uups-checker 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (670) hide show
  1. package/.gitmodules +6 -0
  2. package/AIFI_AUDIT.md +220 -0
  3. package/ALL_AUDITS_SUMMARY.md +366 -0
  4. package/ALPHA_PROXY_CRITICAL_FINDING.md +136 -0
  5. package/ALPHA_PROXY_FINAL_ANALYSIS.md +213 -0
  6. package/ALPHA_PROXY_FINAL_VERDICT.md +233 -0
  7. package/ALPHA_PROXY_SELFDESTRUCT_EXPLOIT.md +161 -0
  8. package/ARIA-foundry-test.txt +9 -0
  9. package/ARIA-mythril-analysis.txt +20 -0
  10. package/ARIA-slither-analysis.txt +38 -0
  11. package/ARIA_AI_SECURITY_AUDIT.md +290 -0
  12. package/ARIA_VERIFIED_AUDIT.md +259 -0
  13. package/ARIA_VERIFIED_slither.txt +76 -0
  14. package/ARIVA_source.txt +1 -0
  15. package/ARK_AUDIT.md +349 -0
  16. package/BANANA_AUDIT.md +365 -0
  17. package/BAS_AUDIT.md +451 -0
  18. package/BAS_TOKEN_AUDIT.md +235 -0
  19. package/BCE_EXPLOIT_ANALYSIS.md +165 -0
  20. package/BEEFY_BNB_CHAIN_ANALYSIS.md +488 -0
  21. package/BEEFY_MONAD_ANALYSIS.md +239 -0
  22. package/BEEFY_STAKING_ANALYSIS.md +136 -0
  23. package/BEEFY_XVS_WBNB_ACTUAL_FINDINGS.md +223 -0
  24. package/BEEFY_XVS_WBNB_CRITICAL_FINDINGS.md +269 -0
  25. package/BLOCKSEC_ATTACK_KNOWLEDGE_BASE.md +771 -0
  26. package/BRISE_ANALYSIS.txt +31 -0
  27. package/BRISE_BSC_DAPPS.txt +68 -0
  28. package/BRISE_EXPLOITS_FOUND.md +98 -0
  29. package/BRISE_REAL_EXPLOITS.md +115 -0
  30. package/BRISE_WHITEHAT_REPORT.md +162 -0
  31. package/BRISEstake_Analysis.txt +95 -0
  32. package/BSCSLOCKTOKEN_CRITICAL_FINDING.md +240 -0
  33. package/BSW_BISWAP_SECURITY_AUDIT.md +330 -0
  34. package/BTCST_FINAL_VERDICT.md +319 -0
  35. package/BTCST_MINING_REBASE_ANALYSIS.md +229 -0
  36. package/BTCST_ROUNDING_DEEP_DIVE.md +293 -0
  37. package/BTCST_ROUNDING_FINAL_VERDICT.md +9 -0
  38. package/BTCST_SECURITY_ANALYSIS.md +391 -0
  39. package/BTR_AUDIT.md +210 -0
  40. package/BeamBridge-analysis.md +226 -0
  41. package/BeamToken-analysis.md +201 -0
  42. package/BitgertSwap_Investigation.txt +107 -0
  43. package/CEEK_STAKING_ANALYSIS.md +0 -0
  44. package/CHAINBASE_AUDIT.md +422 -0
  45. package/COMPLETE_AUDIT_SUMMARY.md +342 -0
  46. package/CORRECTED_ANALYSIS.txt +115 -0
  47. package/DBXEN_COMPARISON_SUMMARY.md +232 -0
  48. package/DBXEN_EXPLOIT_ANALYSIS.md +530 -0
  49. package/DOPFairLaunch_raw.json +29 -0
  50. package/DOPFairLaunch_source.txt +0 -0
  51. package/DOP_BRIDGE_FINAL_ANALYSIS.txt +86 -0
  52. package/DOP_BUSD_LP_ANALYSIS.txt +44 -0
  53. package/DOP_FAIRLAUNCH_ANALYSIS.txt +61 -0
  54. package/DOP_FAIRLAUNCH_FINAL_VERDICT.txt +113 -0
  55. package/DOP_STAKING_CONTRACT_ANALYSIS.txt +67 -0
  56. package/DSYNC_ECOSYSTEM_ANALYSIS.md +221 -0
  57. package/DSyncStaking-exploit-analysis.md +153 -0
  58. package/DSyncVault-analysis.md +120 -0
  59. package/DUSD_PROXY_AUDIT.md +407 -0
  60. package/DXSALE_LOCK_AUDIT.md +0 -0
  61. package/DXSaleLock_bytecode.txt +1 -0
  62. package/ECHIDNA_QUICK_START.md +101 -0
  63. package/ELEPHANT_ECOSYSTEM_AUDIT_PLAN.md +159 -0
  64. package/ELEPHANT_ECOSYSTEM_COMPREHENSIVE_AUDIT.md +427 -0
  65. package/ELEPHANT_SECURITY_ANALYSIS.md +209 -0
  66. package/ELEPHANT_VULNERABILITIES_EXPLAINED.md +455 -0
  67. package/EXPLOIT_FIX.md +300 -0
  68. package/EXPLOIT_INSTRUCTIONS.md +273 -0
  69. package/EXPLOIT_SUMMARY.md +285 -0
  70. package/EXPLOIT_SUMMARY.txt +175 -0
  71. package/FALCON_FINANCE_AUDIT.md +258 -0
  72. package/FANDOM_AUDIT.md +359 -0
  73. package/FEE_ON_TRANSFER_ANALYSIS.md +228 -0
  74. package/FINAL_AUDIT_REPORT.md +0 -0
  75. package/FOLIO_PROXY_AUDIT.md +299 -0
  76. package/FOT_EXPLOIT_RESULTS.txt +110 -0
  77. package/FOT_TOKENS_AUDITED.md +103 -0
  78. package/HEGIC-mythril-analysis.txt +39 -0
  79. package/HEGIC_COMPLETE_ANALYSIS.md +343 -0
  80. package/HOTCROSS_SWAP_EXPLOIT_ANALYSIS.md +123 -0
  81. package/ICECREAMSWAP_EXPLOITS.md +259 -0
  82. package/IMMUNEFI_REPORT.md +314 -0
  83. package/KCCPAD_EXPLOIT_GUIDE.md +285 -0
  84. package/KEL_CEL_EXPLOIT_ANALYSIS.md +0 -0
  85. package/KOGE_AUDIT.md +328 -0
  86. package/LENDFLARE_ANALYSIS.md +239 -0
  87. package/LENDFLARE_ECHIDNA_GUIDE.md +356 -0
  88. package/LENDFLARE_EXPLOIT_INSTRUCTIONS.md +297 -0
  89. package/LENDFLARE_EXPLOIT_SUMMARY.md +292 -0
  90. package/LENDFLARE_FLASHLOAN_GUIDE.md +383 -0
  91. package/LENDFLARE_FUZZING_RESULTS.md +252 -0
  92. package/LENDFLARE_HONEYPOT_BYPASS_ANALYSIS.md +420 -0
  93. package/LENDFLARE_MANUAL_FUZZING.md +324 -0
  94. package/LENDFLARE_MYTHRIL_ANALYSIS.md +339 -0
  95. package/LENDFLARE_V3_BYPASS.md +296 -0
  96. package/LFTDECOMPILE.txt +14478 -0
  97. package/LFT_ACCOUNTING_ANALYSIS.md +0 -0
  98. package/LFT_ACCOUNTING_BUG_ANALYSIS.md +426 -0
  99. package/LFT_BACKDOOR_DEEP_DIVE.md +0 -0
  100. package/LFT_CRITICAL_EXPLOIT_CONFIRMED.md +428 -0
  101. package/LFT_EXPLOIT_VISUAL.md +253 -0
  102. package/LFT_QUICK_SUMMARY.md +124 -0
  103. package/LFT_REVERSE_EXPLOIT_ANALYSIS.md +521 -0
  104. package/MGO_AUDIT_REPORT.md +420 -0
  105. package/MYTHRIL_FINAL_REPORT.md +306 -0
  106. package/MYTHRIL_SLITHER_SUMMARY.md +244 -0
  107. package/NETX_MIGRATION_AUDIT.md +0 -0
  108. package/NPM_PUBLISH_GUIDE.md +0 -0
  109. package/NRV_CRITICAL_EXPLOIT.txt +143 -0
  110. package/NetX_Analysis.txt +76 -0
  111. package/NetX_Migration_bytecode.txt +1 -0
  112. package/NetX_Migration_source.txt +0 -0
  113. package/NetX_Token_source.txt +0 -0
  114. package/NetxWhitehatRescue +22 -0
  115. package/OILER_ATTACK_VISUAL.md +351 -0
  116. package/OILER_BLOCKSEC_TEST_RESULTS.md +421 -0
  117. package/OILER_DEEP_ANALYSIS.md +212 -0
  118. package/OILER_FINAL_EXPLOIT_REPORT.md +241 -0
  119. package/OILER_FINAL_VERDICT.md +339 -0
  120. package/OILER_REENTRANCY_EXPLAINED.md +638 -0
  121. package/OILER_REENTRANCY_FINAL_SUMMARY.md +391 -0
  122. package/OILER_REENTRANCY_REALITY_CHECK.md +393 -0
  123. package/OILER_REENTRANCY_STEP_BY_STEP.md +597 -0
  124. package/OILER_STAKING_MAINNET_ANALYSIS.md +366 -0
  125. package/OILER_STAKING_SECURITY_ANALYSIS.md +409 -0
  126. package/PANCAKESWAP_UNDERFLOW_HUNTING.md +317 -0
  127. package/POLS_MULTICHAIN_AUDIT.md +0 -0
  128. package/POSI_STAKING_AUDIT.md +0 -0
  129. package/PROXY2_SECURITY_ANALYSIS.md +0 -0
  130. package/Proxy2TACS +29748 -0
  131. package/QUICK_START.md +240 -0
  132. package/RAMP_SECURITY_ANALYSIS.md +0 -0
  133. package/README.md +238 -0
  134. package/REAUDIT_MASTER_LIST.txt +15 -0
  135. package/RING_analysis.txt +212 -0
  136. package/RPC +4 -0
  137. package/RULES.txt +20 -0
  138. package/SIREN_AUDIT.md +186 -0
  139. package/SYNC_EXPLOIT_README.md +0 -0
  140. package/SYNC_TOKEN_EXPLOIT_REPORT.md +224 -0
  141. package/TLM_raw.html +0 -0
  142. package/TLM_raw.txt +0 -0
