uups-checker 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (670) hide show
  1. package/.gitmodules +6 -0
  2. package/AIFI_AUDIT.md +220 -0
  3. package/ALL_AUDITS_SUMMARY.md +366 -0
  4. package/ALPHA_PROXY_CRITICAL_FINDING.md +136 -0
  5. package/ALPHA_PROXY_FINAL_ANALYSIS.md +213 -0
  6. package/ALPHA_PROXY_FINAL_VERDICT.md +233 -0
  7. package/ALPHA_PROXY_SELFDESTRUCT_EXPLOIT.md +161 -0
  8. package/ARIA-foundry-test.txt +9 -0
  9. package/ARIA-mythril-analysis.txt +20 -0
  10. package/ARIA-slither-analysis.txt +38 -0
  11. package/ARIA_AI_SECURITY_AUDIT.md +290 -0
  12. package/ARIA_VERIFIED_AUDIT.md +259 -0
  13. package/ARIA_VERIFIED_slither.txt +76 -0
  14. package/ARIVA_source.txt +1 -0
  15. package/ARK_AUDIT.md +349 -0
  16. package/BANANA_AUDIT.md +365 -0
  17. package/BAS_AUDIT.md +451 -0
  18. package/BAS_TOKEN_AUDIT.md +235 -0
  19. package/BCE_EXPLOIT_ANALYSIS.md +165 -0
  20. package/BEEFY_BNB_CHAIN_ANALYSIS.md +488 -0
  21. package/BEEFY_MONAD_ANALYSIS.md +239 -0
  22. package/BEEFY_STAKING_ANALYSIS.md +136 -0
  23. package/BEEFY_XVS_WBNB_ACTUAL_FINDINGS.md +223 -0
  24. package/BEEFY_XVS_WBNB_CRITICAL_FINDINGS.md +269 -0
  25. package/BLOCKSEC_ATTACK_KNOWLEDGE_BASE.md +771 -0
  26. package/BRISE_ANALYSIS.txt +31 -0
  27. package/BRISE_BSC_DAPPS.txt +68 -0
  28. package/BRISE_EXPLOITS_FOUND.md +98 -0
  29. package/BRISE_REAL_EXPLOITS.md +115 -0
  30. package/BRISE_WHITEHAT_REPORT.md +162 -0
  31. package/BRISEstake_Analysis.txt +95 -0
  32. package/BSCSLOCKTOKEN_CRITICAL_FINDING.md +240 -0
  33. package/BSW_BISWAP_SECURITY_AUDIT.md +330 -0
  34. package/BTCST_FINAL_VERDICT.md +319 -0
  35. package/BTCST_MINING_REBASE_ANALYSIS.md +229 -0
  36. package/BTCST_ROUNDING_DEEP_DIVE.md +293 -0
  37. package/BTCST_ROUNDING_FINAL_VERDICT.md +9 -0
  38. package/BTCST_SECURITY_ANALYSIS.md +391 -0
  39. package/BTR_AUDIT.md +210 -0
  40. package/BeamBridge-analysis.md +226 -0
  41. package/BeamToken-analysis.md +201 -0
  42. package/BitgertSwap_Investigation.txt +107 -0
  43. package/CEEK_STAKING_ANALYSIS.md +0 -0
  44. package/CHAINBASE_AUDIT.md +422 -0
  45. package/COMPLETE_AUDIT_SUMMARY.md +342 -0
  46. package/CORRECTED_ANALYSIS.txt +115 -0
  47. package/DBXEN_COMPARISON_SUMMARY.md +232 -0
  48. package/DBXEN_EXPLOIT_ANALYSIS.md +530 -0
  49. package/DOPFairLaunch_raw.json +29 -0
  50. package/DOPFairLaunch_source.txt +0 -0
  51. package/DOP_BRIDGE_FINAL_ANALYSIS.txt +86 -0
  52. package/DOP_BUSD_LP_ANALYSIS.txt +44 -0
  53. package/DOP_FAIRLAUNCH_ANALYSIS.txt +61 -0
  54. package/DOP_FAIRLAUNCH_FINAL_VERDICT.txt +113 -0
  55. package/DOP_STAKING_CONTRACT_ANALYSIS.txt +67 -0
  56. package/DSYNC_ECOSYSTEM_ANALYSIS.md +221 -0
  57. package/DSyncStaking-exploit-analysis.md +153 -0
  58. package/DSyncVault-analysis.md +120 -0
  59. package/DUSD_PROXY_AUDIT.md +407 -0
  60. package/DXSALE_LOCK_AUDIT.md +0 -0
  61. package/DXSaleLock_bytecode.txt +1 -0
  62. package/ECHIDNA_QUICK_START.md +101 -0
  63. package/ELEPHANT_ECOSYSTEM_AUDIT_PLAN.md +159 -0
  64. package/ELEPHANT_ECOSYSTEM_COMPREHENSIVE_AUDIT.md +427 -0
  65. package/ELEPHANT_SECURITY_ANALYSIS.md +209 -0
  66. package/ELEPHANT_VULNERABILITIES_EXPLAINED.md +455 -0
  67. package/EXPLOIT_FIX.md +300 -0
  68. package/EXPLOIT_INSTRUCTIONS.md +273 -0
  69. package/EXPLOIT_SUMMARY.md +285 -0
  70. package/EXPLOIT_SUMMARY.txt +175 -0
  71. package/FALCON_FINANCE_AUDIT.md +258 -0
  72. package/FANDOM_AUDIT.md +359 -0
  73. package/FEE_ON_TRANSFER_ANALYSIS.md +228 -0
  74. package/FINAL_AUDIT_REPORT.md +0 -0
  75. package/FOLIO_PROXY_AUDIT.md +299 -0
  76. package/FOT_EXPLOIT_RESULTS.txt +110 -0
  77. package/FOT_TOKENS_AUDITED.md +103 -0
  78. package/HEGIC-mythril-analysis.txt +39 -0
  79. package/HEGIC_COMPLETE_ANALYSIS.md +343 -0
  80. package/HOTCROSS_SWAP_EXPLOIT_ANALYSIS.md +123 -0
  81. package/ICECREAMSWAP_EXPLOITS.md +259 -0
  82. package/IMMUNEFI_REPORT.md +314 -0
  83. package/KCCPAD_EXPLOIT_GUIDE.md +285 -0
  84. package/KEL_CEL_EXPLOIT_ANALYSIS.md +0 -0
  85. package/KOGE_AUDIT.md +328 -0
  86. package/LENDFLARE_ANALYSIS.md +239 -0
  87. package/LENDFLARE_ECHIDNA_GUIDE.md +356 -0
  88. package/LENDFLARE_EXPLOIT_INSTRUCTIONS.md +297 -0
  89. package/LENDFLARE_EXPLOIT_SUMMARY.md +292 -0
  90. package/LENDFLARE_FLASHLOAN_GUIDE.md +383 -0
  91. package/LENDFLARE_FUZZING_RESULTS.md +252 -0
  92. package/LENDFLARE_HONEYPOT_BYPASS_ANALYSIS.md +420 -0
  93. package/LENDFLARE_MANUAL_FUZZING.md +324 -0
  94. package/LENDFLARE_MYTHRIL_ANALYSIS.md +339 -0
  95. package/LENDFLARE_V3_BYPASS.md +296 -0
  96. package/LFTDECOMPILE.txt +14478 -0
  97. package/LFT_ACCOUNTING_ANALYSIS.md +0 -0
  98. package/LFT_ACCOUNTING_BUG_ANALYSIS.md +426 -0
  99. package/LFT_BACKDOOR_DEEP_DIVE.md +0 -0
  100. package/LFT_CRITICAL_EXPLOIT_CONFIRMED.md +428 -0
  101. package/LFT_EXPLOIT_VISUAL.md +253 -0
  102. package/LFT_QUICK_SUMMARY.md +124 -0
  103. package/LFT_REVERSE_EXPLOIT_ANALYSIS.md +521 -0
  104. package/MGO_AUDIT_REPORT.md +420 -0
  105. package/MYTHRIL_FINAL_REPORT.md +306 -0
  106. package/MYTHRIL_SLITHER_SUMMARY.md +244 -0
  107. package/NETX_MIGRATION_AUDIT.md +0 -0
  108. package/NPM_PUBLISH_GUIDE.md +0 -0
  109. package/NRV_CRITICAL_EXPLOIT.txt +143 -0
  110. package/NetX_Analysis.txt +76 -0
  111. package/NetX_Migration_bytecode.txt +1 -0
  112. package/NetX_Migration_source.txt +0 -0
  113. package/NetX_Token_source.txt +0 -0
  114. package/NetxWhitehatRescue +22 -0
  115. package/OILER_ATTACK_VISUAL.md +351 -0
  116. package/OILER_BLOCKSEC_TEST_RESULTS.md +421 -0
  117. package/OILER_DEEP_ANALYSIS.md +212 -0
  118. package/OILER_FINAL_EXPLOIT_REPORT.md +241 -0
  119. package/OILER_FINAL_VERDICT.md +339 -0
  120. package/OILER_REENTRANCY_EXPLAINED.md +638 -0
  121. package/OILER_REENTRANCY_FINAL_SUMMARY.md +391 -0
  122. package/OILER_REENTRANCY_REALITY_CHECK.md +393 -0
  123. package/OILER_REENTRANCY_STEP_BY_STEP.md +597 -0
  124. package/OILER_STAKING_MAINNET_ANALYSIS.md +366 -0
  125. package/OILER_STAKING_SECURITY_ANALYSIS.md +409 -0
  126. package/PANCAKESWAP_UNDERFLOW_HUNTING.md +317 -0
  127. package/POLS_MULTICHAIN_AUDIT.md +0 -0
  128. package/POSI_STAKING_AUDIT.md +0 -0
  129. package/PROXY2_SECURITY_ANALYSIS.md +0 -0
  130. package/Proxy2TACS +29748 -0
  131. package/QUICK_START.md +240 -0
  132. package/RAMP_SECURITY_ANALYSIS.md +0 -0
  133. package/README.md +238 -0
  134. package/REAUDIT_MASTER_LIST.txt +15 -0
  135. package/RING_analysis.txt +212 -0
  136. package/RPC +4 -0
  137. package/RULES.txt +20 -0
  138. package/SIREN_AUDIT.md +186 -0
  139. package/SYNC_EXPLOIT_README.md +0 -0
  140. package/SYNC_TOKEN_EXPLOIT_REPORT.md +224 -0
  141. package/TLM_raw.html +0 -0
  142. package/TLM_raw.txt +0 -0
  143. package/TLM_response.json +1 -0
  144. package/TRADOOR_AUDIT.md +253 -0
  145. package/TRUNK_AUDIT.md +285 -0
  146. package/UNIBASE_AUDIT.md +241 -0
  147. package/UNLOCK_ANALYSIS.md +0 -0
  148. package/UNLOCK_EXPLOIT.md +49 -0
  149. package/UNLOCK_EXPLOIT_ANALYSIS.md +0 -0
  150. package/UPS +232 -0
  151. package/UUPSCHECKER +208 -0
  152. package/VAULT_PROXY_AUDIT.md +457 -0
  153. package/VAULT_PROXY_FINAL_VERDICT.md +0 -0
  154. package/VERIFIED_EXPLOITS_FINAL.txt +146 -0
  155. package/WKEYDAO2_AUDIT.md +245 -0
  156. package/WSG_AUDIT.md +0 -0
  157. package/XFI_DEEP_ANALYSIS.md +327 -0
  158. package/YOOSHI_EXPLOIT_GUIDE.md +119 -0
  159. package/YSDAO_EXPLOIT_GUIDE.md +0 -0
  160. package/agent-4-bundle.md +22490 -0
  161. package/alpha-proxy-echidna.txt +1 -0
  162. package/alpha-proxy-fuzz-results.txt +81 -0
  163. package/alpha-proxy-mythril.txt +2 -0
  164. package/analyze-btcst-farm.js +54 -0
  165. package/analyze-dxsale-lock.js +75 -0
  166. package/analyze-elephant.js +69 -0
  167. package/analyze-fara-rewards.js +109 -0
  168. package/analyze-fara-storage.js +83 -0
  169. package/analyze-lft-transaction.js +158 -0
