npm - uups-checker - Versions diffs - 1.0.0 - Mend

uups-checker 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (670) hide show

package/.gitmodules +6 -0
package/AIFI_AUDIT.md +220 -0
package/ALL_AUDITS_SUMMARY.md +366 -0
package/ALPHA_PROXY_CRITICAL_FINDING.md +136 -0
package/ALPHA_PROXY_FINAL_ANALYSIS.md +213 -0
package/ALPHA_PROXY_FINAL_VERDICT.md +233 -0
package/ALPHA_PROXY_SELFDESTRUCT_EXPLOIT.md +161 -0
package/ARIA-foundry-test.txt +9 -0
package/ARIA-mythril-analysis.txt +20 -0
package/ARIA-slither-analysis.txt +38 -0
package/ARIA_AI_SECURITY_AUDIT.md +290 -0
package/ARIA_VERIFIED_AUDIT.md +259 -0
package/ARIA_VERIFIED_slither.txt +76 -0
package/ARIVA_source.txt +1 -0
package/ARK_AUDIT.md +349 -0
package/BANANA_AUDIT.md +365 -0
package/BAS_AUDIT.md +451 -0
package/BAS_TOKEN_AUDIT.md +235 -0
package/BCE_EXPLOIT_ANALYSIS.md +165 -0
package/BEEFY_BNB_CHAIN_ANALYSIS.md +488 -0
package/BEEFY_MONAD_ANALYSIS.md +239 -0
package/BEEFY_STAKING_ANALYSIS.md +136 -0
package/BEEFY_XVS_WBNB_ACTUAL_FINDINGS.md +223 -0
package/BEEFY_XVS_WBNB_CRITICAL_FINDINGS.md +269 -0
package/BLOCKSEC_ATTACK_KNOWLEDGE_BASE.md +771 -0
package/BRISE_ANALYSIS.txt +31 -0
package/BRISE_BSC_DAPPS.txt +68 -0
package/BRISE_EXPLOITS_FOUND.md +98 -0
package/BRISE_REAL_EXPLOITS.md +115 -0
package/BRISE_WHITEHAT_REPORT.md +162 -0
package/BRISEstake_Analysis.txt +95 -0
package/BSCSLOCKTOKEN_CRITICAL_FINDING.md +240 -0
package/BSW_BISWAP_SECURITY_AUDIT.md +330 -0
package/BTCST_FINAL_VERDICT.md +319 -0
package/BTCST_MINING_REBASE_ANALYSIS.md +229 -0
package/BTCST_ROUNDING_DEEP_DIVE.md +293 -0
package/BTCST_ROUNDING_FINAL_VERDICT.md +9 -0
package/BTCST_SECURITY_ANALYSIS.md +391 -0
package/BTR_AUDIT.md +210 -0
package/BeamBridge-analysis.md +226 -0
package/BeamToken-analysis.md +201 -0
package/BitgertSwap_Investigation.txt +107 -0
package/CEEK_STAKING_ANALYSIS.md +0 -0
package/CHAINBASE_AUDIT.md +422 -0
package/COMPLETE_AUDIT_SUMMARY.md +342 -0
package/CORRECTED_ANALYSIS.txt +115 -0
package/DBXEN_COMPARISON_SUMMARY.md +232 -0
package/DBXEN_EXPLOIT_ANALYSIS.md +530 -0
package/DOPFairLaunch_raw.json +29 -0
package/DOPFairLaunch_source.txt +0 -0
package/DOP_BRIDGE_FINAL_ANALYSIS.txt +86 -0
package/DOP_BUSD_LP_ANALYSIS.txt +44 -0
package/DOP_FAIRLAUNCH_ANALYSIS.txt +61 -0
package/DOP_FAIRLAUNCH_FINAL_VERDICT.txt +113 -0
package/DOP_STAKING_CONTRACT_ANALYSIS.txt +67 -0
package/DSYNC_ECOSYSTEM_ANALYSIS.md +221 -0
package/DSyncStaking-exploit-analysis.md +153 -0
package/DSyncVault-analysis.md +120 -0
package/DUSD_PROXY_AUDIT.md +407 -0
package/DXSALE_LOCK_AUDIT.md +0 -0
package/DXSaleLock_bytecode.txt +1 -0
package/ECHIDNA_QUICK_START.md +101 -0
package/ELEPHANT_ECOSYSTEM_AUDIT_PLAN.md +159 -0
package/ELEPHANT_ECOSYSTEM_COMPREHENSIVE_AUDIT.md +427 -0
package/ELEPHANT_SECURITY_ANALYSIS.md +209 -0
package/ELEPHANT_VULNERABILITIES_EXPLAINED.md +455 -0
package/EXPLOIT_FIX.md +300 -0
package/EXPLOIT_INSTRUCTIONS.md +273 -0
package/EXPLOIT_SUMMARY.md +285 -0
package/EXPLOIT_SUMMARY.txt +175 -0
package/FALCON_FINANCE_AUDIT.md +258 -0
package/FANDOM_AUDIT.md +359 -0
package/FEE_ON_TRANSFER_ANALYSIS.md +228 -0
package/FINAL_AUDIT_REPORT.md +0 -0
package/FOLIO_PROXY_AUDIT.md +299 -0
package/FOT_EXPLOIT_RESULTS.txt +110 -0
package/FOT_TOKENS_AUDITED.md +103 -0
package/HEGIC-mythril-analysis.txt +39 -0
package/HEGIC_COMPLETE_ANALYSIS.md +343 -0
package/HOTCROSS_SWAP_EXPLOIT_ANALYSIS.md +123 -0
package/ICECREAMSWAP_EXPLOITS.md +259 -0
package/IMMUNEFI_REPORT.md +314 -0
package/KCCPAD_EXPLOIT_GUIDE.md +285 -0
package/KEL_CEL_EXPLOIT_ANALYSIS.md +0 -0
package/KOGE_AUDIT.md +328 -0
package/LENDFLARE_ANALYSIS.md +239 -0
package/LENDFLARE_ECHIDNA_GUIDE.md +356 -0
package/LENDFLARE_EXPLOIT_INSTRUCTIONS.md +297 -0
package/LENDFLARE_EXPLOIT_SUMMARY.md +292 -0
package/LENDFLARE_FLASHLOAN_GUIDE.md +383 -0