  143. package/TLM_response.json +1 -0
  144. package/TRADOOR_AUDIT.md +253 -0
  145. package/TRUNK_AUDIT.md +285 -0
  146. package/UNIBASE_AUDIT.md +241 -0
  147. package/UNLOCK_ANALYSIS.md +0 -0
  148. package/UNLOCK_EXPLOIT.md +49 -0
  149. package/UNLOCK_EXPLOIT_ANALYSIS.md +0 -0
  150. package/UPS +232 -0
  151. package/UUPSCHECKER +208 -0
  152. package/VAULT_PROXY_AUDIT.md +457 -0
  153. package/VAULT_PROXY_FINAL_VERDICT.md +0 -0
  154. package/VERIFIED_EXPLOITS_FINAL.txt +146 -0
  155. package/WKEYDAO2_AUDIT.md +245 -0
  156. package/WSG_AUDIT.md +0 -0
  157. package/XFI_DEEP_ANALYSIS.md +327 -0
  158. package/YOOSHI_EXPLOIT_GUIDE.md +119 -0
  159. package/YSDAO_EXPLOIT_GUIDE.md +0 -0
  160. package/agent-4-bundle.md +22490 -0
  161. package/alpha-proxy-echidna.txt +1 -0
  162. package/alpha-proxy-fuzz-results.txt +81 -0
  163. package/alpha-proxy-mythril.txt +2 -0
  164. package/analyze-btcst-farm.js +54 -0
  165. package/analyze-dxsale-lock.js +75 -0
  166. package/analyze-elephant.js +69 -0
  167. package/analyze-fara-rewards.js +109 -0
  168. package/analyze-fara-storage.js +83 -0
  169. package/analyze-lft-transaction.js +158 -0
  170. package/analyze-lock-bytecode.js +59 -0
  171. package/analyze-shegic.js +0 -0
  172. package/analyze-staking-abi.js +0 -0
  173. package/analyze-sxp.js +57 -0
  174. package/analyze-tlm.js +76 -0
  175. package/analyze-trumpet.js +98 -0
  176. package/analyze-unlimited-nft.js +108 -0
  177. package/analyze_elephant.sh +27 -0
  178. package/analyze_vault.sh +32 -0
  179. package/aria-bytecode.txt +1 -0
  180. package/aria_response.json +1 -0
  181. package/ark_temp/README.md +66 -0
  182. package/ark_temp/lib/forge-std/.gitattributes +1 -0
  183. package/ark_temp/lib/forge-std/.github/CODEOWNERS +1 -0
  184. package/ark_temp/lib/forge-std/.github/dependabot.yml +6 -0
  185. package/ark_temp/lib/forge-std/.github/workflows/ci.yml +125 -0
  186. package/ark_temp/lib/forge-std/.github/workflows/sync.yml +36 -0
  187. package/ark_temp/lib/forge-std/CONTRIBUTING.md +193 -0
  188. package/ark_temp/lib/forge-std/LICENSE-APACHE +203 -0
  189. package/ark_temp/lib/forge-std/LICENSE-MIT +25 -0
  190. package/ark_temp/lib/forge-std/README.md +314 -0
  191. package/ark_temp/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  192. package/ark_temp/lib/forge-std/package.json +16 -0
  193. package/ark_temp/lib/forge-std/scripts/vm.py +636 -0
  194. package/audits/AiFi-security-audit-20260326.md +499 -0
  195. package/audits/BasedAI-Brains-security-audit-20260324.md +651 -0
  196. package/audits/BinanceAlphaWallet-pashov-ai-audit-report-20260324-170000.md +362 -0
  197. package/audits/DGToken-security-audit-20260324.md +376 -0
  198. package/audits/DSyncStaking-audit-part1.md +161 -0
  199. package/audits/DSyncStaking-security-audit-20260324.md +547 -0
  200. package/audits/DecompiledERC20-security-audit-20260325.md +397 -0
  201. package/audits/DegenVC-security-audit-20260324.md +585 -0
  202. package/audits/DelreyInu-security-audit-20260324.md +463 -0
  203. package/audits/DestraNetwork-security-audit-20260324.md +705 -0
  204. package/audits/DomiToken-security-audit-20260324.md +514 -0
  205. package/audits/LendFlareToken-security-audit-20260325.md +197 -0
  206. package/audits/LockReleaseTokenPool-security-audit-20260324.md +482 -0
  207. package/audits/MOG-pashov-ai-audit-report-20260324-164900.md +229 -0
  208. package/audits/PAALAI-security-audit-20260324.md +475 -0
  209. package/audits/PAR-security-audit-20260325.md +311 -0
  210. package/audits/PepeCoinStaking-security-audit-20260324.md +358 -0
  211. package/audits/StakingPool-security-audit-20260324.md +517 -0
  212. package/audits/SyncToken-security-audit-20260324.md +778 -0
  213. package/audits/UndeadToken-decompiled-security-audit-20260324.md +485 -0
  214. package/audits/UnknownToken-decompiled-security-audit-20260324.md +647 -0
  215. package/audits/XFIStaking-security-audit-20260324.md +682 -0
  216. package/audits/Xfinance-security-audit-20260324.md +463 -0
  217. package/audits/basedAIFarm-security-audit-20260324.md +330 -0
  218. package/audits/pepeCoin-security-audit-20260324.md +462 -0
  219. package/bin/ups +232 -0
  220. package/binance-wallet-exploit/.env.example +2 -0
  221. package/binance-wallet-exploit/EXECUTIVE_SUMMARY.md +272 -0
  222. package/binance-wallet-exploit/EXPLOIT_SUMMARY.md +104 -0
  223. package/binance-wallet-exploit/FINAL_ANALYSIS.md +326 -0
  224. package/binance-wallet-exploit/FLASHLOAN_ATTACK.md +292 -0
  225. package/binance-wallet-exploit/HONEYPOT_REPORT.md +526 -0
  226. package/binance-wallet-exploit/INVESTIGATION_COMPLETE.md +362 -0
  227. package/binance-wallet-exploit/LENDFLARE_EXPLOIT.md +219 -0
  228. package/binance-wallet-exploit/LENDFLARE_FINAL_ATTACK.md +307 -0
  229. package/binance-wallet-exploit/LENDFLARE_REAL_EXPLOIT.md +286 -0
  230. package/binance-wallet-exploit/LENDFLARE_RUGPULL.md +269 -0
  231. package/binance-wallet-exploit/LFT_ANALYSIS.md +206 -0
  232. package/binance-wallet-exploit/QUICK_START.md +75 -0
  233. package/binance-wallet-exploit/README.md +195 -0
  234. package/binance-wallet-exploit/REAL_TX_EXPLOIT_ANALYSIS.md +271 -0
  235. package/binance-wallet-exploit/REMIX_INSTRUCTIONS.md +223 -0
  236. package/binance-wallet-exploit/TEST_RESULTS.md +203 -0
  237. package/binance-wallet-exploit/cache/solidity-files-cache.json +1 -0
  238. package/binance-wallet-exploit/cache/test-failures +1 -0
  239. package/binance-wallet-exploit/lib/forge-std/.gitattributes +1 -0
  240. package/binance-wallet-exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  241. package/binance-wallet-exploit/lib/forge-std/.github/dependabot.yml +6 -0
  242. package/binance-wallet-exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  243. package/binance-wallet-exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  244. package/binance-wallet-exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  245. package/binance-wallet-exploit/lib/forge-std/LICENSE-APACHE +203 -0
  246. package/binance-wallet-exploit/lib/forge-std/LICENSE-MIT +25 -0
  247. package/binance-wallet-exploit/lib/forge-std/README.md +314 -0
  248. package/binance-wallet-exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  249. package/binance-wallet-exploit/lib/forge-std/package.json +16 -0
  250. package/binance-wallet-exploit/lib/forge-std/scripts/vm.py +636 -0
  251. package/binance-wallet-exploit/out/build-info/1e9aa7e86cf56962.json +1 -0
  252. package/binance-wallet-exploit/out/build-info/6f56f10e9d7b56eb.json +1 -0
  253. package/binance-wallet-exploit/out/build-info/7edba961ff697a24.json +1 -0
  254. package/binance-wallet-exploit/out/build-info/8c27fe3efea2f2e7.json +1 -0