  170. package/analyze-lock-bytecode.js +59 -0
  171. package/analyze-shegic.js +0 -0
  172. package/analyze-staking-abi.js +0 -0
  173. package/analyze-sxp.js +57 -0
  174. package/analyze-tlm.js +76 -0
  175. package/analyze-trumpet.js +98 -0
  176. package/analyze-unlimited-nft.js +108 -0
  177. package/analyze_elephant.sh +27 -0
  178. package/analyze_vault.sh +32 -0
  179. package/aria-bytecode.txt +1 -0
  180. package/aria_response.json +1 -0
  181. package/ark_temp/README.md +66 -0
  182. package/ark_temp/lib/forge-std/.gitattributes +1 -0
  183. package/ark_temp/lib/forge-std/.github/CODEOWNERS +1 -0
  184. package/ark_temp/lib/forge-std/.github/dependabot.yml +6 -0
  185. package/ark_temp/lib/forge-std/.github/workflows/ci.yml +125 -0
  186. package/ark_temp/lib/forge-std/.github/workflows/sync.yml +36 -0
  187. package/ark_temp/lib/forge-std/CONTRIBUTING.md +193 -0
  188. package/ark_temp/lib/forge-std/LICENSE-APACHE +203 -0
  189. package/ark_temp/lib/forge-std/LICENSE-MIT +25 -0
  190. package/ark_temp/lib/forge-std/README.md +314 -0
  191. package/ark_temp/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  192. package/ark_temp/lib/forge-std/package.json +16 -0
  193. package/ark_temp/lib/forge-std/scripts/vm.py +636 -0
  194. package/audits/AiFi-security-audit-20260326.md +499 -0
  195. package/audits/BasedAI-Brains-security-audit-20260324.md +651 -0
  196. package/audits/BinanceAlphaWallet-pashov-ai-audit-report-20260324-170000.md +362 -0
  197. package/audits/DGToken-security-audit-20260324.md +376 -0
  198. package/audits/DSyncStaking-audit-part1.md +161 -0
  199. package/audits/DSyncStaking-security-audit-20260324.md +547 -0
  200. package/audits/DecompiledERC20-security-audit-20260325.md +397 -0
  201. package/audits/DegenVC-security-audit-20260324.md +585 -0
  202. package/audits/DelreyInu-security-audit-20260324.md +463 -0
  203. package/audits/DestraNetwork-security-audit-20260324.md +705 -0
  204. package/audits/DomiToken-security-audit-20260324.md +514 -0
  205. package/audits/LendFlareToken-security-audit-20260325.md +197 -0
  206. package/audits/LockReleaseTokenPool-security-audit-20260324.md +482 -0
  207. package/audits/MOG-pashov-ai-audit-report-20260324-164900.md +229 -0
  208. package/audits/PAALAI-security-audit-20260324.md +475 -0
  209. package/audits/PAR-security-audit-20260325.md +311 -0
  210. package/audits/PepeCoinStaking-security-audit-20260324.md +358 -0
  211. package/audits/StakingPool-security-audit-20260324.md +517 -0
  212. package/audits/SyncToken-security-audit-20260324.md +778 -0
  213. package/audits/UndeadToken-decompiled-security-audit-20260324.md +485 -0
  214. package/audits/UnknownToken-decompiled-security-audit-20260324.md +647 -0
  215. package/audits/XFIStaking-security-audit-20260324.md +682 -0
  216. package/audits/Xfinance-security-audit-20260324.md +463 -0
  217. package/audits/basedAIFarm-security-audit-20260324.md +330 -0
  218. package/audits/pepeCoin-security-audit-20260324.md +462 -0
  219. package/bin/ups +232 -0
  220. package/binance-wallet-exploit/.env.example +2 -0
  221. package/binance-wallet-exploit/EXECUTIVE_SUMMARY.md +272 -0
  222. package/binance-wallet-exploit/EXPLOIT_SUMMARY.md +104 -0
  223. package/binance-wallet-exploit/FINAL_ANALYSIS.md +326 -0
  224. package/binance-wallet-exploit/FLASHLOAN_ATTACK.md +292 -0
  225. package/binance-wallet-exploit/HONEYPOT_REPORT.md +526 -0
  226. package/binance-wallet-exploit/INVESTIGATION_COMPLETE.md +362 -0
  227. package/binance-wallet-exploit/LENDFLARE_EXPLOIT.md +219 -0
  228. package/binance-wallet-exploit/LENDFLARE_FINAL_ATTACK.md +307 -0
  229. package/binance-wallet-exploit/LENDFLARE_REAL_EXPLOIT.md +286 -0
  230. package/binance-wallet-exploit/LENDFLARE_RUGPULL.md +269 -0
  231. package/binance-wallet-exploit/LFT_ANALYSIS.md +206 -0
  232. package/binance-wallet-exploit/QUICK_START.md +75 -0
  233. package/binance-wallet-exploit/README.md +195 -0
  234. package/binance-wallet-exploit/REAL_TX_EXPLOIT_ANALYSIS.md +271 -0
  235. package/binance-wallet-exploit/REMIX_INSTRUCTIONS.md +223 -0
  236. package/binance-wallet-exploit/TEST_RESULTS.md +203 -0
  237. package/binance-wallet-exploit/cache/solidity-files-cache.json +1 -0
  238. package/binance-wallet-exploit/cache/test-failures +1 -0
  239. package/binance-wallet-exploit/lib/forge-std/.gitattributes +1 -0
  240. package/binance-wallet-exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  241. package/binance-wallet-exploit/lib/forge-std/.github/dependabot.yml +6 -0
  242. package/binance-wallet-exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  243. package/binance-wallet-exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  244. package/binance-wallet-exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  245. package/binance-wallet-exploit/lib/forge-std/LICENSE-APACHE +203 -0
  246. package/binance-wallet-exploit/lib/forge-std/LICENSE-MIT +25 -0
  247. package/binance-wallet-exploit/lib/forge-std/README.md +314 -0
  248. package/binance-wallet-exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  249. package/binance-wallet-exploit/lib/forge-std/package.json +16 -0
  250. package/binance-wallet-exploit/lib/forge-std/scripts/vm.py +636 -0
  251. package/binance-wallet-exploit/out/build-info/1e9aa7e86cf56962.json +1 -0
  252. package/binance-wallet-exploit/out/build-info/6f56f10e9d7b56eb.json +1 -0
  253. package/binance-wallet-exploit/out/build-info/7edba961ff697a24.json +1 -0
  254. package/binance-wallet-exploit/out/build-info/8c27fe3efea2f2e7.json +1 -0
  255. package/binance-wallet-exploit/out/build-info/978b680daffec63a.json +1 -0
  256. package/binance-wallet-exploit/out/build-info/9806b900b5672d0c.json +1 -0
  257. package/binance-wallet-exploit/out/build-info/b4b9ff36e9b3fc27.json +1 -0
  258. package/binance-wallet-exploit/out/build-info/b6f4df9ae05c0812.json +1 -0
  259. package/binance-wallet-exploit/out/build-info/c88dbc86551f7b5c.json +1 -0
  260. package/binance-wallet-exploit/out/build-info/e9657504010623db.json +1 -0
  261. package/cache/fuzz/failures/ARIAVerifiedFuzzTest/testFuzz_ApprovalRaceCondition +1 -0
  262. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_DirectTransferExploit +1 -0
  263. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_LargeSwapDrain +1 -0
  264. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_ApprovalExploit +1 -0
  265. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_BalanceManipulation +1 -0
  266. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_RateManipulation +1 -0
  267. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_StorageManipulation +1 -0
  268. package/cache/fuzz/failures/PARFuzzTest/testFuzz_OverflowTransfer +1 -0
  269. package/cache/fuzz/failures/PARFuzzTest/testFuzz_Transfer +1 -0
  270. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_FrontrunAddfunds +1 -0
  271. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RewardOverflow +1 -0
  272. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RoundingExploit +1 -0
  273. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_WithdrawLimit +1 -0
  274. package/cache/solidity-files-cache.json +1 -0
  275. package/cache/test-failures +1 -0
  276. package/calculate-elephant-flashloan.js +195 -0
  277. package/check-address-approval.js +112 -0
  278. package/check-alpha-proxy.js +42 -0
  279. package/check-arbitrage.js +155 -0
  280. package/check-aria-token.js +47 -0
  281. package/check-ark.sh +20 -0
  282. package/check-btcst-mining.js +75 -0
  283. package/check-btcst-pools.js +163 -0
  284. package/check-btcst.js +88 -0
  285. package/check-caller.js +26 -0
  286. package/check-ceek-lp.js +73 -0
  287. package/check-ceek.js +47 -0
  288. package/check-dxsale-address.js +35 -0
  289. package/check-fara-exploit-timing.js +56 -0
  290. package/check-fara-real-exploit.js +73 -0
  291. package/check-flashloan-limits.js +129 -0
