK
+- Owner can upgrade to drain funds
+- No timelock protection
+- Centralized control
+**For Attackers**: ❌ NOT EXPLOITABLE
+- Need privileged roles
+- Access control prevents external attacks
+## Connection to DSync Ecosystem
+If this vault holds DSync tokens:
+- Users deposit DSync (already paid 5% buy tax)
+- Vault holds tokens
+- Owner could upgrade and steal
+- Even if users withdraw, they pay 60% sell tax
+- **Result**: Users trapped in ecosystem
+## Conclusion
+This is a **CENTRALIZED VAULT** with:
+- ✅ Good access control (prevents external attacks)
+- ❌ No timelock (owner can rug pull)
+- ❌ Upgradeable (can be changed to malicious code)
+- ❌ No transparency (unverified contract)
+**Not exploitable by outsiders, but users should not trust it due to centralization risks.**
+If connected to DSync ecosystem, it's another layer of the trap.

package/DUSD_PROXY_AUDIT.md ADDED Viewed

@@ -0,0 +1,407 @@
+# StandX DUSD Token Security Audit
+**Contract:** StandX: DUSD Token (ERC1967 Proxy)
+**Proxy Address:** `0xaf44A1E76F56eE12ADBB7ba8acD3CbD474888122`
+**Implementation:** `0x57F4dFF6F9404c1c89D5d0457e26C87FfBD9E22D`
+**Chain:** BSC (BNB Smart Chain)
+**Compiler:** v0.8.28+commit.7893614a (200 optimization runs)
+---
+## EXECUTIVE SUMMARY
+**Risk Rating: 7/10 - HIGH RISK (Upgradeable Proxy)**
+DUSD is an upgradeable proxy contract using the ERC1967 standard. The actual token logic is in a separate implementation contract that can be changed by the admin. This creates significant centralization and upgrade risks.
+---
+## CONTRACT OVERVIEW
+```solidity
+Token Name: StandX DUSD
+Symbol: DUSD
+Type: ERC1967 Upgradeable Proxy
+Description: Yield-bearing stablecoin with NO STAKING required
+```
+### Key Features:
+- **Upgradeable**: Admin can change implementation at any time
+- **Proxy Pattern**: ERC1967 transparent proxy
+- **Custom Storage Slots**: Uses `keccak256("standx.eip1967.proxy.implementation")`
+- **Yield-Bearing**: Claims to deliver competitive returns without staking
+---
+## SECURITY ANALYSIS
+### ⚠️ CRITICAL ISSUES
+1. **UPGRADEABLE CONTRACT** 🚨
+   ```solidity
+   bytes32 internal constant IMPLEMENTATION_SLOT = keccak256("standx.eip1967.proxy.implementation");
+   ```
+   - Admin can upgrade implementation at ANY time
+   - No timelock or delay
+   - Can completely change token behavior
+   - **Users have ZERO protection against malicious upgrades**
+2. **CUSTOM STORAGE SLOTS**
+   ```solidity
+   // Standard ERC1967: 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc
+   // StandX Custom: keccak256("standx.eip1967.proxy.implementation")
+   ```
+   - Uses custom storage slots instead of standard ERC1967
+   - Makes it harder to detect upgrades with standard tools
+   - Non-standard implementation
+3. **UNKNOWN IMPLEMENTATION LOGIC**
+   - Implementation at `0x57F4dFF6F9404c1c89D5d0457e26C87FfBD9E22D`
+   - Cannot audit actual token logic from proxy alone
+   - Need to analyze implementation contract separately
+   - Implementation could have ANY functionality
+4. **ADMIN CONTROL**
+   ```solidity
+   bytes32 internal constant ADMIN_SLOT = keccak256("standx.eip1967.proxy.admin");
+   ```
+   - Admin address: `0x649b82c8de192e92f8dc9c88f63038016ce56310`
+   - Admin can:
+     - Upgrade implementation
+     - Change admin
+     - Potentially access all funds
+5. **INITIALIZATION DATA**
+   ```solidity
+   constructor(address implementation, bytes memory _data)
+   // _data contains initialization call
+   ```
+   - Initialization parameters:
+     - name: "StandX DUSD"
+     - symbol: "DUSD"
+     - admin: 0x649b82c8de192e92f8dc9c88f63038016ce56310
+   - Cannot verify what else was initialized
+### 🔍 PROXY PATTERN RISKS
+1. **Storage Collision**
+   - Proxy and implementation share storage