  255. package/binance-wallet-exploit/out/build-info/978b680daffec63a.json +1 -0
  256. package/binance-wallet-exploit/out/build-info/9806b900b5672d0c.json +1 -0
  257. package/binance-wallet-exploit/out/build-info/b4b9ff36e9b3fc27.json +1 -0
  258. package/binance-wallet-exploit/out/build-info/b6f4df9ae05c0812.json +1 -0
  259. package/binance-wallet-exploit/out/build-info/c88dbc86551f7b5c.json +1 -0
  260. package/binance-wallet-exploit/out/build-info/e9657504010623db.json +1 -0
  261. package/cache/fuzz/failures/ARIAVerifiedFuzzTest/testFuzz_ApprovalRaceCondition +1 -0
  262. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_DirectTransferExploit +1 -0
  263. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_LargeSwapDrain +1 -0
  264. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_ApprovalExploit +1 -0
  265. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_BalanceManipulation +1 -0
  266. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_RateManipulation +1 -0
  267. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_StorageManipulation +1 -0
  268. package/cache/fuzz/failures/PARFuzzTest/testFuzz_OverflowTransfer +1 -0
  269. package/cache/fuzz/failures/PARFuzzTest/testFuzz_Transfer +1 -0
  270. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_FrontrunAddfunds +1 -0
  271. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RewardOverflow +1 -0
  272. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RoundingExploit +1 -0
  273. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_WithdrawLimit +1 -0
  274. package/cache/solidity-files-cache.json +1 -0
  275. package/cache/test-failures +1 -0
  276. package/calculate-elephant-flashloan.js +195 -0
  277. package/check-address-approval.js +112 -0
  278. package/check-alpha-proxy.js +42 -0
  279. package/check-arbitrage.js +155 -0
  280. package/check-aria-token.js +47 -0
  281. package/check-ark.sh +20 -0
  282. package/check-btcst-mining.js +75 -0
  283. package/check-btcst-pools.js +163 -0
  284. package/check-btcst.js +88 -0
  285. package/check-caller.js +26 -0
  286. package/check-ceek-lp.js +73 -0
  287. package/check-ceek.js +47 -0
  288. package/check-dxsale-address.js +35 -0
  289. package/check-fara-exploit-timing.js +56 -0
  290. package/check-fara-real-exploit.js +73 -0
  291. package/check-flashloan-limits.js +129 -0
  292. package/check-kel-cel-pool.js +91 -0
  293. package/check-lax-staking.js +41 -0
  294. package/check-lendflare.js +165 -0
  295. package/check-lft-accounting.js +109 -0
  296. package/check-lft-roles.js +165 -0
  297. package/check-lock-time.js +47 -0
  298. package/check-min-stake.js +73 -0
  299. package/check-mystery-contract.js +52 -0
  300. package/check-next-token.js +50 -0
  301. package/check-nora-lock.js +67 -0
  302. package/check-oiler-approvals.js +116 -0
  303. package/check-oiler-proxy.js +73 -0
  304. package/check-oiler-staking.js +117 -0
  305. package/check-proxy-simple.js +71 -0
  306. package/check-recent-stakes.js +54 -0
  307. package/check-shegic-holdings.js +67 -0
  308. package/check-snowcrash-ecosystem.js +83 -0
  309. package/check-sync-lp.js +97 -0
  310. package/check-sync-stake.js +42 -0
  311. package/check-tlm.js +37 -0
  312. package/check-token-pools.js +146 -0
  313. package/check-trunk-depeg.js +181 -0
  314. package/check-tusd-decimals.js +58 -0
  315. package/check-user-storage-deep.js +81 -0
  316. package/check-welephant-pools.js +130 -0
  317. package/check-xfi-pool.js +75 -0
  318. package/check-zypher.js +32 -0
  319. package/check_proxy.sh +36 -0
  320. package/compare-tlm-chains.js +90 -0
  321. package/contract_0x05f2.html +6025 -0
  322. package/contract_0x3720.html +6361 -0
  323. package/contract_0x928e.html +5606 -0
  324. package/contract_0xc42d.html +5304 -0
  325. package/contract_page.html +5789 -0
  326. package/decode-stake-tx.js +50 -0
  327. package/deep-analyze-lock.js +82 -0
  328. package/dune_uups_proxy_query.sql +42 -0
  329. package/dune_uups_vulnerable_query.sql +0 -0
  330. package/echidna/alpha-proxy.yaml +14 -0
  331. package/echidna/elephant.yaml +7 -0
  332. package/echidna/lendflare.yaml +42 -0
  333. package/echidna.config.yaml +12 -0
  334. package/elephant_raw.json +1 -0
  335. package/eps_raw.json +1 -0
  336. package/exploit/.github/workflows/test.yml +38 -0
  337. package/exploit/.gitmodules +3 -0
  338. package/exploit/README.md +66 -0
  339. package/exploit/foundry.lock +8 -0
  340. package/exploit/lib/forge-std/.gitattributes +1 -0
  341. package/exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  342. package/exploit/lib/forge-std/.github/dependabot.yml +6 -0
  343. package/exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  344. package/exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  345. package/exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  346. package/exploit/lib/forge-std/LICENSE-APACHE +203 -0
  347. package/exploit/lib/forge-std/LICENSE-MIT +25 -0
  348. package/exploit/lib/forge-std/README.md +314 -0
  349. package/exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  350. package/exploit/lib/forge-std/package.json +16 -0
  351. package/exploit/lib/forge-std/scripts/vm.py +636 -0
  352. package/exploit_analysis.txt +51 -0
  353. package/extract_contract.py +21 -0
  354. package/extract_elephant_contracts.py +24 -0
  355. package/fara-staking-bytecode.txt +1 -0
  356. package/fara-staking-raw.txt +1 -0
  357. package/fetch-aria.js +46 -0
  358. package/fetch-contract.js +50 -0
  359. package/fetch-shegic-source.js +86 -0
  360. package/fetch-snowcrash.js +44 -0
  361. package/fetch-staking-source.js +53 -0
  362. package/fetch-tlm.js +60 -0
  363. package/fetch_elephant_source.py +32 -0
  364. package/find-ceek-staking.js +21 -0
  365. package/find-exploit-tx.js +88 -0
  366. package/find-oiler-holders.js +100 -0
  367. package/find-tlm-holder.js +36 -0
  368. package/find-vulnerable-fund.js +94 -0
  369. package/foundry.lock +8 -0
  370. package/fuzz-all.sh +53 -0
  371. package/get-aria-contract.py +40 -0
  372. package/get-lft-holders.js +89 -0
  373. package/get-tlm-source.sh +8 -0
  374. package/harvest_txs.json +1 -0
  375. package/lft-bytecode-raw.txt +1 -0
  376. package/lft-bytecode.json +1 -0
  377. package/lft-impl.bin +1 -0
  378. package/lft-implementation-bytecode.txt +1 -0
  379. package/lib/forge-std/.gitattributes +1 -0
  380. package/lib/forge-std/.github/CODEOWNERS +1 -0
  381. package/lib/forge-std/.github/dependabot.yml +6 -0
  382. package/lib/forge-std/.github/workflows/ci.yml +125 -0
  383. package/lib/forge-std/.github/workflows/sync.yml +36 -0
  384. package/lib/forge-std/CONTRIBUTING.md +193 -0