  292. package/check-kel-cel-pool.js +91 -0
  293. package/check-lax-staking.js +41 -0
  294. package/check-lendflare.js +165 -0
  295. package/check-lft-accounting.js +109 -0
  296. package/check-lft-roles.js +165 -0
  297. package/check-lock-time.js +47 -0
  298. package/check-min-stake.js +73 -0
  299. package/check-mystery-contract.js +52 -0
  300. package/check-next-token.js +50 -0
  301. package/check-nora-lock.js +67 -0
  302. package/check-oiler-approvals.js +116 -0
  303. package/check-oiler-proxy.js +73 -0
  304. package/check-oiler-staking.js +117 -0
  305. package/check-proxy-simple.js +71 -0
  306. package/check-recent-stakes.js +54 -0
  307. package/check-shegic-holdings.js +67 -0
  308. package/check-snowcrash-ecosystem.js +83 -0
  309. package/check-sync-lp.js +97 -0
  310. package/check-sync-stake.js +42 -0
  311. package/check-tlm.js +37 -0
  312. package/check-token-pools.js +146 -0
  313. package/check-trunk-depeg.js +181 -0
  314. package/check-tusd-decimals.js +58 -0
  315. package/check-user-storage-deep.js +81 -0
  316. package/check-welephant-pools.js +130 -0
  317. package/check-xfi-pool.js +75 -0
  318. package/check-zypher.js +32 -0
  319. package/check_proxy.sh +36 -0
  320. package/compare-tlm-chains.js +90 -0
  321. package/contract_0x05f2.html +6025 -0
  322. package/contract_0x3720.html +6361 -0
  323. package/contract_0x928e.html +5606 -0
  324. package/contract_0xc42d.html +5304 -0
  325. package/contract_page.html +5789 -0
  326. package/decode-stake-tx.js +50 -0
  327. package/deep-analyze-lock.js +82 -0
  328. package/dune_uups_proxy_query.sql +42 -0
  329. package/dune_uups_vulnerable_query.sql +0 -0
  330. package/echidna/alpha-proxy.yaml +14 -0
  331. package/echidna/elephant.yaml +7 -0
  332. package/echidna/lendflare.yaml +42 -0
  333. package/echidna.config.yaml +12 -0
  334. package/elephant_raw.json +1 -0
  335. package/eps_raw.json +1 -0
  336. package/exploit/.github/workflows/test.yml +38 -0
  337. package/exploit/.gitmodules +3 -0
  338. package/exploit/README.md +66 -0
  339. package/exploit/foundry.lock +8 -0
  340. package/exploit/lib/forge-std/.gitattributes +1 -0
  341. package/exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  342. package/exploit/lib/forge-std/.github/dependabot.yml +6 -0
  343. package/exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  344. package/exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  345. package/exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  346. package/exploit/lib/forge-std/LICENSE-APACHE +203 -0
  347. package/exploit/lib/forge-std/LICENSE-MIT +25 -0
  348. package/exploit/lib/forge-std/README.md +314 -0
  349. package/exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  350. package/exploit/lib/forge-std/package.json +16 -0
  351. package/exploit/lib/forge-std/scripts/vm.py +636 -0
  352. package/exploit_analysis.txt +51 -0
  353. package/extract_contract.py +21 -0
  354. package/extract_elephant_contracts.py +24 -0
  355. package/fara-staking-bytecode.txt +1 -0
  356. package/fara-staking-raw.txt +1 -0
  357. package/fetch-aria.js +46 -0
  358. package/fetch-contract.js +50 -0
  359. package/fetch-shegic-source.js +86 -0
  360. package/fetch-snowcrash.js +44 -0
  361. package/fetch-staking-source.js +53 -0
  362. package/fetch-tlm.js +60 -0
  363. package/fetch_elephant_source.py +32 -0
  364. package/find-ceek-staking.js +21 -0
  365. package/find-exploit-tx.js +88 -0
  366. package/find-oiler-holders.js +100 -0
  367. package/find-tlm-holder.js +36 -0
  368. package/find-vulnerable-fund.js +94 -0
  369. package/foundry.lock +8 -0
  370. package/fuzz-all.sh +53 -0
  371. package/get-aria-contract.py +40 -0
  372. package/get-lft-holders.js +89 -0
  373. package/get-tlm-source.sh +8 -0
  374. package/harvest_txs.json +1 -0
  375. package/lft-bytecode-raw.txt +1 -0
  376. package/lft-bytecode.json +1 -0
  377. package/lft-impl.bin +1 -0
  378. package/lft-implementation-bytecode.txt +1 -0
  379. package/lib/forge-std/.gitattributes +1 -0
  380. package/lib/forge-std/.github/CODEOWNERS +1 -0
  381. package/lib/forge-std/.github/dependabot.yml +6 -0
  382. package/lib/forge-std/.github/workflows/ci.yml +125 -0
  383. package/lib/forge-std/.github/workflows/sync.yml +36 -0
  384. package/lib/forge-std/CONTRIBUTING.md +193 -0
  385. package/lib/forge-std/LICENSE-APACHE +203 -0
  386. package/lib/forge-std/LICENSE-MIT +25 -0
  387. package/lib/forge-std/README.md +314 -0
  388. package/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  389. package/lib/forge-std/package.json +16 -0
  390. package/lib/forge-std/scripts/vm.py +636 -0
  391. package/lib/openzeppelin-contracts/.changeset/config.json +12 -0
  392. package/lib/openzeppelin-contracts/.codecov.yml +12 -0
  393. package/lib/openzeppelin-contracts/.editorconfig +21 -0
  394. package/lib/openzeppelin-contracts/.eslintrc +20 -0
  395. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
  396. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/config.yml +4 -0
  397. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/feature_request.md +14 -0
  398. package/lib/openzeppelin-contracts/.github/PULL_REQUEST_TEMPLATE.md +20 -0
  399. package/lib/openzeppelin-contracts/.github/actions/gas-compare/action.yml +49 -0
  400. package/lib/openzeppelin-contracts/.github/actions/setup/action.yml +21 -0
  401. package/lib/openzeppelin-contracts/.github/actions/storage-layout/action.yml +55 -0
  402. package/lib/openzeppelin-contracts/.github/workflows/actionlint.yml +18 -0
  403. package/lib/openzeppelin-contracts/.github/workflows/changeset.yml +28 -0
  404. package/lib/openzeppelin-contracts/.github/workflows/checks.yml +118 -0
  405. package/lib/openzeppelin-contracts/.github/workflows/docs.yml +19 -0
  406. package/lib/openzeppelin-contracts/.github/workflows/formal-verification.yml +68 -0
  407. package/lib/openzeppelin-contracts/.github/workflows/release-cycle.yml +214 -0
  408. package/lib/openzeppelin-contracts/.github/workflows/upgradeable.yml +34 -0
  409. package/lib/openzeppelin-contracts/.gitmodules +7 -0
  410. package/lib/openzeppelin-contracts/.mocharc.js +4 -0
  411. package/lib/openzeppelin-contracts/.prettierrc +15 -0
  412. package/lib/openzeppelin-contracts/.solcover.js +13 -0
  413. package/lib/openzeppelin-contracts/CHANGELOG.md +972 -0
  414. package/lib/openzeppelin-contracts/CODE_OF_CONDUCT.md +73 -0
  415. package/lib/openzeppelin-contracts/CONTRIBUTING.md +36 -0
  416. package/lib/openzeppelin-contracts/GUIDELINES.md +148 -0
  417. package/lib/openzeppelin-contracts/LICENSE +22 -0
  418. package/lib/openzeppelin-contracts/README.md +107 -0
  419. package/lib/openzeppelin-contracts/RELEASING.md +45 -0
  420. package/lib/openzeppelin-contracts/SECURITY.md +42 -0
  421. package/lib/openzeppelin-contracts/audits/2017-03.md +292 -0
  422. package/lib/openzeppelin-contracts/audits/2018-10.pdf +0 -0
  423. package/lib/openzeppelin-contracts/audits/2022-10-Checkpoints.pdf +0 -0
  424. package/lib/openzeppelin-contracts/audits/2022-10-ERC4626.pdf +0 -0
  425. package/lib/openzeppelin-contracts/audits/2023-05-v4.9.pdf +0 -0
  426. package/lib/openzeppelin-contracts/audits/2023-10-v5.0.pdf +0 -0
  427. package/lib/openzeppelin-contracts/audits/README.md +17 -0
  428. package/lib/openzeppelin-contracts/certora/Makefile +54 -0
  429. package/lib/openzeppelin-contracts/certora/README.md +60 -0
  430. package/lib/openzeppelin-contracts/certora/diff/access_manager_AccessManager.sol.patch +97 -0
  431. package/lib/openzeppelin-contracts/certora/reports/2021-10.pdf +0 -0
  432. package/lib/openzeppelin-contracts/certora/reports/2022-03.pdf +0 -0
  433. package/lib/openzeppelin-contracts/certora/reports/2022-05.pdf +0 -0
  434. package/lib/openzeppelin-contracts/certora/run.js +160 -0
  435. package/lib/openzeppelin-contracts/certora/specs/AccessControl.spec +119 -0