+   - Incorrect upgrade can corrupt state
+   - Could lose all balances
+2. **Selfdestruct Risk**
+   - If implementation has selfdestruct
+   - Could brick entire proxy
+   - All funds lost
+3. **Delegatecall Risks**
+   - All calls delegated to implementation
+   - Implementation has full control
+   - Can access proxy storage directly
+4. **Upgrade Transparency**
+   - Upgrades emit `Upgraded` event
+   - But no timelock or warning
+   - Users cannot react to malicious upgrades
+---
+## COMPARISON TO PREVIOUS AUDITS
+| Feature | DUSD | wkeyDAO2 | BAS |
+|---------|------|----------|-----|
+| Upgradeable | YES 🚨 | NO | NO |
+| Admin Control | Full | High | High |
+| Implementation | Unknown | Known | Known |
+| Risk Level | 7/10 | 6/10 | 5/10 |
+---
+## ATTACK VECTORS
+### ❌ CANNOT AUDIT WITHOUT IMPLEMENTATION
+The proxy itself is just a forwarder. All actual logic is in the implementation contract. To properly audit, we need to:
+1. Analyze implementation at `0x57F4dFF6F9404c1c89D5d0457e26C87FfBD9E22D`
+2. Check for malicious functions
+3. Verify upgrade history
+4. Monitor admin actions
+### ⚠️ ADMIN ABUSE SCENARIOS
+1. **Malicious Upgrade**
+   - Admin deploys malicious implementation
+   - Upgrades proxy to point to it
+   - New implementation steals all funds
+   - **No user protection**
+2. **Backdoor Implementation**
+   - Current implementation looks safe
+   - Admin upgrades to backdoored version
+   - Drains all user balances
+   - Users cannot prevent it
+3. **Freeze Funds**
+   - Upgrade to implementation with transfer restrictions
+   - Lock all user funds
+   - Demand ransom for unlock
+4. **Mint Unlimited Tokens**
+   - Upgrade to implementation with unlimited mint
+   - Dilute all holders
+   - Dump on market
+---
+## RECOMMENDATIONS
+### For Users:
+1. 🚨 **EXTREME CAUTION** - This is an upgradeable contract
+2. ⚠️ **Admin can change EVERYTHING** at any time
+3. ⚠️ **No timelock or protection** against malicious upgrades
+4. ⚠️ **Monitor Upgraded events** for implementation changes
+5. 🚨 **Consider this a CUSTODIAL token** - admin has full control
+### For Developers:
+1. Implement timelock for upgrades (e.g., 48-72 hours)
+2. Use multi-sig for admin address
+3. Add upgrade delay mechanism
+4. Emit detailed upgrade events
+5. Consider making contract non-upgradeable after launch
+6. Use standard ERC1967 storage slots
+### For Auditors:
+1. **MUST audit implementation contract separately**
+2. Monitor upgrade events on-chain
+3. Track admin address changes
+4. Verify implementation source code
+5. Check upgrade history
+---
+## ON-CHAIN VERIFICATION
+```bash
+# Get implementation address
+cast call 0xaf44A1E76F56eE12ADBB7ba8acD3CbD474888122 \
+  "0x5c60da1b" --rpc-url $BSC_RPC  # implementation()
+# Get admin address
+cast storage 0xaf44A1E76F56eE12ADBB7ba8acD3CbD474888122 \
+  $(cast keccak "standx.eip1967.proxy.admin") --rpc-url $BSC_RPC
+# Get token info through proxy
+cast call 0xaf44A1E76F56eE12ADBB7ba8acD3CbD474888122 "name()" --rpc-url $BSC_RPC
+cast call 0xaf44A1E76F56eE12ADBB7ba8acD3CbD474888122 "symbol()" --rpc-url $BSC_RPC
+cast call 0xaf44A1E76F56eE12ADBB7ba8acD3CbD474888122 "totalSupply()" --rpc-url $BSC_RPC
+# Monitor upgrades
+cast logs --address 0xaf44A1E76F56eE12ADBB7ba8acD3CbD474888122 \
+  --event "Upgraded(address)" --rpc-url $BSC_RPC
+```
+---
+## IMPLEMENTATION CONTRACT NEEDED
+**CRITICAL**: This audit is INCOMPLETE without analyzing the implementation contract at:
+`0x57F4dFF6F9404c1c89D5d0457e26C87FfBD9E22D`
+The proxy is just a forwarder. All actual token logic, including:
+- Transfer functions
+- Minting/burning
+- Fee mechanisms
+- Access controls
+- Yield distribution
+...are in the implementation contract and MUST be audited separately.