package/LENDFLARE_FUZZING_RESULTS.md +252 -0
package/LENDFLARE_HONEYPOT_BYPASS_ANALYSIS.md +420 -0
package/LENDFLARE_MANUAL_FUZZING.md +324 -0
package/LENDFLARE_MYTHRIL_ANALYSIS.md +339 -0
package/LENDFLARE_V3_BYPASS.md +296 -0
package/LFTDECOMPILE.txt +14478 -0
package/LFT_ACCOUNTING_ANALYSIS.md +0 -0
package/LFT_ACCOUNTING_BUG_ANALYSIS.md +426 -0
package/LFT_BACKDOOR_DEEP_DIVE.md +0 -0
package/LFT_CRITICAL_EXPLOIT_CONFIRMED.md +428 -0
package/LFT_EXPLOIT_VISUAL.md +253 -0
package/LFT_QUICK_SUMMARY.md +124 -0
package/LFT_REVERSE_EXPLOIT_ANALYSIS.md +521 -0
package/MGO_AUDIT_REPORT.md +420 -0
package/MYTHRIL_FINAL_REPORT.md +306 -0
package/MYTHRIL_SLITHER_SUMMARY.md +244 -0
package/NETX_MIGRATION_AUDIT.md +0 -0
package/NPM_PUBLISH_GUIDE.md +0 -0
package/NRV_CRITICAL_EXPLOIT.txt +143 -0
package/NetX_Analysis.txt +76 -0
package/NetX_Migration_bytecode.txt +1 -0
package/NetX_Migration_source.txt +0 -0
package/NetX_Token_source.txt +0 -0
package/NetxWhitehatRescue +22 -0
package/OILER_ATTACK_VISUAL.md +351 -0
package/OILER_BLOCKSEC_TEST_RESULTS.md +421 -0
package/OILER_DEEP_ANALYSIS.md +212 -0
package/OILER_FINAL_EXPLOIT_REPORT.md +241 -0
package/OILER_FINAL_VERDICT.md +339 -0
package/OILER_REENTRANCY_EXPLAINED.md +638 -0
package/OILER_REENTRANCY_FINAL_SUMMARY.md +391 -0
package/OILER_REENTRANCY_REALITY_CHECK.md +393 -0
package/OILER_REENTRANCY_STEP_BY_STEP.md +597 -0
package/OILER_STAKING_MAINNET_ANALYSIS.md +366 -0
package/OILER_STAKING_SECURITY_ANALYSIS.md +409 -0
package/PANCAKESWAP_UNDERFLOW_HUNTING.md +317 -0
package/POLS_MULTICHAIN_AUDIT.md +0 -0
package/POSI_STAKING_AUDIT.md +0 -0
package/PROXY2_SECURITY_ANALYSIS.md +0 -0
package/Proxy2TACS +29748 -0
package/QUICK_START.md +240 -0
package/RAMP_SECURITY_ANALYSIS.md +0 -0
package/README.md +238 -0
package/REAUDIT_MASTER_LIST.txt +15 -0
package/RING_analysis.txt +212 -0
package/RPC +4 -0
package/RULES.txt +20 -0
package/SIREN_AUDIT.md +186 -0
package/SYNC_EXPLOIT_README.md +0 -0
package/SYNC_TOKEN_EXPLOIT_REPORT.md +224 -0
package/TLM_raw.html +0 -0
package/TLM_raw.txt +0 -0
package/TLM_response.json +1 -0
package/TRADOOR_AUDIT.md +253 -0
package/TRUNK_AUDIT.md +285 -0
package/UNIBASE_AUDIT.md +241 -0
package/UNLOCK_ANALYSIS.md +0 -0
package/UNLOCK_EXPLOIT.md +49 -0
package/UNLOCK_EXPLOIT_ANALYSIS.md +0 -0
package/UPS +232 -0
package/UUPSCHECKER +208 -0
package/VAULT_PROXY_AUDIT.md +457 -0
package/VAULT_PROXY_FINAL_VERDICT.md +0 -0
package/VERIFIED_EXPLOITS_FINAL.txt +146 -0
package/WKEYDAO2_AUDIT.md +245 -0
package/WSG_AUDIT.md +0 -0
package/XFI_DEEP_ANALYSIS.md +327 -0
package/YOOSHI_EXPLOIT_GUIDE.md +119 -0
package/YSDAO_EXPLOIT_GUIDE.md +0 -0
package/agent-4-bundle.md +22490 -0
package/alpha-proxy-echidna.txt +1 -0
package/alpha-proxy-fuzz-results.txt +81 -0
package/alpha-proxy-mythril.txt +2 -0
package/analyze-btcst-farm.js +54 -0
package/analyze-dxsale-lock.js +75 -0
package/analyze-elephant.js +69 -0
package/analyze-fara-rewards.js +109 -0
package/analyze-fara-storage.js +83 -0
package/analyze-lft-transaction.js +158 -0
package/analyze-lock-bytecode.js +59 -0
package/analyze-shegic.js +0 -0
package/analyze-staking-abi.js +0 -0
package/analyze-sxp.js +57 -0
package/analyze-tlm.js +76 -0
package/analyze-trumpet.js +98 -0
package/analyze-unlimited-nft.js +108 -0
package/analyze_elephant.sh +27 -0
package/analyze_vault.sh +32 -0
package/aria-bytecode.txt +1 -0
package/aria_response.json +1 -0
package/ark_temp/README.md +66 -0
package/ark_temp/lib/forge-std/.gitattributes +1 -0
package/ark_temp/lib/forge-std/.github/CODEOWNERS +1 -0
package/ark_temp/lib/forge-std/.github/dependabot.yml +6 -0
package/ark_temp/lib/forge-std/.github/workflows/ci.yml +125 -0
package/ark_temp/lib/forge-std/.github/workflows/sync.yml +36 -0
package/ark_temp/lib/forge-std/CONTRIBUTING.md +193 -0