  436. package/lib/openzeppelin-contracts/certora/specs/AccessControlDefaultAdminRules.spec +464 -0
  437. package/lib/openzeppelin-contracts/certora/specs/DoubleEndedQueue.spec +300 -0
  438. package/lib/openzeppelin-contracts/certora/specs/ERC20.spec +352 -0
  439. package/lib/openzeppelin-contracts/certora/specs/ERC20FlashMint.spec +55 -0
  440. package/lib/openzeppelin-contracts/certora/specs/ERC20Wrapper.spec +198 -0
  441. package/lib/openzeppelin-contracts/certora/specs/ERC721.spec +679 -0
  442. package/lib/openzeppelin-contracts/certora/specs/EnumerableMap.spec +333 -0
  443. package/lib/openzeppelin-contracts/certora/specs/EnumerableSet.spec +246 -0
  444. package/lib/openzeppelin-contracts/certora/specs/Initializable.spec +165 -0
  445. package/lib/openzeppelin-contracts/certora/specs/Ownable.spec +77 -0
  446. package/lib/openzeppelin-contracts/certora/specs/Ownable2Step.spec +108 -0
  447. package/lib/openzeppelin-contracts/certora/specs/Pausable.spec +96 -0
  448. package/lib/openzeppelin-contracts/certora/specs/TimelockController.spec +274 -0
  449. package/lib/openzeppelin-contracts/certora/specs/helpers/helpers.spec +7 -0
  450. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControl.spec +8 -0
  451. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControlDefaultAdminRules.spec +36 -0
  452. package/lib/openzeppelin-contracts/certora/specs/methods/IERC20.spec +11 -0
  453. package/lib/openzeppelin-contracts/certora/specs/methods/IERC2612.spec +5 -0
  454. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashBorrower.spec +3 -0
  455. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashLender.spec +5 -0
  456. package/lib/openzeppelin-contracts/certora/specs/methods/IERC5313.spec +3 -0
  457. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721.spec +17 -0
  458. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721Receiver.spec +3 -0
  459. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable.spec +5 -0
  460. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable2Step.spec +7 -0
  461. package/lib/openzeppelin-contracts/certora/specs.json +86 -0
  462. package/lib/openzeppelin-contracts/contracts/access/README.adoc +43 -0
  463. package/lib/openzeppelin-contracts/contracts/finance/README.adoc +14 -0
  464. package/lib/openzeppelin-contracts/contracts/governance/README.adoc +167 -0
  465. package/lib/openzeppelin-contracts/contracts/interfaces/README.adoc +82 -0
  466. package/lib/openzeppelin-contracts/contracts/metatx/README.adoc +12 -0
  467. package/lib/openzeppelin-contracts/contracts/package.json +32 -0
  468. package/lib/openzeppelin-contracts/contracts/proxy/README.adoc +87 -0
  469. package/lib/openzeppelin-contracts/contracts/token/ERC1155/README.adoc +41 -0
  470. package/lib/openzeppelin-contracts/contracts/token/ERC20/README.adoc +67 -0
  471. package/lib/openzeppelin-contracts/contracts/token/ERC721/README.adoc +67 -0
  472. package/lib/openzeppelin-contracts/contracts/token/common/README.adoc +10 -0
  473. package/lib/openzeppelin-contracts/contracts/utils/README.adoc +88 -0
  474. package/lib/openzeppelin-contracts/contracts/vendor/compound/LICENSE +11 -0
  475. package/lib/openzeppelin-contracts/docs/README.md +16 -0
  476. package/lib/openzeppelin-contracts/docs/antora.yml +7 -0
  477. package/lib/openzeppelin-contracts/docs/config.js +21 -0
  478. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3a.png +0 -0
  479. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3b.png +0 -0
  480. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-6.png +0 -0
  481. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack.png +0 -0
  482. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-deposit.png +0 -0
  483. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-mint.png +0 -0
  484. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-linear.png +0 -0
  485. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglog.png +0 -0
  486. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglogext.png +0 -0
  487. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-exec.png +0 -0
  488. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-vote.png +0 -0
  489. package/lib/openzeppelin-contracts/docs/modules/ROOT/nav.adoc +23 -0
  490. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/access-control.adoc +204 -0
  491. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/backwards-compatibility.adoc +48 -0
  492. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/crowdsales.adoc +11 -0
  493. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/drafts.adoc +19 -0
  494. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc1155.adoc +145 -0
  495. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20-supply.adoc +71 -0
  496. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20.adoc +77 -0
  497. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc4626.adoc +214 -0
  498. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc721.adoc +79 -0
  499. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/extending-contracts.adoc +77 -0
  500. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/faq.adoc +13 -0
  501. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/governance.adoc +240 -0
  502. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/index.adoc +79 -0
  503. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/tokens.adoc +31 -0
  504. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/upgradeable.adoc +77 -0
  505. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/utilities.adoc +185 -0
  506. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/wizard.adoc +15 -0
  507. package/lib/openzeppelin-contracts/docs/templates/contract.hbs +111 -0
  508. package/lib/openzeppelin-contracts/docs/templates/helpers.js +46 -0
  509. package/lib/openzeppelin-contracts/docs/templates/page.hbs +4 -0
  510. package/lib/openzeppelin-contracts/docs/templates/properties.js +64 -0
  511. package/lib/openzeppelin-contracts/hardhat/env-artifacts.js +24 -0
  512. package/lib/openzeppelin-contracts/hardhat/env-contract.js +25 -0
  513. package/lib/openzeppelin-contracts/hardhat/ignore-unreachable-warnings.js +45 -0
  514. package/lib/openzeppelin-contracts/hardhat/skip-foundry-tests.js +6 -0
  515. package/lib/openzeppelin-contracts/hardhat/task-test-get-files.js +25 -0
  516. package/lib/openzeppelin-contracts/hardhat.config.js +131 -0
  517. package/lib/openzeppelin-contracts/lib/erc4626-tests/LICENSE +661 -0
  518. package/lib/openzeppelin-contracts/lib/erc4626-tests/README.md +116 -0
  519. package/lib/openzeppelin-contracts/lib/forge-std/.github/workflows/ci.yml +92 -0
  520. package/lib/openzeppelin-contracts/lib/forge-std/.gitmodules +3 -0
  521. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-APACHE +203 -0
  522. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-MIT +25 -0
  523. package/lib/openzeppelin-contracts/lib/forge-std/README.md +250 -0
  524. package/lib/openzeppelin-contracts/lib/forge-std/package.json +16 -0
  525. package/lib/openzeppelin-contracts/logo.svg +15 -0
  526. package/lib/openzeppelin-contracts/netlify.toml +3 -0
  527. package/lib/openzeppelin-contracts/package-lock.json +16544 -0
  528. package/lib/openzeppelin-contracts/package.json +96 -0
  529. package/lib/openzeppelin-contracts/remappings.txt +1 -0
  530. package/lib/openzeppelin-contracts/renovate.json +4 -0
  531. package/lib/openzeppelin-contracts/requirements.txt +1 -0
  532. package/lib/openzeppelin-contracts/scripts/checks/compare-layout.js +20 -0
  533. package/lib/openzeppelin-contracts/scripts/checks/compareGasReports.js +243 -0
  534. package/lib/openzeppelin-contracts/scripts/checks/extract-layout.js +38 -0
  535. package/lib/openzeppelin-contracts/scripts/checks/generation.sh +6 -0
  536. package/lib/openzeppelin-contracts/scripts/checks/inheritance-ordering.js +54 -0