+---
+---
+## IMPLEMENTATION CONTRACT ANALYSIS
+**Implementation Address:** `0x57F4dFF6F9404c1c89D5d0457e26C87FfBD9E22D`
+### Key Functions Identified:
+1. **Role-Based Access Control**
+   - MINTER_ROLE: `0x9f2df0fed2c77648de5860a4cc508cd0818c85b8b8a1ab4ceeef8d981c8956a6`
+   - PAUSER_ROLE: `0x65d7a28e3265b37a6474929f336521b332c1681b933f6cb9f3376673440d862a`
+   - UPGRADER_ROLE: `0x189ab7a9244df0848122154315af71fe140f3db0fe014031783b0946b8c9d2e3`
+   - DEFAULT_ADMIN_ROLE: `0x0`
+2. **Token Functions**
+   - `mint(address to, uint256 amount)` - MINTER_ROLE only
+   - `burn(uint256 amount)` - Anyone can burn their own
+   - `burnFrom(address account, uint256 amount)` - With allowance
+   - `0x83536352(address, uint256)` - MINTER_ROLE can burn from any address! 🚨
+3. **Pausable**
+   - `pause()` - PAUSER_ROLE only
+   - `unpause()` - PAUSER_ROLE only
+   - When paused, transfers are blocked
+4. **Holder Tracking**
+   - `getAllHolders()` - Returns all token holders
+   - `getHolders(uint256 offset, uint256 limit)` - Paginated holders
+   - `getHolderAmount()` - Total number of holders
+   - Automatically tracks all addresses that receive tokens
+5. **Settler System**
+   - `setSettler(address newSettler)` - DEFAULT_ADMIN only
+   - Changes the settler address (stored in `stor_0`)
+   - Grants MINTER_ROLE to new settler
+### ⚠️ CRITICAL VULNERABILITIES FOUND
+1. **MINTER CAN BURN FROM ANY ADDRESS** 🚨🚨🚨
+   ```solidity
+   function 0x83536352(address varg0, uint256 varg1) public nonPayable {
+       require(_fun__revokeRole[msg.sender], ...); // MINTER_ROLE check
+       fun_burn(varg0, varg1); // Burns from ANY address!
+   }
+   ```
+   - Function selector: `0x83536352`
+   - MINTER_ROLE can burn tokens from ANY user without approval
+   - **This is a CRITICAL backdoor**
+   - Users have ZERO protection
+2. **Unlimited Minting**
+   ```solidity
+   function mint(address to, uint256 amount) public nonPayable {
+       require(_fun__revokeRole[msg.sender], ...); // MINTER_ROLE
+       _totalSupply = _totalSupply + amount;
+       _balanceOf[to] = _balanceOf[to] + amount;
+   }
+   ```
+   - No supply cap
+   - MINTER can mint unlimited tokens
+   - Can dilute all holders
+3. **Pausable Transfers**
+   ```solidity
+   function fun_transfer(...) private {
+       fun_requireNotPaused(); // Checks if paused
+       // ... transfer logic
+   }
+   ```
+   - PAUSER_ROLE can freeze all transfers
+   - Users cannot move funds when paused
+4. **Upgradeable by UPGRADER_ROLE**
+   ```solidity
+   function upgradeToAndCall(address newImplementation, bytes data) public payable {
+       require(_upgradeToAndCall[msg.sender], ...); // UPGRADER_ROLE
+       // ... upgrade logic
+   }
+   ```
+   - UPGRADER_ROLE can change implementation
+   - No timelock or delay
+5. **Settler Can Be Changed**
+   ```solidity
+   function setSettler(address newSettler) public nonPayable {
+       require(_fun_grantRole_18600[msg.sender], ...); // DEFAULT_ADMIN
+       fun_grantRole(newSettler); // Grants MINTER_ROLE
+       fun__revokeRole(address(stor_0)); // Revokes from old
+       stor_0 = newSettler;
+   }
+   ```
+   - Admin can change settler anytime
+   - New settler gets MINTER_ROLE
+### 🔍 CODE QUALITY ISSUES
+1. **Decompiled Code**
+   - Source not verified on BSCScan
+   - Must rely on decompiled bytecode
+   - Harder to audit accurately
+2. **Custom Storage Slots**
+   - Non-standard storage layout
+   - Makes analysis more difficult
+3. **Holder Tracking Gas Costs**
+   - Tracks every holder in array
+   - Could become expensive with many holders
+   - Potential DoS if array grows too large
+---
+## COMPLETE ATTACK VECTORS
+### ❌ CRITICAL USER-EXPLOITABLE BUG
+**NONE FOUND** - All vulnerabilities require privileged roles.