package/ark_temp/lib/forge-std/LICENSE-APACHE +203 -0
package/ark_temp/lib/forge-std/LICENSE-MIT +25 -0
package/ark_temp/lib/forge-std/README.md +314 -0
package/ark_temp/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
package/ark_temp/lib/forge-std/package.json +16 -0
package/ark_temp/lib/forge-std/scripts/vm.py +636 -0
package/audits/AiFi-security-audit-20260326.md +499 -0
package/audits/BasedAI-Brains-security-audit-20260324.md +651 -0
package/audits/BinanceAlphaWallet-pashov-ai-audit-report-20260324-170000.md +362 -0
package/audits/DGToken-security-audit-20260324.md +376 -0
package/audits/DSyncStaking-audit-part1.md +161 -0
package/audits/DSyncStaking-security-audit-20260324.md +547 -0
package/audits/DecompiledERC20-security-audit-20260325.md +397 -0
package/audits/DegenVC-security-audit-20260324.md +585 -0
package/audits/DelreyInu-security-audit-20260324.md +463 -0
package/audits/DestraNetwork-security-audit-20260324.md +705 -0
package/audits/DomiToken-security-audit-20260324.md +514 -0
package/audits/LendFlareToken-security-audit-20260325.md +197 -0
package/audits/LockReleaseTokenPool-security-audit-20260324.md +482 -0
package/audits/MOG-pashov-ai-audit-report-20260324-164900.md +229 -0
package/audits/PAALAI-security-audit-20260324.md +475 -0
package/audits/PAR-security-audit-20260325.md +311 -0
package/audits/PepeCoinStaking-security-audit-20260324.md +358 -0
package/audits/StakingPool-security-audit-20260324.md +517 -0
package/audits/SyncToken-security-audit-20260324.md +778 -0
package/audits/UndeadToken-decompiled-security-audit-20260324.md +485 -0
package/audits/UnknownToken-decompiled-security-audit-20260324.md +647 -0
package/audits/XFIStaking-security-audit-20260324.md +682 -0
package/audits/Xfinance-security-audit-20260324.md +463 -0
package/audits/basedAIFarm-security-audit-20260324.md +330 -0
package/audits/pepeCoin-security-audit-20260324.md +462 -0
package/bin/ups +232 -0
package/binance-wallet-exploit/.env.example +2 -0
package/binance-wallet-exploit/EXECUTIVE_SUMMARY.md +272 -0
package/binance-wallet-exploit/EXPLOIT_SUMMARY.md +104 -0
package/binance-wallet-exploit/FINAL_ANALYSIS.md +326 -0
package/binance-wallet-exploit/FLASHLOAN_ATTACK.md +292 -0
package/binance-wallet-exploit/HONEYPOT_REPORT.md +526 -0
package/binance-wallet-exploit/INVESTIGATION_COMPLETE.md +362 -0
package/binance-wallet-exploit/LENDFLARE_EXPLOIT.md +219 -0
package/binance-wallet-exploit/LENDFLARE_FINAL_ATTACK.md +307 -0
package/binance-wallet-exploit/LENDFLARE_REAL_EXPLOIT.md +286 -0
package/binance-wallet-exploit/LENDFLARE_RUGPULL.md +269 -0
package/binance-wallet-exploit/LFT_ANALYSIS.md +206 -0
package/binance-wallet-exploit/QUICK_START.md +75 -0
package/binance-wallet-exploit/README.md +195 -0
package/binance-wallet-exploit/REAL_TX_EXPLOIT_ANALYSIS.md +271 -0
package/binance-wallet-exploit/REMIX_INSTRUCTIONS.md +223 -0
package/binance-wallet-exploit/TEST_RESULTS.md +203 -0
package/binance-wallet-exploit/cache/solidity-files-cache.json +1 -0
package/binance-wallet-exploit/cache/test-failures +1 -0
package/binance-wallet-exploit/lib/forge-std/.gitattributes +1 -0
package/binance-wallet-exploit/lib/forge-std/.github/CODEOWNERS +1 -0
package/binance-wallet-exploit/lib/forge-std/.github/dependabot.yml +6 -0
package/binance-wallet-exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
package/binance-wallet-exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
package/binance-wallet-exploit/lib/forge-std/CONTRIBUTING.md +193 -0
package/binance-wallet-exploit/lib/forge-std/LICENSE-APACHE +203 -0
package/binance-wallet-exploit/lib/forge-std/LICENSE-MIT +25 -0
package/binance-wallet-exploit/lib/forge-std/README.md +314 -0
package/binance-wallet-exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