  537. package/lib/openzeppelin-contracts/scripts/gen-nav.js +41 -0
  538. package/lib/openzeppelin-contracts/scripts/generate/format-lines.js +16 -0
  539. package/lib/openzeppelin-contracts/scripts/generate/run.js +49 -0
  540. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.js +247 -0
  541. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.opts.js +17 -0
  542. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.t.js +146 -0
  543. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableMap.js +283 -0
  544. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableSet.js +250 -0
  545. package/lib/openzeppelin-contracts/scripts/generate/templates/SafeCast.js +126 -0
  546. package/lib/openzeppelin-contracts/scripts/generate/templates/StorageSlot.js +78 -0
  547. package/lib/openzeppelin-contracts/scripts/generate/templates/conversion.js +30 -0
  548. package/lib/openzeppelin-contracts/scripts/git-user-config.sh +6 -0
  549. package/lib/openzeppelin-contracts/scripts/helpers.js +37 -0
  550. package/lib/openzeppelin-contracts/scripts/prepack.sh +23 -0
  551. package/lib/openzeppelin-contracts/scripts/prepare-docs.sh +26 -0
  552. package/lib/openzeppelin-contracts/scripts/release/format-changelog.js +33 -0
  553. package/lib/openzeppelin-contracts/scripts/release/synchronize-versions.js +15 -0
  554. package/lib/openzeppelin-contracts/scripts/release/update-comment.js +34 -0
  555. package/lib/openzeppelin-contracts/scripts/release/version.sh +11 -0
  556. package/lib/openzeppelin-contracts/scripts/release/workflow/exit-prerelease.sh +8 -0
  557. package/lib/openzeppelin-contracts/scripts/release/workflow/github-release.js +48 -0
  558. package/lib/openzeppelin-contracts/scripts/release/workflow/integrity-check.sh +20 -0
  559. package/lib/openzeppelin-contracts/scripts/release/workflow/pack.sh +26 -0
  560. package/lib/openzeppelin-contracts/scripts/release/workflow/publish.sh +26 -0
  561. package/lib/openzeppelin-contracts/scripts/release/workflow/rerun.js +7 -0
  562. package/lib/openzeppelin-contracts/scripts/release/workflow/set-changesets-pr-title.js +17 -0
  563. package/lib/openzeppelin-contracts/scripts/release/workflow/start.sh +35 -0
  564. package/lib/openzeppelin-contracts/scripts/release/workflow/state.js +112 -0
  565. package/lib/openzeppelin-contracts/scripts/remove-ignored-artifacts.js +45 -0
  566. package/lib/openzeppelin-contracts/scripts/solhint-custom/index.js +84 -0
  567. package/lib/openzeppelin-contracts/scripts/solhint-custom/package.json +5 -0
  568. package/lib/openzeppelin-contracts/scripts/update-docs-branch.js +65 -0
  569. package/lib/openzeppelin-contracts/scripts/upgradeable/README.md +21 -0
  570. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-apply.sh +19 -0
  571. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-save.sh +18 -0
  572. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile-onto.sh +54 -0
  573. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile.sh +47 -0
  574. package/lib/openzeppelin-contracts/scripts/upgradeable/upgradeable.patch +360 -0
  575. package/lib/openzeppelin-contracts/slither.config.json +5 -0
  576. package/lib/openzeppelin-contracts/solhint.config.js +20 -0
  577. package/mythril-lft-output.txt +1 -0
  578. package/mythril-lft-symbolic.txt +18 -0
  579. package/mythril-lft.sh +20 -0
  580. package/mythril-symbolic-output.txt +1 -0
  581. package/mythril-symbolic.sh +42 -0
  582. package/out/build-info/0026b78428192979.json +1 -0
  583. package/out/build-info/03c4fc3b88486eba.json +1 -0
  584. package/out/build-info/0540afa9b9a5c5a6.json +1 -0
  585. package/out/build-info/081932f505bc08b9.json +1 -0
  586. package/out/build-info/0da104ba0d6642d5.json +1 -0
  587. package/out/build-info/197281971dbb5f23.json +1 -0
  588. package/out/build-info/197e7e332832a232.json +1 -0
  589. package/out/build-info/1a1cab9136eb5f94.json +1 -0
  590. package/out/build-info/1b320204eb162aa2.json +1 -0
  591. package/out/build-info/1e03f94398052674.json +1 -0
  592. package/out/build-info/22ac085949602937.json +1 -0
  593. package/out/build-info/234ef37453a9fa64.json +1 -0
  594. package/out/build-info/2447db7b1878fa8e.json +1 -0
  595. package/out/build-info/25568daeb484f5ff.json +1 -0
  596. package/out/build-info/27465853244c49ce.json +1 -0
  597. package/out/build-info/2c57a9e0f087453b.json +1 -0
  598. package/out/build-info/3c62ae7de8da68c4.json +1 -0
  599. package/out/build-info/3e771ae109e97bb3.json +1 -0
  600. package/out/build-info/460499bc0a3465c4.json +1 -0
  601. package/out/build-info/47ce37e50a4f115e.json +1 -0
  602. package/out/build-info/4fcce5c63cf427d6.json +1 -0
  603. package/out/build-info/4fd0a53fe63fddbb.json +1 -0
  604. package/out/build-info/50f1247db9d769cc.json +1 -0
  605. package/out/build-info/5317d0181a7a5e02.json +1 -0
  606. package/out/build-info/594df509275ceb5b.json +1 -0
  607. package/out/build-info/61983ac3f6141719.json +1 -0
  608. package/out/build-info/638c4548307122fe.json +1 -0
  609. package/out/build-info/67c2c43bdb7c0ded.json +1 -0
  610. package/out/build-info/777f42643aad37b7.json +1 -0
  611. package/out/build-info/7d7856f19e845354.json +1 -0
  612. package/out/build-info/83976260b6f71e94.json +1 -0
  613. package/out/build-info/83c23882000b963d.json +1 -0
  614. package/out/build-info/84b2cce8f70b36be.json +1 -0
  615. package/out/build-info/8bc13d31d7c3206a.json +1 -0
  616. package/out/build-info/8e183bd4d9d8cf88.json +1 -0
  617. package/out/build-info/94bfe1e7cafa8ff5.json +1 -0
  618. package/out/build-info/99ec7d5e8d8ff360.json +1 -0
  619. package/out/build-info/9ac044b29daa7d5e.json +1 -0
  620. package/out/build-info/9b203227ff5d2e63.json +1 -0
  621. package/out/build-info/9d18c5872c4282dd.json +1 -0
  622. package/out/build-info/9f77f04f33baf9a3.json +1 -0
  623. package/out/build-info/a6e1caf974787982.json +1 -0
  624. package/out/build-info/a94b6348867a62d6.json +1 -0
  625. package/out/build-info/ad93721947a8b195.json +1 -0
  626. package/out/build-info/b42daddb5aa4b19f.json +1 -0
  627. package/out/build-info/bf13512ae899f7e8.json +1 -0
  628. package/out/build-info/c39f86c20a548c4a.json +1 -0
  629. package/out/build-info/cb12bb975a2f4e65.json +1 -0
  630. package/out/build-info/d0c6788fadc2aa60.json +1 -0
  631. package/out/build-info/d2726bf94ed5b845.json +1 -0
  632. package/out/build-info/d4eb00da50cce5cb.json +1 -0
  633. package/out/build-info/db931924a3bc8bdd.json +1 -0
  634. package/out/build-info/e1a503d49bc77401.json +1 -0
  635. package/out/build-info/efe5396f8892ce77.json +1 -0
  636. package/out/build-info/f536d90ced745969.json +1 -0
  637. package/out/build-info/fed38823c7019b82.json +1 -0
  638. package/package.json +51 -0
  639. package/page.html +5384 -0
  640. package/pancakeswap-simple-tvl.sql +15 -0
  641. package/pancakeswap-top-pools.sql +29 -0
  642. package/pancakeswap-tvl-optimized.sql +57 -0
  643. package/pancakeswap-tvl-query.sql +60 -0
  644. package/pancakeswap-underflow-hunting.sql +51 -0
  645. package/pancakeswap-vulnerability-queries.sql +200 -0
  646. package/posi_page.html +6369 -0
  647. package/posi_response.json +29 -0
  648. package/proxy_page.html +500 -0
  649. package/run_mythril_elephant.sh +18 -0
  650. package/sHEGIC-bytecode.bin +6 -0
  651. package/sHEGIC-mythril-analysis.txt +1 -0
  652. package/sHEGIC-mythril-full.txt +134 -0
  653. package/sHEGIC_ANALYSIS.md +135 -0
  654. package/sHEGIC_EXPLOIT_ANALYSIS.md +317 -0
  655. package/sHEGIC_MYTHRIL_ANALYSIS.md +361 -0
  656. package/scrape-snowcrash.js +28 -0
  657. package/scripts/yooshi_drain.sh +154 -0
  658. package/shi_raw.json +1 -0
  659. package/temp.json +1 -0
  660. package/temp_harvest.json +1 -0
  661. package/temp_pika.json +1 -0
  662. package/temp_posi.json +1 -0
  663. package/temp_response.json +1 -0
  664. package/test-lft-hidden-balance.js +108 -0