+### ⚠️ ADMIN ABUSE SCENARIOS
+1. **Burn User Funds** 🚨
+   - MINTER calls `0x83536352(victim, amount)`
+   - Burns tokens from victim without approval
+   - Victim loses funds permanently
+   - **NO USER PROTECTION**
+2. **Unlimited Mint & Dump**
+   - MINTER mints unlimited tokens
+   - Dumps on market
+   - Dilutes all holders
+   - Price crashes
+3. **Freeze All Transfers**
+   - PAUSER calls `pause()`
+   - All transfers blocked
+   - Users cannot sell or move funds
+   - Liquidity locked
+4. **Malicious Upgrade**
+   - UPGRADER deploys malicious implementation
+   - Calls `upgradeToAndCall(malicious, "")`
+   - New implementation steals all funds
+   - No timelock or warning
+5. **Change Settler**
+   - Admin calls `setSettler(attacker)`
+   - Attacker gets MINTER_ROLE
+   - Can mint/burn at will
+---
+## FINAL VERDICT
+**Risk Rating: 9/10 - CRITICAL RISK** ⚠️🚨
+**CRITICAL VULNERABILITY**: MINTER_ROLE can burn tokens from ANY address without approval using function `0x83536352`. This is a severe backdoor that allows complete theft of user funds.
+Combined with:
+- Unlimited minting
+- Pausable transfers
+- Upgradeable implementation
+- No timelocks or protections
+This token is **EXTREMELY DANGEROUS** for users. The admin has complete control over all funds.
+### Summary of Risks:
+1. 🚨 **MINTER can burn from any address** (function 0x83536352)
+2. ⚠️ **Unlimited minting** capability
+3. ⚠️ **Pausable** - can freeze all transfers
+4. ⚠️ **Upgradeable** - can change all logic
+5. ⚠️ **No timelocks** or user protections
+6. ⚠️ **Unverified source** - decompiled only
+### Recommendation:
+**DO NOT USE THIS TOKEN** unless you have complete trust in the admin team. This is effectively a custodial token where the admin can:
+- Burn your tokens at any time
+- Freeze your funds
+- Mint unlimited supply
+- Change all contract logic
+---
+**Audit Date:** March 26, 2026
+**Auditor:** Kiro AI Security Analysis
+**Tools Used:** Manual Code Review, Decompiler Analysis, Cast CLI
+**Status:** COMPLETE - CRITICAL VULNERABILITIES FOUND

package/DXSALE_LOCK_AUDIT.md ADDED Viewed

File without changes

package/DXSaleLock_bytecode.txt ADDED Viewed

@@ -0,0 +1 @@

+ 0x6080604052600436106100f35760003560e01c8063a2e4ab651161008a578063dd2e0ac011610059578063dd2e0ac0146104de578063eedc966a14610508578063f2fde38b1461053b578063fb0c1e3a1461056e576100f3565b8063a2e4ab65146103c7578063ab36629214610481578063accef1fa14610496578063c7450462146104ab576100f3565b8063715018a6116100c6578063715018a61461025857806384a0b4851461026d5780638da5cb5b1461037f57806397288cbc14610394576100f3565b80630e48606b146100f8578063129fa7e81461013e57806365057350146102075780636cda375b1461022e575b600080fd5b34801561010457600080fd5b506101226004803603602081101561011b57600080fd5b5035610583565b604080516001600160a01b039092168252519081900360200190f35b610205600480360360a081101561015457600080fd5b6001600160a01b038235169160208101359160408201359160608101359181019060a08101608082013564010000000081111561019057600080fd5b8201836020820111156101a257600080fd5b803590602001918460018302840111640100000000831117156101c457600080fd5b91908080601f01602080910402602001604051908101604052809392919081815260200183838082843760009201919091525092955061059e945050505050565b005b34801561021357600080fd5b5061021c610a58565b60408051918252519081900360200190f35b34801561023a57600080fd5b506102056004803603602081101561025157600080fd5b5035610a5e565b34801561026457600080fd5b50610205610ab9565b34801561027957600080fd5b506102a66004803603604081101561029057600080fd5b506001600160a01b038135169060200135610b18565b604051808e151581