package/binance-wallet-exploit/lib/forge-std/package.json +16 -0
package/binance-wallet-exploit/lib/forge-std/scripts/vm.py +636 -0
package/binance-wallet-exploit/out/build-info/1e9aa7e86cf56962.json +1 -0
package/binance-wallet-exploit/out/build-info/6f56f10e9d7b56eb.json +1 -0
package/binance-wallet-exploit/out/build-info/7edba961ff697a24.json +1 -0
package/binance-wallet-exploit/out/build-info/8c27fe3efea2f2e7.json +1 -0
package/binance-wallet-exploit/out/build-info/978b680daffec63a.json +1 -0
package/binance-wallet-exploit/out/build-info/9806b900b5672d0c.json +1 -0
package/binance-wallet-exploit/out/build-info/b4b9ff36e9b3fc27.json +1 -0
package/binance-wallet-exploit/out/build-info/b6f4df9ae05c0812.json +1 -0
package/binance-wallet-exploit/out/build-info/c88dbc86551f7b5c.json +1 -0
package/binance-wallet-exploit/out/build-info/e9657504010623db.json +1 -0
package/cache/fuzz/failures/ARIAVerifiedFuzzTest/testFuzz_ApprovalRaceCondition +1 -0
package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_DirectTransferExploit +1 -0
package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_LargeSwapDrain +1 -0
package/cache/fuzz/failures/LendFlareFuzz/testFuzz_ApprovalExploit +1 -0
package/cache/fuzz/failures/LendFlareFuzz/testFuzz_BalanceManipulation +1 -0
package/cache/fuzz/failures/LendFlareFuzz/testFuzz_RateManipulation +1 -0
package/cache/fuzz/failures/LendFlareFuzz/testFuzz_StorageManipulation +1 -0
package/cache/fuzz/failures/PARFuzzTest/testFuzz_OverflowTransfer +1 -0
package/cache/fuzz/failures/PARFuzzTest/testFuzz_Transfer +1 -0
package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_FrontrunAddfunds +1 -0
package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RewardOverflow +1 -0
package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RoundingExploit +1 -0
package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_WithdrawLimit +1 -0
package/cache/solidity-files-cache.json +1 -0
package/cache/test-failures +1 -0
package/calculate-elephant-flashloan.js +195 -0
package/check-address-approval.js +112 -0
package/check-alpha-proxy.js +42 -0
package/check-arbitrage.js +155 -0
package/check-aria-token.js +47 -0
package/check-ark.sh +20 -0
package/check-btcst-mining.js +75 -0
package/check-btcst-pools.js +163 -0
package/check-btcst.js +88 -0
package/check-caller.js +26 -0
package/check-ceek-lp.js +73 -0
package/check-ceek.js +47 -0
package/check-dxsale-address.js +35 -0
package/check-fara-exploit-timing.js +56 -0
package/check-fara-real-exploit.js +73 -0
package/check-flashloan-limits.js +129 -0
package/check-kel-cel-pool.js +91 -0
package/check-lax-staking.js +41 -0
package/check-lendflare.js +165 -0
package/check-lft-accounting.js +109 -0
package/check-lft-roles.js +165 -0
package/check-lock-time.js +47 -0
package/check-min-stake.js +73 -0
package/check-mystery-contract.js +52 -0
package/check-next-token.js +50 -0
package/check-nora-lock.js +67 -0
package/check-oiler-approvals.js +116 -0
package/check-oiler-proxy.js +73 -0
package/check-oiler-staking.js +117 -0
package/check-proxy-simple.js +71 -0
package/check-recent-stakes.js +54 -0
package/check-shegic-holdings.js +67 -0
package/check-snowcrash-ecosystem.js +83 -0
package/check-sync-lp.js +97 -0
package/check-sync-stake.js +42 -0
package/check-tlm.js +37 -0
package/check-token-pools.js +146 -0
package/check-trunk-depeg.js +181 -0
package/check-tusd-decimals.js +58 -0
package/check-user-storage-deep.js +81 -0
package/check-welephant-pools.js +130 -0
package/check-xfi-pool.js +75 -0
package/check-zypher.js +32 -0
package/check_proxy.sh +36 -0
package/compare-tlm-chains.js +90 -0
package/contract_0x05f2.html +6025 -0
package/contract_0x3720.html +6361 -0
package/contract_0x928e.html +5606 -0
package/contract_0xc42d.html +5304 -0
package/contract_page.html +5789 -0