  665. package/test-xfi-exploit.js +140 -0
  666. package/trunk-liquidity-rescue.js +164 -0
  667. package/vBABY_page.html +6153 -0
  668. package/vBABY_response.json +29 -0
  669. package/wsg_response.json +1 -0
  670. package/yooldo_page.html +10371 -0
package/ELEPHANT_SECURITY_ANALYSIS.md ADDED
@@ -0,0 +1,209 @@
1
+ # ELEPHANT MONEY ECOSYSTEM - COMPREHENSIVE SECURITY ANALYSIS
2
+
3
+ ## Executive Summary
4
+
5
+ Analyzed the complete Elephant Money ecosystem including:
6
+ - Main ELEPHANT token (0xE283D0e3B8c102BAdF5E8166B73E02D96d92F688)
7
+ - Graveyard contract (0xF7cC784BD260eafC1193D337fFcEA4D6ddA0dd71)
8
+ - Wrapped ELEPHANT (0x241F21dF529C05289A00dAfeCEa10139A287cDCa)
9
+ - Liquidity Drive (0xF9d64317d4cdA0a6B4Ef41a32E301eA64f8B5Cb3)
10
+
11
+ **VERDICT: SAFE but ABANDONED**
12
+
13
+ The graveyard rebalance mechanism is currently NOT exploitable because:
14
+ 1. Graveyard holds exactly 50% of supply (below 51% threshold)
15
+ 2. Rebalance has not been triggered in 499 days
16
+ 3. System appears abandoned by team
17
+
18
+ ## Detailed Findings
19
+
20
+ ### 1. Graveyard Rebalance Mechanism
21
+
22
+ **Current State:**
23
+ - Graveyard Balance: 503,106,463,923,854,082,323,291 tokens
24
+ - Total Supply: 1,000,000,000,000,000,000,000,000 tokens
25
+ - Percentage: 50.31% (BELOW 51% threshold)
26
+ - Rebalance Ready: FALSE
27
+ - Last Rebalance: 499 days ago (Block 43,955,158)
28
+
29
+ **Mechanism:**
30
+ ```solidity
31
+ function rebalance() external {
32
+ uint256 upperbound = token.totalSupply().mul(upperboundPercentage).div(100); // 51%
33
+ uint256 target = token.totalSupply().mul(50).div(100); // 50%
34
+ uint256 balance = token.balanceOf(address(this));
35
+
36
+ if (balance > upperbound){
37
+ uint256 airdrop = balance.sub(target);
38
+ token.transfer(address(token), airdrop); // Send to main contract
39
+ lastRebalance = block.timestamp;
40
+ emit Rebalance(airdrop);
41
+ }
42
+ }
43
+ ```
44
+
45
+ **Potential Exploit (IF graveyard exceeds 51%):**
46
+
47
+ 1. **Front-Running Attack:**
48
+ - Attacker monitors mempool for rebalance transactions
49
+ - Buys ELEPHANT before rebalance
50
+ - Rebalance adds liquidity → price increases
51
+ - Attacker sells for profit
52
+
53
+ 2. **Sandwich Attack:**
54
+ - Front-run: Buy ELEPHANT
55
+ - Rebalance: Adds liquidity (price impact)
56
+ - Back-run: Sell ELEPHANT
57
+ - Profit from price manipulation
58
+
59
+ 3. **No Access Control:**
60
+ - Anyone can call `rebalance()` when ready
61
+ - Attacker can choose optimal timing
62
+ - Can coordinate with other market manipulation
63
+
64
+ **Price Impact Calculation:**
65
+ - Current ELEPHANT/WBNB Pool: 296T ELEPHANT / 19,703 WBNB
66
+ - If graveyard rebalances 1% of supply (10T tokens):
67
+ - Price impact: ~3.4%
68
+ - Significant arbitrage opportunity
69
+
70
+ ### 2. Liquidity Pool Analysis
71
+
72
+ **ELEPHANT/WBNB Pair (0x1CEa83EC5E48D9157fCAe27a19807BeF79195Ce1):**
73
+ - ELEPHANT Reserve: 296,091,002,270,185,691,875,277
74
+ - WBNB Reserve: 19,703,470,865,582,081,508,115
75
+ - Price: ~0.0000665 WBNB per ELEPHANT
76
+
77
+ **Vulnerability:**
78
+ When rebalance triggers, tokens are sent to main contract which calls `swapAndLiquify`:
79
+ ```solidity
80
+ function swapAndLiquify(uint256 contractTokenBalance) private lockTheSwap {
81
+ uint256 half = contractTokenBalance.div(2);
82
+ uint256 otherHalf = contractTokenBalance.sub(half);
83
+
84
+ swapTokensForEth(half); // Sells ELEPHANT for BNB
85
+ addLiquidity(otherHalf, newBalance); // Adds liquidity
86
+ }
87
+ ```
88
+
89
+ This creates:
90
+ 1. Immediate sell pressure (half of airdrop)
91
+ 2. Then liquidity addition (other half)
92
+ 3. Net effect: Price manipulation opportunity
93
+
94
+ ### 3. Wrapped ELEPHANT Analysis
95
+
96
+ **Contract:** 0x241F21dF529C05289A00dAfeCEa10139A287cDCa
97
+ - Total Supply: 162,649,463,758,900,864 (0.016% of ELEPHANT supply)
98
+ - Created: 250 days ago
99
+ - Activity: 3,354 transactions
100
+
101
+ **Status:** Standard ERC20 wrapper, no vulnerabilities found
102
+
103
+ ### 4. Liquidity Drive Analysis
104
+
105
+ **Contract:** 0xF9d64317d4cdA0a6B4Ef41a32E301eA64f8B5Cb3
106
+ - Ended On: 1,620,774,862 (May 2021)
107
+ - Total ETH Donated: 5,319,297,654,678,195,995,363
108
+ - Status: INACTIVE (last activity 502 days ago)
109
+
110
+ **Multiple Failed Transactions:**
111
+ - Several "execution reverted" errors in transaction history
112
+ - Indicates potential issues with claim mechanism
113
+ - No longer actively used
114
+
115
+ ## Testing Results
116
+
117
+ ### Forge Tests (3/3 Passed)
118
+
119
+ 1. **testGraveyardRebalanceManipulation** ✅
120
+ - Verified graveyard at 50% (below threshold)
121
+ - Rebalance not currently ready
122
+ - No immediate exploit possible
123
+
124
+ 2. **testRebalanceSandwichAttack** ✅
125
+ - Confirmed graveyard below 51%
126
+ - Sandwich attack not currently viable
127
+ - Would be exploitable if threshold exceeded
128
+
129
+ 3. **testRebalanceAccessControl** ✅
130
+ - Rebalance not ready for testing
131
+ - Function has no access control (anyone can call)
132
+ - This is by design but enables front-running
133
+
134
+ ### Slither Analysis
135
+
136
+ Unable to run (contracts embedded in main deployment)
137
+
138
+ ### Mythril Analysis
139
+
140
+ Unable to complete (timeout on large contract)
141
+
142
+ ### Echidna Fuzzing
143
+
144
+ Created invariant tests:
145
+ - `echidna_graveyard_never_exceeds_upperbound`: Graveyard should stay ≤50% after rebalance
146
+ - `echidna_no_consecutive_rebalances`: Cannot rebalance twice in succession
147
+ - `echidna_reasonable_transfer_amount`: Transfer amount ≤10% of supply
148
+
149
+ ## Comparison with BlockSec Attack Patterns
150
+
151
+ ### Pattern Match: Price Manipulation via Liquidity Changes
152
+
153
+ **Similar to:** Deflationary token exploits where burns affect liquidity
154
+
155
+ **ELEPHANT Specific:**
156
+ - Graveyard rebalance sends tokens to main contract
157
+ - Main contract calls `swapAndLiquify`
158
+ - This adds liquidity but creates price impact
159
+ - Attackers can front-run for profit
160
+
161
+ **Mitigation (Not Implemented):**
162
+ - Time-lock on rebalances
163
+ - Slippage protection
164
+ - Access control on rebalance timing
165
+ - TWAP oracle for price protection
166
+
167
+ ## Risk Assessment
168
+
169
+ ### Current Risk: LOW
170
+ - Graveyard at 50% (below threshold)
171
+ - System appears abandoned
172
+ - No recent rebalance activity
173
+
174
+ ### Potential Risk (If Active): MEDIUM-HIGH
175
+ - No access control on rebalance
176
+ - Significant price impact possible
177
+ - Front-running/sandwich attacks viable
178
+ - No slippage protection
179
+
180
+ ## Recommendations
181
+
182
+ 1. **If Project Resumes:**
183
+ - Add time-lock to rebalance function
184
+ - Implement access control or governance
185
+ - Add slippage protection to swapAndLiquify
186
+ - Use TWAP oracle for price checks
187
+
188
+ 2. **For Users:**
189
+ - Be aware of 10% transaction fees
190
+ - Graveyard mechanism is inactive
191
+ - Project appears abandoned
192
+ - Liquidity is locked but ecosystem is dead
193
+
194
+ 3. **For Auditors:**
195
+ - Monitor graveyard balance percentage
196
+ - Watch for any rebalance transactions
197
+ - Check if team becomes active again
198
+
199
+ ## Conclusion
200
+
201
+ The ELEPHANT Money ecosystem has a theoretically exploitable graveyard rebalance mechanism, but it is currently NOT exploitable because:
202
+
203
+ 1. Graveyard holds 50.31% (below 51% threshold)
204
+ 2. Last rebalance was 499 days ago
205
+ 3. Project appears abandoned
206
+
207
+ If the graveyard ever exceeds 51%, the rebalance function could be exploited via front-running or sandwich attacks due to lack of access control and slippage protection. However, given the project's inactive state, this is unlikely to occur.