526020018d15158152602001806020018c81526020018b81526020018a8152602001898152602001888152602001878152602001868152602001858152602001848152602001836001600160a01b0316815260200182810382528d818151815260200191508051906020019080838360005b83811015610338578181015183820152602001610320565b50505050905090810190601f1680156103655780820380516001836020036101000a031916815260200191505b509e50505050505050505050505050505060405180910390f35b34801561038b57600080fd5b50610122610c1b565b3480156103a057600080fd5b50610205600480360360208110156103b757600080fd5b50356001600160a01b0316610c2a565b3480156103d357600080fd5b50610205600480360360408110156103ea57600080fd5b8135919081019060408101602082013564010000000081111561040c57600080fd5b82018360208201111561041e57600080fd5b8035906020019184600183028401116401000000008311171561044057600080fd5b91908080601f016020809104026020016040519081016040528093929190818152602001838380828437600092019190915250929550610cbe945050505050565b34801561048d57600080fd5b5061021c610d4a565b3480156104a257600080fd5b5061021c610d50565b3480156104b757600080fd5b5061021c600480360360208110156104ce57600080fd5b50356001600160a01b0316610d54565b3480156104ea57600080fd5b506102056004803603602081101561050157600080fd5b5035610d66565b34801561051457600080fd5b5061021c6004803603602081101561052b57600080fd5b50356001600160a01b0316611260565b34801561054757600080fd5b506102056004803603602081101561055e57600080fd5b50356001600160a01b03166112e1565b34801561057a57600080fd5b50610122611304565b6006602052600090815260409020546001600160a01b031681565b6003543410156105df5760405162461bcd60e51b81526004018080602001828103825260338152602001806118816033913960400191505060405180910390fd5b6001546003546040516001600160a01b039092169181156108fc0291906000818181858888f1935050505015801561061b573d6000803e3d6000fd5b503360009081526005602090815260408083206007835281842054845290915290205460ff161561067d5760405162461bcd60e51b815260040180806020018281038252602a8152602001806116c6602a913960400191505060405180910390fd5b8160648161068757fe5b06156106c45760405162461bcd60e51b815260040180806020018281038252604281526020018061179d6042913960600191505060405180910390fd5b4284116107025760405162461bcd60e51b815260040180806020018281038252603181526020018061173c6031913960400191505060405180910390fd5b600083116107415760405162461bcd60e51b81526004018080602001828103825260288152602001806117df6028913960400191505060405180910390fd5b6107496115bd565b604051806101a001604052806001151581526020016001151581526020018381526020018581526020018681526020018481526020014281526020014281526020016107a08560025461131390919063ffffffff16565b81526020016107ba8560025461131390919063ffffffff16565b81526020016107e76107d78660025461131390919063ffffffff16565b6107e1894261135e565b90611313565b815260200161080b6108048660025461131390919063ffffffff16565b8790611313565b81526001600160a01b03881660209182015233600090815260058252604080822060078452818320548352835290819020835181548585015115156101000261ff001992151560ff1990921691909117919091161781559083015180519394508493919261088192600185019290910190611632565b50606082015160028201556080820151600382015560a082015160048083019190915560c0830151600583015560e083015160068084019190915561010084015160078085019190915561012085015160088501556101408501516009850155610160850151600a85015561018090940151600b90930180546001600160a01b03199081166001600160a01b03958616179091558254600090815260209283526040808220805433941684179055845460019081018655838352968452808220805490970190965585516323b872dd60e01b815293840191909152306024840152604483018990529351928a16936323b872dd936064808501949192918390030190829087803b15801561099457600080fd5b505af11580156109a8573d6000803e3d6