package/decode-stake-tx.js +50 -0
package/deep-analyze-lock.js +82 -0
package/dune_uups_proxy_query.sql +42 -0
package/dune_uups_vulnerable_query.sql +0 -0
package/echidna/alpha-proxy.yaml +14 -0
package/echidna/elephant.yaml +7 -0
package/echidna/lendflare.yaml +42 -0
package/echidna.config.yaml +12 -0
package/elephant_raw.json +1 -0
package/eps_raw.json +1 -0
package/exploit/.github/workflows/test.yml +38 -0
package/exploit/.gitmodules +3 -0
package/exploit/README.md +66 -0
package/exploit/foundry.lock +8 -0
package/exploit/lib/forge-std/.gitattributes +1 -0
package/exploit/lib/forge-std/.github/CODEOWNERS +1 -0
package/exploit/lib/forge-std/.github/dependabot.yml +6 -0
package/exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
package/exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
package/exploit/lib/forge-std/CONTRIBUTING.md +193 -0
package/exploit/lib/forge-std/LICENSE-APACHE +203 -0
package/exploit/lib/forge-std/LICENSE-MIT +25 -0
package/exploit/lib/forge-std/README.md +314 -0
package/exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
package/exploit/lib/forge-std/package.json +16 -0
package/exploit/lib/forge-std/scripts/vm.py +636 -0
package/exploit_analysis.txt +51 -0
package/extract_contract.py +21 -0
package/extract_elephant_contracts.py +24 -0
package/fara-staking-bytecode.txt +1 -0
package/fara-staking-raw.txt +1 -0
package/fetch-aria.js +46 -0
package/fetch-contract.js +50 -0
package/fetch-shegic-source.js +86 -0
package/fetch-snowcrash.js +44 -0
package/fetch-staking-source.js +53 -0
package/fetch-tlm.js +60 -0
package/fetch_elephant_source.py +32 -0
package/find-ceek-staking.js +21 -0
package/find-exploit-tx.js +88 -0
package/find-oiler-holders.js +100 -0
package/find-tlm-holder.js +36 -0
package/find-vulnerable-fund.js +94 -0
package/foundry.lock +8 -0
package/fuzz-all.sh +53 -0
package/get-aria-contract.py +40 -0
package/get-lft-holders.js +89 -0
package/get-tlm-source.sh +8 -0
package/harvest_txs.json +1 -0
package/lft-bytecode-raw.txt +1 -0
package/lft-bytecode.json +1 -0
package/lft-impl.bin +1 -0
package/lft-implementation-bytecode.txt +1 -0
package/lib/forge-std/.gitattributes +1 -0
package/lib/forge-std/.github/CODEOWNERS +1 -0
package/lib/forge-std/.github/dependabot.yml +6 -0
package/lib/forge-std/.github/workflows/ci.yml +125 -0
package/lib/forge-std/.github/workflows/sync.yml +36 -0
package/lib/forge-std/CONTRIBUTING.md +193 -0
package/lib/forge-std/LICENSE-APACHE +203 -0
package/lib/forge-std/LICENSE-MIT +25 -0
package/lib/forge-std/README.md +314 -0
package/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
package/lib/forge-std/package.json +16 -0
package/lib/forge-std/scripts/vm.py +636 -0
package/lib/openzeppelin-contracts/.changeset/config.json +12 -0
package/lib/openzeppelin-contracts/.codecov.yml +12 -0
package/lib/openzeppelin-contracts/.editorconfig +21 -0
package/lib/openzeppelin-contracts/.eslintrc +20 -0
package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/config.yml +4 -0
package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/feature_request.md +14 -0
package/lib/openzeppelin-contracts/.github/PULL_REQUEST_TEMPLATE.md +20 -0
package/lib/openzeppelin-contracts/.github/actions/gas-compare/action.yml +49 -0
package/lib/openzeppelin-contracts/.github/actions/setup/action.yml +21 -0
package/lib/openzeppelin-contracts/.github/actions/storage-layout/action.yml +55 -0
package/lib/openzeppelin-contracts/.github/workflows/actionlint.yml +18 -0
package/lib/openzeppelin-contracts/.github/workflows/changeset.yml +28 -0
package/lib/openzeppelin-contracts/.github/workflows/checks.yml +118 -0
package/lib/openzeppelin-contracts/.github/workflows/docs.yml +19 -0
package/lib/openzeppelin-contracts/.github/workflows/formal-verification.yml +68 -0