  385. package/lib/forge-std/LICENSE-APACHE +203 -0
  386. package/lib/forge-std/LICENSE-MIT +25 -0
  387. package/lib/forge-std/README.md +314 -0
  388. package/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  389. package/lib/forge-std/package.json +16 -0
  390. package/lib/forge-std/scripts/vm.py +636 -0
  391. package/lib/openzeppelin-contracts/.changeset/config.json +12 -0
  392. package/lib/openzeppelin-contracts/.codecov.yml +12 -0
  393. package/lib/openzeppelin-contracts/.editorconfig +21 -0
  394. package/lib/openzeppelin-contracts/.eslintrc +20 -0
  395. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
  396. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/config.yml +4 -0
  397. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/feature_request.md +14 -0
  398. package/lib/openzeppelin-contracts/.github/PULL_REQUEST_TEMPLATE.md +20 -0
  399. package/lib/openzeppelin-contracts/.github/actions/gas-compare/action.yml +49 -0
  400. package/lib/openzeppelin-contracts/.github/actions/setup/action.yml +21 -0
  401. package/lib/openzeppelin-contracts/.github/actions/storage-layout/action.yml +55 -0
  402. package/lib/openzeppelin-contracts/.github/workflows/actionlint.yml +18 -0
  403. package/lib/openzeppelin-contracts/.github/workflows/changeset.yml +28 -0
  404. package/lib/openzeppelin-contracts/.github/workflows/checks.yml +118 -0
  405. package/lib/openzeppelin-contracts/.github/workflows/docs.yml +19 -0
  406. package/lib/openzeppelin-contracts/.github/workflows/formal-verification.yml +68 -0
  407. package/lib/openzeppelin-contracts/.github/workflows/release-cycle.yml +214 -0
  408. package/lib/openzeppelin-contracts/.github/workflows/upgradeable.yml +34 -0
  409. package/lib/openzeppelin-contracts/.gitmodules +7 -0
  410. package/lib/openzeppelin-contracts/.mocharc.js +4 -0
  411. package/lib/openzeppelin-contracts/.prettierrc +15 -0
  412. package/lib/openzeppelin-contracts/.solcover.js +13 -0
  413. package/lib/openzeppelin-contracts/CHANGELOG.md +972 -0
  414. package/lib/openzeppelin-contracts/CODE_OF_CONDUCT.md +73 -0
  415. package/lib/openzeppelin-contracts/CONTRIBUTING.md +36 -0
  416. package/lib/openzeppelin-contracts/GUIDELINES.md +148 -0
  417. package/lib/openzeppelin-contracts/LICENSE +22 -0
  418. package/lib/openzeppelin-contracts/README.md +107 -0
  419. package/lib/openzeppelin-contracts/RELEASING.md +45 -0
  420. package/lib/openzeppelin-contracts/SECURITY.md +42 -0
  421. package/lib/openzeppelin-contracts/audits/2017-03.md +292 -0
  422. package/lib/openzeppelin-contracts/audits/2018-10.pdf +0 -0
  423. package/lib/openzeppelin-contracts/audits/2022-10-Checkpoints.pdf +0 -0
  424. package/lib/openzeppelin-contracts/audits/2022-10-ERC4626.pdf +0 -0
  425. package/lib/openzeppelin-contracts/audits/2023-05-v4.9.pdf +0 -0
  426. package/lib/openzeppelin-contracts/audits/2023-10-v5.0.pdf +0 -0
  427. package/lib/openzeppelin-contracts/audits/README.md +17 -0
  428. package/lib/openzeppelin-contracts/certora/Makefile +54 -0
  429. package/lib/openzeppelin-contracts/certora/README.md +60 -0
  430. package/lib/openzeppelin-contracts/certora/diff/access_manager_AccessManager.sol.patch +97 -0
  431. package/lib/openzeppelin-contracts/certora/reports/2021-10.pdf +0 -0
  432. package/lib/openzeppelin-contracts/certora/reports/2022-03.pdf +0 -0
  433. package/lib/openzeppelin-contracts/certora/reports/2022-05.pdf +0 -0
  434. package/lib/openzeppelin-contracts/certora/run.js +160 -0
  435. package/lib/openzeppelin-contracts/certora/specs/AccessControl.spec +119 -0
  436. package/lib/openzeppelin-contracts/certora/specs/AccessControlDefaultAdminRules.spec +464 -0
  437. package/lib/openzeppelin-contracts/certora/specs/DoubleEndedQueue.spec +300 -0
  438. package/lib/openzeppelin-contracts/certora/specs/ERC20.spec +352 -0
  439. package/lib/openzeppelin-contracts/certora/specs/ERC20FlashMint.spec +55 -0
  440. package/lib/openzeppelin-contracts/certora/specs/ERC20Wrapper.spec +198 -0
  441. package/lib/openzeppelin-contracts/certora/specs/ERC721.spec +679 -0
  442. package/lib/openzeppelin-contracts/certora/specs/EnumerableMap.spec +333 -0
  443. package/lib/openzeppelin-contracts/certora/specs/EnumerableSet.spec +246 -0
  444. package/lib/openzeppelin-contracts/certora/specs/Initializable.spec +165 -0
  445. package/lib/openzeppelin-contracts/certora/specs/Ownable.spec +77 -0
  446. package/lib/openzeppelin-contracts/certora/specs/Ownable2Step.spec +108 -0
  447. package/lib/openzeppelin-contracts/certora/specs/Pausable.spec +96 -0
  448. package/lib/openzeppelin-contracts/certora/specs/TimelockController.spec +274 -0
  449. package/lib/openzeppelin-contracts/certora/specs/helpers/helpers.spec +7 -0
  450. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControl.spec +8 -0
  451. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControlDefaultAdminRules.spec +36 -0
  452. package/lib/openzeppelin-contracts/certora/specs/methods/IERC20.spec +11 -0
  453. package/lib/openzeppelin-contracts/certora/specs/methods/IERC2612.spec +5 -0
  454. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashBorrower.spec +3 -0
  455. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashLender.spec +5 -0
  456. package/lib/openzeppelin-contracts/certora/specs/methods/IERC5313.spec +3 -0
  457. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721.spec +17 -0
  458. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721Receiver.spec +3 -0
  459. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable.spec +5 -0
  460. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable2Step.spec +7 -0
  461. package/lib/openzeppelin-contracts/certora/specs.json +86 -0
  462. package/lib/openzeppelin-contracts/contracts/access/README.adoc +43 -0
  463. package/lib/openzeppelin-contracts/contracts/finance/README.adoc +14 -0
  464. package/lib/openzeppelin-contracts/contracts/governance/README.adoc +167 -0
  465. package/lib/openzeppelin-contracts/contracts/interfaces/README.adoc +82 -0
  466. package/lib/openzeppelin-contracts/contracts/metatx/README.adoc +12 -0
  467. package/lib/openzeppelin-contracts/contracts/package.json +32 -0
  468. package/lib/openzeppelin-contracts/contracts/proxy/README.adoc +87 -0
  469. package/lib/openzeppelin-contracts/contracts/token/ERC1155/README.adoc +41 -0
  470. package/lib/openzeppelin-contracts/contracts/token/ERC20/README.adoc +67 -0
  471. package/lib/openzeppelin-contracts/contracts/token/ERC721/README.adoc +67 -0
  472. package/lib/openzeppelin-contracts/contracts/token/common/README.adoc +10 -0
  473. package/lib/openzeppelin-contracts/contracts/utils/README.adoc +88 -0