000fd5b505050506040513d60208110156109be57600080fd5b50516109fb5760405162461bcd60e51b815260040180806020018281038252603081526020018061176d6030913960400191505060405180910390fd5b604080513381526001600160a01b03881660208201528082018690524260608201526080810187905290517f598cd56214a374d15f638dd04913e0288cd76c7833ee66b15cf55845d875a1879181900360a00190a1505050505050565b60045481565b6000546001600160a01b03163314610a7557600080fd5b60008111610ab45760405162461bcd60e51b815260040180806020018281038252602b815260200180611902602b913960400191505060405180910390fd5b600355565b6000546001600160a01b03163314610ad057600080fd5b600080546040516001600160a01b03909116917ff8df31144d9c2f0f6b59d69b8b98abd5459d07f2742c4df920b25aae33c6482091a2600080546001600160a01b0319169055565b6005602090815260009283526040808420825291835291819020805460018083018054855160026101009483161585026000190190921691909104601f810188900488028201880190965285815260ff8085169793909404909316949091830182828015610bc75780601f10610b9c57610100808354040283529160200191610bc7565b820191906000526020600020905b815481529060010190602001808311610baa57829003601f168201915b50505060028401546003850154600486015460058701546006880154600789015460088a015460098b0154600a8c0154600b909c01549a9b979a96995094975092959194909391906001600160a01b03168d565b6000546001600160a01b031681565b6000546001600160a01b03163314610c4157600080fd5b6001600160a01b038116610c9c576040805162461bcd60e51b815260206004820181905260248201527f6572723a204c6f636b446570202d20616464726573732063616e742062652030604482015290519081900360640190fd5b600180546001600160a01b0319166001600160a01b0392909216919091179055565b33600090815260056020908152604080832085845290915290205460ff16610d175760405162461bcd60e51b81526004018080602001828103825260238152602001806118b46023913960400191505060405180910390fd5b33600090815260056020908152604080832085845282529091208251610d4592600190920191840190611632565b505050565b60035481565b4290565b60076020526000908152604090205481565b33600090815260056020908152604080832084845290915290205460ff16610dbf5760405162461bcd60e51b81526004018080602001828103825260298152602001806116f06029913960400191505060405180910390fd5b336000908152600560209081526040808320848452909152902054610100900460ff16610e1d5760405162461bcd60e51b815260040180806020018281038252602c815260200180611807602c913960400191505060405180910390fd5b33600090815260056020908152604080832084845290915281206009810154600690910154610e5291906107e190429061135e565b3360009081526005602090815260408083208684529091529020600801549091508110610e9957503360009081526005602090815260408083208484529091529020600801545b3360009081526005602090815260408083208584529091528120600a0154610ec190836113a0565b905060008211610f025760405162461bcd60e51b815260040180806020018281038252603181526020018061192d6031913960400191505060405180910390fd5b336000908152600560209081526040808320868452909152902060080154610f5b5760405162461bcd60e51b81526004018080602001828103825260238152602001806117196023913960400191505060405180910390fd5b336000908152600560209081526040808320868452909152902060080154610f83908361135e565b3360009081526005602090815260408083208784529091529020600881019190915560030154421180610fd15750336000908152600560209081526040808320868452909152902060080154155b15610ffa573360009081526005602090815260408083208684529091529020805461ff00191690555b33600090815260056020908152604080832086845290915290206009015461104b906110279084906113a0565b336000908152600560209081526040808320888452909152902060060154906113f9565b3360009081526005602090815260408083208784528252918290206006810193909355600b9092015481516370a0823160e01b8152306004820152915184936001600160a01b03909216926370a08231926