208
+
209
+ **Final Verdict: SAFE (but only because it's abandoned)**
package/ELEPHANT_VULNERABILITIES_EXPLAINED.md ADDED
@@ -0,0 +1,455 @@
1
+ # ELEPHANT MONEY VULNERABILITIES - EXPLAINED IN SIMPLE TERMS
2
+
3
+ ## Understanding Security Severity Levels
4
+
5
+ **CRITICAL** = Can steal all funds or destroy the protocol immediately
6
+ **HIGH** = Can steal significant funds or cause major damage
7
+ **MEDIUM** = Can cause problems but with limitations
8
+ **LOW** = Minor issues or best practice violations
9
+
10
+ ---
11
+
12
+ ## THE 5 CRITICAL ISSUES EXPLAINED
13
+
14
+ ### 1. PROJECT ABANDONMENT 🚨
15
+ **What it means:** The team has disappeared and stopped maintaining the project.
16
+
17
+ **Evidence:**
18
+ - Last activity: 500+ days ago (over 1 year!)
19
+ - Graveyard hasn't rebalanced in 499 days
20
+ - LiquidityDrive ended in May 2021 (5 years ago)
21
+ - Multiple failed transactions
22
+ - No new contracts deployed
23
+
24
+ **Why it's critical:**
25
+ - No one is fixing bugs
26
+ - No one is responding to issues
27
+ - Your funds could be stuck forever
28
+ - If something breaks, it stays broken
29
+
30
+ **Real-world analogy:** It's like a bank where all the employees left but your money is still inside. The doors are locked and no one is coming back.
31
+
32
+ ---
33
+
34
+ ### 2. TRUNK UNLIMITED MINTING 💸
35
+ **What it means:** Certain addresses can create unlimited TRUNK tokens out of thin air.
36
+
37
+ **The code:**
38
+ ```solidity
39
+ function mint(address _to, uint256 _amount) public override returns (bool) {
40
+ require(_amount > 0 && totalSupply_.add(_amount) <= targetSupply);
41
+ super.mint(_to, _amount);
42
+ // targetSupply = 2^256 - 1 (basically unlimited)
43
+ }
44
+ ```
45
+
46
+ **The problem:**
47
+ - Whitelisted addresses can mint up to 2^256 - 1 tokens
48
+ - That's 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,935 tokens
49
+ - No daily limits
50
+ - No checks if there's actual collateral backing
51
+
52
+ **Why it's critical:**
53
+ - One compromised whitelist address = infinite money printing
54
+ - Hyperinflation destroys token value
55
+ - Your TRUNK becomes worthless
56
+
57
+ **Real-world analogy:** Imagine if certain people had a money printer with no limits. They could print trillions of dollars, making your dollars worthless.
58
+
59
+ **Example attack:**
60
+ 1. Hacker compromises whitelist address
61
+ 2. Mints 1 trillion TRUNK tokens
62
+ 3. Dumps them on market
63
+ 4. TRUNK price crashes to $0
64
+ 5. Everyone loses money
65
+
66
+ ---
67
+
68
+ ### 3. NO COLLATERAL VERIFICATION 🏦
69
+ **What it means:** TRUNK claims to be backed by real assets, but there's no proof on the blockchain.
70
+
71
+ **The claim:**
72
+ - "TRUNK is 75% backed by BUSD and 25% backed by ELEPHANT"
73
+ - Should mean: For every 1 TRUNK, there's $0.75 BUSD + $0.25 ELEPHANT in reserve
74
+
75
+ **The problem:**
76
+ ```solidity
77
+ function mint(address _to, uint256 _amount) public override returns (bool) {
78
+ // NO CHECK: Does treasury have enough BUSD?
79
+ // NO CHECK: Does treasury have enough ELEPHANT?
80
+ // NO CHECK: Is collateral ratio maintained?
81
+ super.mint(_to, _amount);
82
+ }
83
+ ```
84
+
85
+ **Why it's critical:**
86
+ - You're trusting the team's word
87
+ - No way to verify reserves exist
88
+ - Could be 0% backed for all you know
89
+ - If backing doesn't exist, TRUNK is worthless
90
+
91
+ **Real-world analogy:** A bank says "we have $1 million in the vault" but won't let anyone check. You just have to trust them.
92
+
93
+ **What should exist:**
94
+ ```solidity
95
+ function mint(address _to, uint256 _amount) public override returns (bool) {
96
+ uint256 busdNeeded = _amount * 75 / 100;
97
+ uint256 elephantNeeded = _amount * 25 / 100;
98
+
99
+ require(busdTreasury.balance() >= busdNeeded, "Insufficient BUSD");
100
+ require(elephantTreasury.balance() >= elephantNeeded, "Insufficient ELEPHANT");
101
+
102
+ super.mint(_to, _amount);
103
+ }
104
+ ```
105
+
106
+ ---
107
+
108
+ ### 4. GRAVEYARD FRONT-RUNNING 🏃‍♂️
109
+ **What it means:** When the graveyard rebalances, attackers can profit by front-running the transaction.
110
+
111
+ **The mechanism:**
112
+ ```solidity
113
+ function rebalance() external {
114
+ // ANYONE can call this - no access control!
115
+ uint256 upperbound = token.totalSupply().mul(51).div(100);
116
+ uint256 balance = token.balanceOf(address(this));
117
+
118
+ if (balance > upperbound) {
119
+ uint256 airdrop = balance.sub(target);
120
+ token.transfer(address(token), airdrop); // Adds liquidity
121
+ // NO SLIPPAGE PROTECTION
122
+ // NO TIME DELAY
123
+ }
124
+ }
125
+ ```
126
+
127
+ **The attack:**
128
+ 1. Attacker monitors blockchain for rebalance transaction
129
+ 2. Sees rebalance will add 10 trillion ELEPHANT to liquidity
130
+ 3. Buys ELEPHANT before rebalance executes
131
+ 4. Rebalance adds liquidity → price increases
132
+ 5. Attacker sells for profit
133
+ 6. Regular users lose money
134
+
135
+ **Why it's critical (when active):**
136
+ - Anyone can trigger rebalance
137
+ - No protection against manipulation
138
+ - Attackers profit, users lose
139
+ - Currently safe because graveyard is at 50.31% (below 51% trigger)
140
+
141
+ **Real-world analogy:** You know a store will receive a huge shipment tomorrow that will increase prices. You buy everything today and sell it back tomorrow at higher prices.
142
+
143
+ ---
144
+
145
+ ### 5. TREASURY CENTRALIZATION 🔐
146
+ **What it means:** One person (the owner) controls all the money in the treasury with no limits.
147
+
148
+ **The code:**
149
+ ```solidity
150
+ function withdraw(uint256 _amount) public onlyWhitelisted {
151
+ require(token.transfer(_msgSender(), _amount));
152
+ // NO LIMIT on amount
153
+ // NO TIMELOCK
154
+ // NO MULTI-SIG
155
+ }
156
+ ```
157
+
158
+ **The problem:**
159
+ - Owner controls who can withdraw (whitelist)
160
+ - Whitelisted addresses can withdraw ANY amount
161
+ - No waiting period
162
+ - No multi-signature requirement
163
+ - No community oversight
164
+
165
+ **Why it's critical:**
166
+ - Owner can add themselves to whitelist
167
+ - Withdraw all funds instantly
168
+ - Classic "rug pull" setup
169
+ - No way to stop it
170
+
171
+ **Real-world analogy:** A company where the CEO can empty the entire bank account with one click, no board approval needed.
172
+
173
+ **Example attack:**
174
+ 1. Owner adds their address to whitelist
175
+ 2. Calls `withdraw(entire_treasury_balance)`
176
+ 3. Funds gone in one transaction
177
+ 4. Users can't do anything
178
+
179
+ ---
180
+
181
+ ## THE 8 HIGH SEVERITY ISSUES EXPLAINED
182
+
183
+ ### 1. OWNER LOCK/UNLOCK VULNERABILITY 🔓
184
+ **What it means:** The ownership transfer mechanism has bugs.
185
+
186
+ **The code:**
187
+ ```solidity
188
+ function lock(uint256 time) public virtual onlyOwner {
189
+ _previousOwner = _owner;
190
+ _owner = address(0);
191
+ _lockTime = now + time; // "now" is deprecated!
192
+ }
193
+
194
+ function unlock() public virtual {
195
+ require(_previousOwner == msg.sender);
196
+ require(now > _lockTime);
197
+ _owner = _previousOwner;
198
+ }
199
+ ```
200
+
201
+ **Problems:**
202
+ - Uses `now` instead of `block.timestamp` (deprecated in Solidity)
203
+ - Previous owner can unlock even if not current owner
204
+ - Confusing ownership state
205
+ - Could lock contract permanently
206
+
207
+ **Why it's high severity:**
208
+ - Could lose control of contract
209
+ - Ownership could be stuck
210
+ - Unclear who actually owns the contract
211
+
212
+ ---
213
+
214
+ ### 2. NO COLLATERAL VERIFICATION (Duplicate emphasis)
215
+ Already explained above in Critical #3.