  474. package/lib/openzeppelin-contracts/contracts/vendor/compound/LICENSE +11 -0
  475. package/lib/openzeppelin-contracts/docs/README.md +16 -0
  476. package/lib/openzeppelin-contracts/docs/antora.yml +7 -0
  477. package/lib/openzeppelin-contracts/docs/config.js +21 -0
  478. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3a.png +0 -0
  479. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3b.png +0 -0
  480. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-6.png +0 -0
  481. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack.png +0 -0
  482. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-deposit.png +0 -0
  483. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-mint.png +0 -0
  484. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-linear.png +0 -0
  485. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglog.png +0 -0
  486. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglogext.png +0 -0
  487. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-exec.png +0 -0
  488. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-vote.png +0 -0
  489. package/lib/openzeppelin-contracts/docs/modules/ROOT/nav.adoc +23 -0
  490. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/access-control.adoc +204 -0
  491. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/backwards-compatibility.adoc +48 -0
  492. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/crowdsales.adoc +11 -0
  493. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/drafts.adoc +19 -0
  494. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc1155.adoc +145 -0
  495. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20-supply.adoc +71 -0
  496. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20.adoc +77 -0
  497. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc4626.adoc +214 -0
  498. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc721.adoc +79 -0
  499. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/extending-contracts.adoc +77 -0
  500. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/faq.adoc +13 -0
  501. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/governance.adoc +240 -0
  502. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/index.adoc +79 -0
  503. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/tokens.adoc +31 -0
  504. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/upgradeable.adoc +77 -0
  505. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/utilities.adoc +185 -0
  506. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/wizard.adoc +15 -0
  507. package/lib/openzeppelin-contracts/docs/templates/contract.hbs +111 -0
  508. package/lib/openzeppelin-contracts/docs/templates/helpers.js +46 -0
  509. package/lib/openzeppelin-contracts/docs/templates/page.hbs +4 -0
  510. package/lib/openzeppelin-contracts/docs/templates/properties.js +64 -0
  511. package/lib/openzeppelin-contracts/hardhat/env-artifacts.js +24 -0
  512. package/lib/openzeppelin-contracts/hardhat/env-contract.js +25 -0
  513. package/lib/openzeppelin-contracts/hardhat/ignore-unreachable-warnings.js +45 -0
  514. package/lib/openzeppelin-contracts/hardhat/skip-foundry-tests.js +6 -0
  515. package/lib/openzeppelin-contracts/hardhat/task-test-get-files.js +25 -0
  516. package/lib/openzeppelin-contracts/hardhat.config.js +131 -0
  517. package/lib/openzeppelin-contracts/lib/erc4626-tests/LICENSE +661 -0
  518. package/lib/openzeppelin-contracts/lib/erc4626-tests/README.md +116 -0
  519. package/lib/openzeppelin-contracts/lib/forge-std/.github/workflows/ci.yml +92 -0
  520. package/lib/openzeppelin-contracts/lib/forge-std/.gitmodules +3 -0
  521. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-APACHE +203 -0
  522. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-MIT +25 -0
  523. package/lib/openzeppelin-contracts/lib/forge-std/README.md +250 -0
  524. package/lib/openzeppelin-contracts/lib/forge-std/package.json +16 -0
  525. package/lib/openzeppelin-contracts/logo.svg +15 -0
  526. package/lib/openzeppelin-contracts/netlify.toml +3 -0
  527. package/lib/openzeppelin-contracts/package-lock.json +16544 -0
  528. package/lib/openzeppelin-contracts/package.json +96 -0
  529. package/lib/openzeppelin-contracts/remappings.txt +1 -0
  530. package/lib/openzeppelin-contracts/renovate.json +4 -0
  531. package/lib/openzeppelin-contracts/requirements.txt +1 -0
  532. package/lib/openzeppelin-contracts/scripts/checks/compare-layout.js +20 -0
  533. package/lib/openzeppelin-contracts/scripts/checks/compareGasReports.js +243 -0
  534. package/lib/openzeppelin-contracts/scripts/checks/extract-layout.js +38 -0
  535. package/lib/openzeppelin-contracts/scripts/checks/generation.sh +6 -0
  536. package/lib/openzeppelin-contracts/scripts/checks/inheritance-ordering.js +54 -0
  537. package/lib/openzeppelin-contracts/scripts/gen-nav.js +41 -0
  538. package/lib/openzeppelin-contracts/scripts/generate/format-lines.js +16 -0
  539. package/lib/openzeppelin-contracts/scripts/generate/run.js +49 -0
  540. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.js +247 -0
  541. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.opts.js +17 -0
  542. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.t.js +146 -0
  543. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableMap.js +283 -0
  544. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableSet.js +250 -0
  545. package/lib/openzeppelin-contracts/scripts/generate/templates/SafeCast.js +126 -0
  546. package/lib/openzeppelin-contracts/scripts/generate/templates/StorageSlot.js +78 -0
  547. package/lib/openzeppelin-contracts/scripts/generate/templates/conversion.js +30 -0
  548. package/lib/openzeppelin-contracts/scripts/git-user-config.sh +6 -0
  549. package/lib/openzeppelin-contracts/scripts/helpers.js +37 -0
  550. package/lib/openzeppelin-contracts/scripts/prepack.sh +23 -0
  551. package/lib/openzeppelin-contracts/scripts/prepare-docs.sh +26 -0
  552. package/lib/openzeppelin-contracts/scripts/release/format-changelog.js +33 -0
  553. package/lib/openzeppelin-contracts/scripts/release/synchronize-versions.js +15 -0
  554. package/lib/openzeppelin-contracts/scripts/release/update-comment.js +34 -0
  555. package/lib/openzeppelin-contracts/scripts/release/version.sh +11 -0
  556. package/lib/openzeppelin-contracts/scripts/release/workflow/exit-prerelease.sh +8 -0
  557. package/lib/openzeppelin-contracts/scripts/release/workflow/github-release.js +48 -0
  558. package/lib/openzeppelin-contracts/scripts/release/workflow/integrity-check.sh +20 -0
  559. package/lib/openzeppelin-contracts/scripts/release/workflow/pack.sh +26 -0
  560. package/lib/openzeppelin-contracts/scripts/release/workflow/publish.sh +26 -0