024808301939192829003018186803b1580156110b857600080fd5b505afa1580156110cc573d6000803e3d6000fd5b505050506040513d60208110156110e257600080fd5b505110156111215760405162461bcd60e51b815260040180806020018281038252602b8152602001806118d7602b913960400191505060405180910390fd5b3360008181526005602090815260408083208784528252808320600b0154815163a9059cbb60e01b815260048101959095526024850186905290516001600160a01b039091169363a9059cbb9360448083019493928390030190829087803b15801561118c57600080fd5b505af11580156111a0573d6000803e3d6000fd5b505050506040513d60208110156111b657600080fd5b50516111f35760405162461bcd60e51b815260040180806020018281038252602d815260200180611833602d913960400191505060405180910390fd5b336000818152600560209081526040808320878452825291829020600b015482519384526001600160a01b031690830152818101839052426060830152517f70b3728997a94e831677ea05af3d136909bccd53ccbdbd2b5c44ee22ab7b92dc9181900360800190a1505050565b6000816001600160a01b03166370a08231306040518263ffffffff1660e01b815260040180826001600160a01b0316815260200191505060206040518083038186803b1580156112af57600080fd5b505afa1580156112c3573d6000803e3d6000fd5b505050506040513d60208110156112d957600080fd5b505192915050565b6000546001600160a01b031633146112f857600080fd5b61130181611453565b50565b6001546001600160a01b031681565b600061135583836040518060400160405280601a81526020017f536166654d6174683a206469766973696f6e206279207a65726f0000000000008152506114c1565b90505b92915050565b600061135583836040518060400160405280601e81526020017f536166654d6174683a207375627472616374696f6e206f766572666c6f770000815250611563565b6000826113af57506000611358565b828202828482816113bc57fe5b04146113555760405162461bcd60e51b81526004018080602001828103825260218152602001806118606021913960400191505060405180910390fd5b600082820183811015611355576040805162461bcd60e51b815260206004820152601b60248201527f536166654d6174683a206164646974696f6e206f766572666c6f770000000000604482015290519081900360640190fd5b6001600160a01b03811661146657600080fd5b600080546040516001600160a01b03808516939216917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e091a3600080546001600160a01b0319166001600160a01b0392909216919091179055565b6000818361154d5760405162461bcd60e51b81526004018080602001828103825283818151815260200191508051906020019080838360005b838110156115125781810151838201526020016114fa565b50505050905090810190601f16801561153f5780820380516001836020036101000a031916815260200191505b509250505060405180910390fd5b50600083858161155957fe5b0495945050505050565b600081848411156115b55760405162461bcd60e51b81526020600482018181528351602484015283519092839260449091019190850190808383600083156115125781810151838201526020016114fa565b505050900390565b604051806101a001604052806000151581526020016000151581526020016060815260200160008152602001600081526020016000815260200160008152602001600081526020016000815260200160008152602001600081526020016000815260200160006001600160a01b031681525090565b828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f1061167357805160ff19168380011785556116a0565b828001600101855582156116a0579182015b828111156116a0578251825591602001919060010190611685565b506116ac9291506116b0565b5090565b5b808211156116ac57600081556001016116b156fe6572723a204c6f636b446570202d207573657220616c7265616479206d6164652061206c6f636b6572216572723a204c6f636b446570202d207573657220646f65736e7420686176652061206c6f636b6572216572723a204c6f636b446570202d206e6f206d6f7265207061796f757473206c6566746572723a204c6f636b446570202d204c6f636b2074696d65206d75737420626520686967686572207468616e206e6f77216572723a204c6f636b446570202d20556e61626c6520746f2067657420746f6b656e7320666f72206c6f636b696e67216572723a204c6f636b446