package/lib/openzeppelin-contracts/.github/workflows/release-cycle.yml +214 -0
package/lib/openzeppelin-contracts/.github/workflows/upgradeable.yml +34 -0
package/lib/openzeppelin-contracts/.gitmodules +7 -0
package/lib/openzeppelin-contracts/.mocharc.js +4 -0
package/lib/openzeppelin-contracts/.prettierrc +15 -0
package/lib/openzeppelin-contracts/.solcover.js +13 -0
package/lib/openzeppelin-contracts/CHANGELOG.md +972 -0
package/lib/openzeppelin-contracts/CODE_OF_CONDUCT.md +73 -0
package/lib/openzeppelin-contracts/CONTRIBUTING.md +36 -0
package/lib/openzeppelin-contracts/GUIDELINES.md +148 -0
package/lib/openzeppelin-contracts/LICENSE +22 -0
package/lib/openzeppelin-contracts/README.md +107 -0
package/lib/openzeppelin-contracts/RELEASING.md +45 -0
package/lib/openzeppelin-contracts/SECURITY.md +42 -0
package/lib/openzeppelin-contracts/audits/2017-03.md +292 -0
package/lib/openzeppelin-contracts/audits/2018-10.pdf +0 -0
package/lib/openzeppelin-contracts/audits/2022-10-Checkpoints.pdf +0 -0
package/lib/openzeppelin-contracts/audits/2022-10-ERC4626.pdf +0 -0
package/lib/openzeppelin-contracts/audits/2023-05-v4.9.pdf +0 -0
package/lib/openzeppelin-contracts/audits/2023-10-v5.0.pdf +0 -0
package/lib/openzeppelin-contracts/audits/README.md +17 -0
package/lib/openzeppelin-contracts/certora/Makefile +54 -0
package/lib/openzeppelin-contracts/certora/README.md +60 -0
package/lib/openzeppelin-contracts/certora/diff/access_manager_AccessManager.sol.patch +97 -0
package/lib/openzeppelin-contracts/certora/reports/2021-10.pdf +0 -0
package/lib/openzeppelin-contracts/certora/reports/2022-03.pdf +0 -0
package/lib/openzeppelin-contracts/certora/reports/2022-05.pdf +0 -0
package/lib/openzeppelin-contracts/certora/run.js +160 -0
package/lib/openzeppelin-contracts/certora/specs/AccessControl.spec +119 -0
package/lib/openzeppelin-contracts/certora/specs/AccessControlDefaultAdminRules.spec +464 -0
package/lib/openzeppelin-contracts/certora/specs/DoubleEndedQueue.spec +300 -0
package/lib/openzeppelin-contracts/certora/specs/ERC20.spec +352 -0
package/lib/openzeppelin-contracts/certora/specs/ERC20FlashMint.spec +55 -0
package/lib/openzeppelin-contracts/certora/specs/ERC20Wrapper.spec +198 -0
package/lib/openzeppelin-contracts/certora/specs/ERC721.spec +679 -0
package/lib/openzeppelin-contracts/certora/specs/EnumerableMap.spec +333 -0
package/lib/openzeppelin-contracts/certora/specs/EnumerableSet.spec +246 -0
package/lib/openzeppelin-contracts/certora/specs/Initializable.spec +165 -0
package/lib/openzeppelin-contracts/certora/specs/Ownable.spec +77 -0
package/lib/openzeppelin-contracts/certora/specs/Ownable2Step.spec +108 -0
package/lib/openzeppelin-contracts/certora/specs/Pausable.spec +96 -0
package/lib/openzeppelin-contracts/certora/specs/TimelockController.spec +274 -0
package/lib/openzeppelin-contracts/certora/specs/helpers/helpers.spec +7 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControl.spec +8 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControlDefaultAdminRules.spec +36 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC20.spec +11 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC2612.spec +5 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashBorrower.spec +3 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashLender.spec +5 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC5313.spec +3 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC721.spec +17 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IERC721Receiver.spec +3 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable.spec +5 -0
package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable2Step.spec +7 -0
package/lib/openzeppelin-contracts/certora/specs.json +86 -0
package/lib/openzeppelin-contracts/contracts/access/README.adoc +43 -0