  561. package/lib/openzeppelin-contracts/scripts/release/workflow/rerun.js +7 -0
  562. package/lib/openzeppelin-contracts/scripts/release/workflow/set-changesets-pr-title.js +17 -0
  563. package/lib/openzeppelin-contracts/scripts/release/workflow/start.sh +35 -0
  564. package/lib/openzeppelin-contracts/scripts/release/workflow/state.js +112 -0
  565. package/lib/openzeppelin-contracts/scripts/remove-ignored-artifacts.js +45 -0
  566. package/lib/openzeppelin-contracts/scripts/solhint-custom/index.js +84 -0
  567. package/lib/openzeppelin-contracts/scripts/solhint-custom/package.json +5 -0
  568. package/lib/openzeppelin-contracts/scripts/update-docs-branch.js +65 -0
  569. package/lib/openzeppelin-contracts/scripts/upgradeable/README.md +21 -0
  570. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-apply.sh +19 -0
  571. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-save.sh +18 -0
  572. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile-onto.sh +54 -0
  573. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile.sh +47 -0
  574. package/lib/openzeppelin-contracts/scripts/upgradeable/upgradeable.patch +360 -0
  575. package/lib/openzeppelin-contracts/slither.config.json +5 -0
  576. package/lib/openzeppelin-contracts/solhint.config.js +20 -0
  577. package/mythril-lft-output.txt +1 -0
  578. package/mythril-lft-symbolic.txt +18 -0
  579. package/mythril-lft.sh +20 -0
  580. package/mythril-symbolic-output.txt +1 -0
  581. package/mythril-symbolic.sh +42 -0
  582. package/out/build-info/0026b78428192979.json +1 -0
  583. package/out/build-info/03c4fc3b88486eba.json +1 -0
  584. package/out/build-info/0540afa9b9a5c5a6.json +1 -0
  585. package/out/build-info/081932f505bc08b9.json +1 -0
  586. package/out/build-info/0da104ba0d6642d5.json +1 -0
  587. package/out/build-info/197281971dbb5f23.json +1 -0
  588. package/out/build-info/197e7e332832a232.json +1 -0
  589. package/out/build-info/1a1cab9136eb5f94.json +1 -0
  590. package/out/build-info/1b320204eb162aa2.json +1 -0
  591. package/out/build-info/1e03f94398052674.json +1 -0
  592. package/out/build-info/22ac085949602937.json +1 -0
  593. package/out/build-info/234ef37453a9fa64.json +1 -0
  594. package/out/build-info/2447db7b1878fa8e.json +1 -0
  595. package/out/build-info/25568daeb484f5ff.json +1 -0
  596. package/out/build-info/27465853244c49ce.json +1 -0
  597. package/out/build-info/2c57a9e0f087453b.json +1 -0
  598. package/out/build-info/3c62ae7de8da68c4.json +1 -0
  599. package/out/build-info/3e771ae109e97bb3.json +1 -0
  600. package/out/build-info/460499bc0a3465c4.json +1 -0
  601. package/out/build-info/47ce37e50a4f115e.json +1 -0
  602. package/out/build-info/4fcce5c63cf427d6.json +1 -0
  603. package/out/build-info/4fd0a53fe63fddbb.json +1 -0
  604. package/out/build-info/50f1247db9d769cc.json +1 -0
  605. package/out/build-info/5317d0181a7a5e02.json +1 -0
  606. package/out/build-info/594df509275ceb5b.json +1 -0
  607. package/out/build-info/61983ac3f6141719.json +1 -0
  608. package/out/build-info/638c4548307122fe.json +1 -0
  609. package/out/build-info/67c2c43bdb7c0ded.json +1 -0
  610. package/out/build-info/777f42643aad37b7.json +1 -0
  611. package/out/build-info/7d7856f19e845354.json +1 -0
  612. package/out/build-info/83976260b6f71e94.json +1 -0
  613. package/out/build-info/83c23882000b963d.json +1 -0
  614. package/out/build-info/84b2cce8f70b36be.json +1 -0
  615. package/out/build-info/8bc13d31d7c3206a.json +1 -0
  616. package/out/build-info/8e183bd4d9d8cf88.json +1 -0
  617. package/out/build-info/94bfe1e7cafa8ff5.json +1 -0
  618. package/out/build-info/99ec7d5e8d8ff360.json +1 -0
  619. package/out/build-info/9ac044b29daa7d5e.json +1 -0
  620. package/out/build-info/9b203227ff5d2e63.json +1 -0
  621. package/out/build-info/9d18c5872c4282dd.json +1 -0
  622. package/out/build-info/9f77f04f33baf9a3.json +1 -0
  623. package/out/build-info/a6e1caf974787982.json +1 -0
  624. package/out/build-info/a94b6348867a62d6.json +1 -0
  625. package/out/build-info/ad93721947a8b195.json +1 -0
  626. package/out/build-info/b42daddb5aa4b19f.json +1 -0
  627. package/out/build-info/bf13512ae899f7e8.json +1 -0
  628. package/out/build-info/c39f86c20a548c4a.json +1 -0
  629. package/out/build-info/cb12bb975a2f4e65.json +1 -0
  630. package/out/build-info/d0c6788fadc2aa60.json +1 -0
  631. package/out/build-info/d2726bf94ed5b845.json +1 -0
  632. package/out/build-info/d4eb00da50cce5cb.json +1 -0
  633. package/out/build-info/db931924a3bc8bdd.json +1 -0
  634. package/out/build-info/e1a503d49bc77401.json +1 -0
  635. package/out/build-info/efe5396f8892ce77.json +1 -0
  636. package/out/build-info/f536d90ced745969.json +1 -0
  637. package/out/build-info/fed38823c7019b82.json +1 -0
  638. package/package.json +51 -0
  639. package/page.html +5384 -0
  640. package/pancakeswap-simple-tvl.sql +15 -0
  641. package/pancakeswap-top-pools.sql +29 -0
  642. package/pancakeswap-tvl-optimized.sql +57 -0
  643. package/pancakeswap-tvl-query.sql +60 -0
  644. package/pancakeswap-underflow-hunting.sql +51 -0
  645. package/pancakeswap-vulnerability-queries.sql +200 -0
  646. package/posi_page.html +6369 -0
  647. package/posi_response.json +29 -0
  648. package/proxy_page.html +500 -0
  649. package/run_mythril_elephant.sh +18 -0
  650. package/sHEGIC-bytecode.bin +6 -0
  651. package/sHEGIC-mythril-analysis.txt +1 -0
  652. package/sHEGIC-mythril-full.txt +134 -0
  653. package/sHEGIC_ANALYSIS.md +135 -0
  654. package/sHEGIC_EXPLOIT_ANALYSIS.md +317 -0
  655. package/sHEGIC_MYTHRIL_ANALYSIS.md +361 -0
  656. package/scrape-snowcrash.js +28 -0
  657. package/scripts/yooshi_drain.sh +154 -0
  658. package/shi_raw.json +1 -0
  659. package/temp.json +1 -0
  660. package/temp_harvest.json +1 -0
  661. package/temp_pika.json +1 -0
  662. package/temp_posi.json +1 -0
  663. package/temp_response.json +1 -0
  664. package/test-lft-hidden-balance.js +108 -0
  665. package/test-xfi-exploit.js +140 -0
  666. package/trunk-liquidity-rescue.js +164 -0
  667. package/vBABY_page.html +6153 -0
  668. package/vBABY_response.json +29 -0
  669. package/wsg_response.json +1 -0
  670. package/yooldo_page.html +10371 -0
package/OILER_STAKING_MAINNET_ANALYSIS.md ADDED
@@ -0,0 +1,366 @@
1
+ # Oiler Staking Contract - Mainnet Fork Analysis
2
+
3
+ **Date**: March 27, 2026
4
+ **Block**: 24,745,510
5
+ **Staking Contract**: 0xe546F8f17aff17C05dac9F9b4F9957f725fab087
6
+ **OIL Token**: 0x0275E1001e293C46CFe158B3702AADe0B99f88a5
7
+
8
+ ---
9
+
10
+ ## Executive Summary
11
+
12
+ Tested the actual Oiler staking contract on Ethereum mainnet using Foundry fork tests. The contract holds **138,287 OIL** (worth ~$276K at $2/OIL).