570202d2076657374696e672070657263656e74616765206d7573742064697669646520313030207769746820302072656d61696e6465726572723a204c6f636b446570202d20746f6b656e20416d6f756e74206d757374206265203e2030216572723a204c6f636b446570202d2075736572277320746f6b656e7320617265206e6f74206c6f636b6564216572723a204c6f636b6572202d20546f6b656e20726566756e6420746f2063726561746f72206661696c656421536166654d6174683a206d756c7469706c69636174696f6e206f766572666c6f776572723a204c6f636b446570202d20706c6561736520707574206d73672e76616c7565203e3d206c6f636b696e6720666565736572723a204c6f636b446570202d206c6f636b657220646f65736e74206578697374216572723a204c6f636b6572202d206e6f206d6f726520746f6b656e73206c65667420746f20726566756e646572723a204c6f636b446570202d2066656573206d7573742062652067726561746572207468616e2030216572723a204c6f636b446570202d206d75737420686176652061746c656173742031207061796f75742076657374656421a26469706673582212209905a514f94bd84c160423321309bec572cc39009334862f948366073007a8aa64736f6c634300060c0033

package/ECHIDNA_QUICK_START.md ADDED Viewed

@@ -0,0 +1,101 @@
+# Echidna Quick Start - LendFlare Token
+## 🚀 Install Echidna (macOS)
+```bash
+brew install echidna
+```
+## ⚡ Run Fuzzing (3 Commands)
+### 1. Quick Test (5 min)
+```bash
+echidna echidna/LendFlareTokenEchidna.sol --contract LendFlareTokenEchidna
+```
+### 2. Deep Test (1 hour)
+```bash
+echidna echidna/LendFlareTokenEchidna.sol --contract LendFlareTokenEchidna --test-limit 500000 --timeout 3600
+```
+### 3. Overnight (8 hours)
+```bash
+echidna echidna/LendFlareTokenEchidna.sol --contract LendFlareTokenEchidna --test-limit 1000000 --timeout 28800
+```
+## 📊 Reading Results
+### ✅ All Passed = No Bugs
+```
+echidna_supply_not_exceed_available: passed! 🎉
+echidna_no_overflow_in_available_supply: passed! 🎉
+```
+### ❌ Failed = BUG FOUND!
+```
+echidna_supply_not_exceed_available: failed!💥
+  Call sequence:
+    mint(0x30000, 999999999999999999999999)
+```
+## 🎯 What We're Looking For
+- ✅ Mint tokens without authorization
+- ✅ Integer overflow to create infinite tokens
+- ✅ Bypass transfer restrictions
+- ✅ Steal tokens from others
+## 📁 Files
+- `echidna/LendFlareTokenEchidna.sol` - Fuzzing contract
+- `echidna/lendflare.yaml` - Config
+- `LENDFLARE_ECHIDNA_GUIDE.md` - Full guide
+- `audits/LendFlareToken-security-audit-20260325.md` - Audit report
+## 🔍 8 Invariants Being Tested
+1. totalSupply = sum of balances
+2. No balance > totalSupply
+3. Rate only decreases
+4. Epoch only increases
+5. Available supply increases
+6. **totalSupply ≤ availableSupply** ⚠️ CRITICAL
+7. Epoch time valid
+8. **No overflow in inflation** ⚠️ CRITICAL
+## 💡 If Echidna Finds a Bug
+1. Copy the call sequence
+2. Reproduce in Remix
+3. Write exploit contract
+4. Calculate profit
+5. Test on mainnet fork
+## 🎬 Example Bug Output
+```
+echidna_no_overflow_in_available_supply: failed!💥
+  Call sequence:
+    forceSetRate(115792089237316195423570985008687907853269984665640564039457)
+    forceAdvanceTime(31536000000)
+    mint(0x20000, 1000000000000000000000000)
+  This means: Integer overflow in rate * time calculation!
+  Exploit: Manipulate rate/time to overflow availableSupply()
+  Result: Mint unlimited tokens
+```
+## 🚨 Current Status
+- Manual audit: ❌ NO user exploits found
+- Token type: 🔴 HONEYPOT (can't sell)
+- Echidna status: ⏳ Ready to run
+- Expected result: Likely no bugs, but worth checking
+## ⚡ One-Liner
+```bash
+brew install echidna && echidna echidna/LendFlareTokenEchidna.sol --contract LendFlareTokenEchidna
+```
+That's it! Let Echidna run and see if it finds anything. 🐛🔍