package/lib/openzeppelin-contracts/contracts/finance/README.adoc +14 -0
package/lib/openzeppelin-contracts/contracts/governance/README.adoc +167 -0
package/lib/openzeppelin-contracts/contracts/interfaces/README.adoc +82 -0
package/lib/openzeppelin-contracts/contracts/metatx/README.adoc +12 -0
package/lib/openzeppelin-contracts/contracts/package.json +32 -0
package/lib/openzeppelin-contracts/contracts/proxy/README.adoc +87 -0
package/lib/openzeppelin-contracts/contracts/token/ERC1155/README.adoc +41 -0
package/lib/openzeppelin-contracts/contracts/token/ERC20/README.adoc +67 -0
package/lib/openzeppelin-contracts/contracts/token/ERC721/README.adoc +67 -0
package/lib/openzeppelin-contracts/contracts/token/common/README.adoc +10 -0
package/lib/openzeppelin-contracts/contracts/utils/README.adoc +88 -0
package/lib/openzeppelin-contracts/contracts/vendor/compound/LICENSE +11 -0
package/lib/openzeppelin-contracts/docs/README.md +16 -0
package/lib/openzeppelin-contracts/docs/antora.yml +7 -0
package/lib/openzeppelin-contracts/docs/config.js +21 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3a.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3b.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-6.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-deposit.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-mint.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-linear.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglog.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglogext.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-exec.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-vote.png +0 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/nav.adoc +23 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/access-control.adoc +204 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/backwards-compatibility.adoc +48 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/crowdsales.adoc +11 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/drafts.adoc +19 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc1155.adoc +145 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20-supply.adoc +71 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20.adoc +77 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc4626.adoc +214 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc721.adoc +79 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/extending-contracts.adoc +77 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/faq.adoc +13 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/governance.adoc +240 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/index.adoc +79 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/tokens.adoc +31 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/upgradeable.adoc +77 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/utilities.adoc +185 -0
package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/wizard.adoc +15 -0
package/lib/openzeppelin-contracts/docs/templates/contract.hbs +111 -0
package/lib/openzeppelin-contracts/docs/templates/helpers.js +46 -0
package/lib/openzeppelin-contracts/docs/templates/page.hbs +4 -0
package/lib/openzeppelin-contracts/docs/templates/properties.js +64 -0
package/lib/openzeppelin-contracts/hardhat/env-artifacts.js +24 -0
package/lib/openzeppelin-contracts/hardhat/env-contract.js +25 -0
package/lib/openzeppelin-contracts/hardhat/ignore-unreachable-warnings.js +45 -0
package/lib/openzeppelin-contracts/hardhat/skip-foundry-tests.js +6 -0
package/lib/openzeppelin-contracts/hardhat/task-test-get-files.js +25 -0
package/lib/openzeppelin-contracts/hardhat.config.js +131 -0
package/lib/openzeppelin-contracts/lib/erc4626-tests/LICENSE +661 -0
package/lib/openzeppelin-contracts/lib/erc4626-tests/README.md +116 -0