13
+
14
+ **Key Findings**:
15
+ - ✅ No dangerous approvals found
16
+ - ⚠️ Cannot determine reentrancy protection (non-standard implementation)
17
+ - ⚠️ Contract functions not publicly documented
18
+ - ❌ Unable to test cross-function reentrancy (function signatures unknown)
19
+
20
+ ---
21
+
22
+ ## Test Results
23
+
24
+ ### Test 1: Contract State Check
25
+
26
+ ```
27
+ OIL in staking: 138,287 OIL
28
+ Value at risk: $276,574 (assuming $2/OIL)
29
+ LP tokens in staking: 0 LP
30
+ Contract code size: 7,659 bytes
31
+ Status: Contract is deployed ✓
32
+ ```
33
+
34
+ ### Test 2: Function Probing
35
+
36
+ Attempted to call common staking functions:
37
+ - `stake(uint256)` - Not found
38
+ - `withdraw(uint256)` - Not found
39
+ - `withdraw()` - Not found
40
+ - `unstake(uint256)` - Not found
41
+ - `getReward()` - Not found
42
+ - `claimRewards()` - Not found
43
+ - `earned(address)` - Not found
44
+ - `balanceOf(address)` - Not found
45
+ - `exit()` - Not found
46
+ - `stakingToken()` - Not found
47
+
48
+ **Result**: Contract uses non-standard function signatures or is not a typical staking contract.
49
+
50
+ ### Test 3: Proxy Check
51
+
52
+ ```
53
+ EIP-1967 Proxy Check: Not a proxy
54
+ Result: Direct implementation (not upgradeable proxy)
55
+ ```
56
+
57
+ ### Test 4: Cross-Function Reentrancy Attack
58
+
59
+ ```
60
+ Attack Status: FAILED
61
+ Reason: Failed to stake (function signature mismatch)
62
+ ```
63
+
64
+ **Analysis**: Cannot test reentrancy without knowing the correct function signatures. The contract may:
65
+ 1. Use non-standard function names
66
+ 2. Have access control preventing external calls
67
+ 3. Be a different type of contract (not traditional staking)
68
+
69
+ ### Test 5: Direct Reentrancy Check
70
+
71
+ ```
72
+ Checking OIL approvals from staking contract:
73
+ - Uniswap V2 Router: 0 OIL ✓
74
+ - Uniswap V3 Router: 0 OIL ✓
75
+ - SushiSwap Router: 0 OIL ✓
76
+
77
+ Result: No dangerous approvals found ✓
78
+ ```
79
+
80
+ **Conclusion**: Staking contract is safe from approval-based reentrancy attacks.
81
+
82
+ ### Test 6: Reentrancy Protection Check
83
+
84
+ ```
85
+ Storage slot 0: 0
86
+ Result: May not use standard OpenZeppelin ReentrancyGuard
87
+ ```
88
+
89
+ **Analysis**:
90
+ - OpenZeppelin ReentrancyGuard stores status in slot 0 (value = 1 when not entered)
91
+ - This contract has 0 in slot 0
92
+ - Either:
93
+ - Uses different reentrancy protection mechanism
94
+ - Uses different storage layout
95
+ - No reentrancy protection
96
+
97
+ ---
98
+
99
+ ## Vulnerability Assessment
100
+
101
+ ### Direct Reentrancy via transferAndCall
102
+
103
+ **Status**: ✅ NOT VULNERABLE
104
+ **Reason**: No approvals from staking contract to external contracts
105
+ **Risk Level**: LOW
106
+
107
+ The staking contract has not approved any external contracts to spend its OIL tokens. This means even if OIL token has `transferAndCall` reentrancy vulnerability, it cannot be exploited through the staking contract's approvals.
108
+
109
+ ### Cross-Function Reentrancy
110
+
111
+ **Status**: ⚠️ UNKNOWN
112
+ **Reason**: Cannot test without knowing function signatures
113
+ **Risk Level**: MEDIUM (pending verification)
114
+
115
+ **What we know**:
116
+ - Contract holds 138,287 OIL
117
+ - Contract has 7,659 bytes of code (substantial implementation)
118
+ - No standard staking functions found
119
+
120
+ **What we don't know**:
121
+ - Actual function signatures
122
+ - Whether withdraw() updates state before external calls
123
+ - Whether contract has reentrancy guards
124
+ - Whether contract uses transferAndCall or regular transfer
125
+
126
+ **To determine vulnerability**, need to:
127
+ 1. Get verified source code from Etherscan
128
+ 2. Identify actual function signatures
129
+ 3. Analyze withdraw/claim flow
130
+ 4. Check for CEI pattern violations
131
+
132
+ ---
133
+
134
+ ## Comparison with Theoretical Attack
135
+
136
+ ### Theoretical Attack (from documentation)
137
+
138
+ ```solidity
139
+ function withdraw() external {
140
+ uint256 amount = stakes[msg.sender];
141
+
142
+ // ❌ VULNERABLE: External call before state update
143
+ oil.transfer(msg.sender, amount);
144
+
145
+ stakes[msg.sender] = 0; // Too late!