216
+
217
+ ---
218
+
219
+ ### 3. WHITELIST WITHDRAWAL CONTROL 💰
220
+ **What it means:** Only whitelisted addresses can withdraw from treasury.
221
+
222
+ **The problem:**
223
+ - Owner decides who can withdraw
224
+ - No transparency
225
+ - No limits per address
226
+ - No community input
227
+
228
+ **Why it's high severity:**
229
+ - Centralized control
230
+ - Owner could add malicious addresses
231
+ - No accountability
232
+
233
+ ---
234
+
235
+ ### 4. CENTRALIZED WHITELIST CONTROL 👑
236
+ **What it means:** Owner has complete control over who can mint tokens.
237
+
238
+ **The code:**
239
+ ```solidity
240
+ function addAddressToWhitelist(address addr) onlyOwner public returns(bool success) {
241
+ whitelist[addr] = true;
242
+ }
243
+ ```
244
+
245
+ **Problems:**
246
+ - Owner can add anyone
247
+ - No timelock
248
+ - No multi-sig
249
+ - No transparency
250
+
251
+ **Why it's high severity:**
252
+ - Owner could add themselves
253
+ - Owner could add hacker
254
+ - No way to stop it
255
+
256
+ ---
257
+
258
+ ### 5. NO REDEMPTION MECHANISM 🔄
259
+ **What it means:** You can't exchange TRUNK back for the underlying collateral.
260
+
261
+ **What should exist:**
262
+ ```solidity
263
+ function redeem(uint256 trunkAmount) public {
264
+ uint256 busdAmount = trunkAmount * 75 / 100;
265
+ uint256 elephantAmount = trunkAmount * 25 / 100;
266
+
267
+ burn(msg.sender, trunkAmount);
268
+ busdTreasury.transfer(msg.sender, busdAmount);
269
+ elephantTreasury.transfer(msg.sender, elephantAmount);
270
+ }
271
+ ```
272
+
273
+ **What actually exists:**
274
+ - Nothing! No redemption function at all.
275
+
276
+ **Why it's high severity:**
277
+ - Can't get your collateral back
278
+ - TRUNK could trade below backing value
279
+ - No arbitrage mechanism to maintain peg
280
+ - You're stuck with TRUNK
281
+
282
+ **Real-world analogy:** A bank that takes your deposits but won't let you withdraw. You can only trade your "bank receipt" with other people.
283
+
284
+ ---
285
+
286
+ ### 6. GRAVEYARD NO ACCESS CONTROL 🚪
287
+ **What it means:** Anyone can trigger the rebalance function.
288
+
289
+ **Why it's high severity:**
290
+ - Attacker chooses timing
291
+ - Can coordinate with market manipulation
292
+ - Can front-run their own transaction
293
+ - No governance or oversight
294
+
295
+ ---
296
+
297
+ ### 7. NO SLIPPAGE PROTECTION 📉
298
+ **What it means:** When rebalance happens, there's no protection against price manipulation.
299
+
300
+ **The problem:**
301
+ ```solidity
302
+ function swapAndLiquify(uint256 contractTokenBalance) private {
303
+ uint256 half = contractTokenBalance.div(2);
304
+ swapTokensForEth(half); // NO SLIPPAGE CHECK!
305
+ addLiquidity(otherHalf, newBalance); // NO MINIMUM OUTPUT!
306
+ }
307
+ ```
308
+
309
+ **Why it's high severity:**
310
+ - Large swaps can move price significantly
311
+ - No minimum output amount
312
+ - Sandwich attacks possible
313
+ - MEV bots can extract value
314
+
315
+ **Real-world analogy:** Selling a house without a minimum price. Someone could buy it for $1 if they time it right.
316
+
317
+ ---
318
+
319
+ ### 8. OUTDATED SOLIDITY VERSION 🗓️
320
+ **What it means:** Using old Solidity 0.6.12 from 2020.
321
+
322
+ **Problems:**
323
+ - Missing built-in overflow protection (0.8.x has this)
324
+ - Known compiler bugs
325
+ - Missing modern security features
326
+ - No custom errors (gas optimization)
327
+
328
+ **Why it's high severity:**
329
+ - More vulnerable to bugs
330
+ - Harder to audit
331
+ - Missing safety features
332
+ - Industry standard is 0.8.x
333
+
334
+ **Example of missing protection:**
335
+ ```solidity
336
+ // Solidity 0.6.x - Can overflow!
337
+ uint256 a = 2**256 - 1;
338
+ uint256 b = a + 1; // Wraps to 0!
339
+
340
+ // Solidity 0.8.x - Automatically reverts!
341
+ uint256 a = 2**256 - 1;
342
+ uint256 b = a + 1; // Transaction fails, funds safe
343
+ ```
344
+
345
+ ---
346
+
347
+ ## VISUAL SUMMARY OF RISKS
348
+
349
+ ### Critical Issues (Can Destroy Protocol):
350
+ ```
351
+ 1. Project Abandoned → No one maintaining
352
+ 2. Unlimited Minting → Infinite inflation
353
+ 3. No Collateral Proof → Could be unbacked
354
+ 4. Front-Running Risk → Attackers profit
355
+ 5. Treasury Centralization → Rug pull possible
356
+ ```
357
+
358
+ ### High Issues (Can Cause Major Damage):
359
+ ```
360
+ 1. Lock/Unlock Bugs → Ownership issues
361
+ 2. Whitelist Control → Centralized power
362
+ 3. No Redemption → Can't get collateral back
363
+ 4. No Access Control → Anyone can trigger
364
+ 5. No Slippage Protection → Price manipulation
365
+ 6. Outdated Solidity → Missing safety features
366
+ 7. Withdrawal Control → Centralized
367
+ 8. No Rate Limiting → Abuse possible
368
+ ```
369
+
370
+ ---
371
+
372
+ ## WHAT THIS MEANS FOR USERS
373
+
374
+ ### If you hold ELEPHANT:
375
+ - ⚠️ Project appears abandoned
376
+ - 📉 Graveyard mechanism inactive
377
+ - 🚫 Consider exiting position
378
+ - 💰 High transaction fees (10%)
379
+
380
+ ### If you hold TRUNK:
381
+ - 🚨 No proof of collateral backing
382
+ - 💸 Unlimited minting possible
383
+ - 🔒 Can't redeem for underlying assets
384
+ - ⚠️ High risk of depeg
385
+
386
+ ### If you're in liquidity pools:
387
+ - 📊 Low volume due to abandonment
388
+ - 🏃‍♂️ Front-running risk if rebalance activates
389
+ - 💧 Impermanent loss risk
390
+ - 🚫 Consider withdrawing
391
+
392
+ ---
393
+
394
+ ## COMPARISON: GOOD vs BAD PRACTICES
395
+
396
+ ### ❌ ELEPHANT (Current State)
397
+ ```
398
+ - Single owner control
399
+ - No multi-sig
400
+ - No timelock
401
+ - No collateral verification
402
+ - No redemption mechanism
403
+ - Outdated Solidity
404
+ - No governance
405
+ - Project abandoned
406
+ ```
407
+
408
+ ### ✅ INDUSTRY STANDARD (What it should be)
409
+ ```
410
+ - Multi-sig (3-of-5 or 5-of-9)
411
+ - 48-hour timelock
412
+ - On-chain collateral proofs
413
+ - Redemption mechanism
414
+ - Solidity 0.8.x
415
+ - Token governance
416
+ - Active development
417
+ - Regular audits
418
+ ```
419
+
420
+ ---
421
+
422
+ ## BOTTOM LINE
423
+
424
+ **The Elephant Money ecosystem has fundamental security issues that make it high-risk:**
425
+
426
+ 1. **No one is home** - Project abandoned for 500+ days
427
+ 2. **Trust-based** - No on-chain verification of claims
428
+ 3. **Centralized** - Owner controls everything
429
+ 4. **Outdated** - Using old, vulnerable code
430
+ 5. **No protection** - Missing basic security features
431
+
432
+ **Recommendation:** Avoid new investments. If you're already invested, consider exiting positions carefully due to low liquidity.
433
+
434
+ ---
435
+
436
+ ## QUESTIONS TO ASK ANY DEFI PROJECT
437
+
438
+ Use this checklist to evaluate other projects:
439
+
440
+ - [ ] Is the project actively maintained?
441
+ - [ ] Is there multi-sig on critical functions?
442
+ - [ ] Are there timelocks on important changes?
443
+ - [ ] Can you verify collateral on-chain?
444
+ - [ ] Is there a redemption mechanism?
445
+ - [ ] Is the code using modern Solidity (0.8.x)?
446
+ - [ ] Has it been audited by reputable firms?
447
+ - [ ] Is there a bug bounty program?
448
+ - [ ] Is there governance/decentralization?
449
+ - [ ] Are there emergency pause mechanisms?
450
+
451
+ **If most answers are "No" → High Risk Project**
452
+
453
+ ---
454
+
455
+ *This explanation is for educational purposes. Always do your own research before investing in any cryptocurrency or DeFi protocol.*