146
+ }
147
+ ```
148
+
149
+ ### Actual Contract
150
+
151
+ ```
152
+ Cannot verify - source code not accessible via standard function calls
153
+ Need Etherscan verification or contract decompilation
154
+ ```
155
+
156
+ ---
157
+
158
+ ## Economic Impact
159
+
160
+ ### Current Risk Exposure
161
+
162
+ **Direct Risk**:
163
+ - OIL in staking: 138,287 OIL
164
+ - Current price: ~$2/OIL (estimated)
165
+ - Value at risk: ~$276,574
166
+
167
+ **Indirect Risk**:
168
+ - User stakes: Unknown
169
+ - Pending rewards: Unknown
170
+ - Total TVL: Unknown
171
+
172
+ ### Exploitation Scenarios
173
+
174
+ **Scenario 1: Cross-Function Reentrancy (IF VULNERABLE)**
175
+ ```
176
+ Prerequisites:
177
+ - Staking contract has withdraw() function
178
+ - withdraw() calls oil.transfer() or oil.transferAndCall()
179
+ - withdraw() updates state AFTER external call
180
+ - No reentrancy guard
181
+
182
+ Attack:
183
+ 1. Attacker stakes 1,000 OIL
184
+ 2. Calls withdraw()
185
+ 3. During transfer callback, calls claimRewards()
186
+ 4. Rewards calculated on stale stake (still shows 1,000)
187
+ 5. Receives rewards for withdrawn stake
188
+
189
+ Potential Loss: Rewards pool (unknown amount)
190
+ ```
191
+
192
+ **Scenario 2: Direct Reentrancy (CONFIRMED NOT VULNERABLE)**
193
+ ```
194
+ Prerequisites:
195
+ - Staking contract approves external contracts
196
+ - OIL token has transferAndCall reentrancy
197
+
198
+ Status: NOT VULNERABLE ✓
199
+ Reason: No approvals found
200
+ ```
201
+
202
+ ---
203
+
204
+ ## Recommendations
205
+
206
+ ### Immediate Actions
207
+
208
+ 1. **Verify Contract Source Code**
209
+ - Check Etherscan for verified source
210
+ - If not verified, request verification from team
211
+ - Analyze actual implementation
212
+
213
+ 2. **Identify Function Signatures**
214
+ - Use contract decompiler if source not available
215
+ - Test with actual user transactions
216
+ - Document all public functions
217
+
218
+ 3. **Test Actual Withdraw Flow**
219
+ - Find real user with staked tokens
220
+ - Simulate withdraw transaction
221
+ - Check execution order (state updates vs external calls)
222
+
223
+ ### Security Audit Checklist
224
+
225
+ - [ ] Get verified source code
226
+ - [ ] Identify all public functions
227
+ - [ ] Check withdraw() implementation
228
+ - [ ] Verify CEI pattern compliance
229
+ - [ ] Confirm reentrancy guard presence
230
+ - [ ] Test with actual user scenarios
231
+ - [ ] Review all external calls
232
+ - [ ] Check state update ordering
233
+
234
+ ### If Vulnerable
235
+
236
+ **Mitigation Options**:
237
+
238
+ 1. **Add Reentrancy Guard**
239
+ ```solidity
240
+ function withdraw() external nonReentrant {
241
+ // Implementation
242
+ }
243
+ ```
244
+
245
+ 2. **Follow CEI Pattern**
246
+ ```solidity
247
+ function withdraw() external {
248
+ uint256 amount = stakes[msg.sender];
249
+ stakes[msg.sender] = 0; // Update first
250
+ oil.transfer(msg.sender, amount); // External call last
251
+ }
252
+ ```
253
+
254
+ 3. **Emergency Pause**
255
+ - Implement pause mechanism
256
+ - Pause withdrawals if vulnerability confirmed
257
+ - Migrate to secure contract
258
+
259
+ ---
260
+
261
+ ## Technical Details
262
+
263
+ ### Contract Information
264
+
265
+ ```
266
+ Address: 0xe546F8f17aff17C05dac9F9b4F9957f725fab087
267
+ Chain: Ethereum Mainnet
268
+ Code Size: 7,659 bytes
269
+ Proxy: No (direct implementation)
270
+ Verified: Unknown (need to check Etherscan)
271
+ ```
272
+
273
+ ### Storage Analysis
274
+
275
+ ```
276
+ Slot 0: 0x0000000000000000000000000000000000000000000000000000000000000000
277
+ - Not standard ReentrancyGuard pattern
278
+ - May use custom storage layout
279
+ ```
280
+
281
+ ### Token Holdings
282
+
283
+ ```
284
+ OIL Token: 138,287.000000000000000000 OIL
285
+ LP Tokens: 0.000000000000000000 LP
286
+ Other Tokens: Not checked
287
+ ```
288
+
289
+ ### Approvals
290
+
291
+ ```
292
+ Uniswap V2 Router (0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D): 0 OIL ✓
293
+ Uniswap V3 Router (0xE592427A0AEce92De3Edee1F18E0157C05861564): 0 OIL ✓
294
+ SushiSwap Router (0xd9e1cE17f2641f24aE83637ab66a2cca9C378B9F): 0 OIL ✓
295
+ ```
296
+
297
+ ---
298
+
299
+ ## Test Files
300
+
301
+ 1. **test/OilerStakingMainnetFork.t.sol** - Initial fork tests
302
+ 2. **test/OilerStakingRealTest.t.sol** - Comprehensive analysis
303
+ 3. **OILER_STAKING_MAINNET_ANALYSIS.md** - This document
304
+
305
+ ### Running Tests
306
+
307
+ ```bash
308
+ # Run all mainnet fork tests
309
+ forge test --match-contract OilerStakingMainnetFork -vv
310
+
311
+ # Run comprehensive analysis
312
+ forge test --match-contract OilerStakingRealTest -vv
313
+
314
+ # Run specific test
315
+ forge test --match-test testComprehensiveAnalysis -vv
316
+ ```
317
+
318
+ ---
319
+
320
+ ## Conclusion
321
+
322
+ ### What We Confirmed
323
+
324
+ ✅ Staking contract exists and holds 138,287 OIL
325
+ ✅ No dangerous approvals to external contracts
326
+ ✅ Not vulnerable to approval-based reentrancy
327
+ ✅ Contract is not a proxy (direct implementation)
328
+
329
+ ### What We Cannot Confirm
330
+
331
+ ⚠️ Whether contract has reentrancy protection
332
+ ⚠️ Whether withdraw() follows CEI pattern
333
+ ⚠️ Actual function signatures and interfaces
334
+ ⚠️ Cross-function reentrancy vulnerability status
335
+
336
+ ### Overall Risk Assessment
337
+
338
+ **Current Status**: MEDIUM RISK (pending verification)
339
+
340
+ **Reasoning**:
341
+ - 138,287 OIL at risk (~$276K)
342
+ - Cannot confirm reentrancy protection
343
+ - Contract implementation unknown
344
+ - No approvals found (reduces risk)
345
+
346
+ **Next Steps**:
347
+ 1. Get verified source code from Etherscan
348
+ 2. Analyze actual implementation
349
+ 3. Test with real user transactions
350
+ 4. Confirm or rule out reentrancy vulnerability
351
+
352
+ **Urgency**: HIGH - Need source code verification to complete audit
353
+
354
+ ---
355
+
356
+ ## References
357
+
358
+ - [Oiler Token Contract](https://etherscan.io/address/0x0275E1001e293C46CFe158B3702AADe0B99f88a5)
359
+ - [Staking Contract](https://etherscan.io/address/0xe546F8f17aff17C05dac9F9b4F9957f725fab087)
360
+ - [BlockSec Knowledge Base](BLOCKSEC_ATTACK_KNOWLEDGE_BASE.md)
361
+ - [Oiler Reentrancy Explanation](OILER_REENTRANCY_EXPLAINED.md)
362
+
363
+ **Last Updated**: March 27, 2026
364
+ **Test Framework**: Foundry
365
+ **Fork Block**: 24,745,510
366
+ **Status**: Partial analysis complete, awaiting source code verification