package/lib/openzeppelin-contracts/lib/forge-std/.github/workflows/ci.yml +92 -0
package/lib/openzeppelin-contracts/lib/forge-std/.gitmodules +3 -0
package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-APACHE +203 -0
package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-MIT +25 -0
package/lib/openzeppelin-contracts/lib/forge-std/README.md +250 -0
package/lib/openzeppelin-contracts/lib/forge-std/package.json +16 -0
package/lib/openzeppelin-contracts/logo.svg +15 -0
package/lib/openzeppelin-contracts/netlify.toml +3 -0
package/lib/openzeppelin-contracts/package-lock.json +16544 -0
package/lib/openzeppelin-contracts/package.json +96 -0
package/lib/openzeppelin-contracts/remappings.txt +1 -0
package/lib/openzeppelin-contracts/renovate.json +4 -0
package/lib/openzeppelin-contracts/requirements.txt +1 -0
package/lib/openzeppelin-contracts/scripts/checks/compare-layout.js +20 -0
package/lib/openzeppelin-contracts/scripts/checks/compareGasReports.js +243 -0
package/lib/openzeppelin-contracts/scripts/checks/extract-layout.js +38 -0
package/lib/openzeppelin-contracts/scripts/checks/generation.sh +6 -0
package/lib/openzeppelin-contracts/scripts/checks/inheritance-ordering.js +54 -0
package/lib/openzeppelin-contracts/scripts/gen-nav.js +41 -0
package/lib/openzeppelin-contracts/scripts/generate/format-lines.js +16 -0
package/lib/openzeppelin-contracts/scripts/generate/run.js +49 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.js +247 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.opts.js +17 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.t.js +146 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableMap.js +283 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableSet.js +250 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/SafeCast.js +126 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/StorageSlot.js +78 -0
package/lib/openzeppelin-contracts/scripts/generate/templates/conversion.js +30 -0
package/lib/openzeppelin-contracts/scripts/git-user-config.sh +6 -0
package/lib/openzeppelin-contracts/scripts/helpers.js +37 -0
package/lib/openzeppelin-contracts/scripts/prepack.sh +23 -0
package/lib/openzeppelin-contracts/scripts/prepare-docs.sh +26 -0
package/lib/openzeppelin-contracts/scripts/release/format-changelog.js +33 -0
package/lib/openzeppelin-contracts/scripts/release/synchronize-versions.js +15 -0
package/lib/openzeppelin-contracts/scripts/release/update-comment.js +34 -0
package/lib/openzeppelin-contracts/scripts/release/version.sh +11 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/exit-prerelease.sh +8 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/github-release.js +48 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/integrity-check.sh +20 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/pack.sh +26 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/publish.sh +26 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/rerun.js +7 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/set-changesets-pr-title.js +17 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/start.sh +35 -0
package/lib/openzeppelin-contracts/scripts/release/workflow/state.js +112 -0
package/lib/openzeppelin-contracts/scripts/remove-ignored-artifacts.js +45 -0
package/lib/openzeppelin-contracts/scripts/solhint-custom/index.js +84 -0
package/lib/openzeppelin-contracts/scripts/solhint-custom/package.json +5 -0
package/lib/openzeppelin-contracts/scripts/update-docs-branch.js +65 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/README.md +21 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/patch-apply.sh +19 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/patch-save.sh +18 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/transpile-onto.sh +54 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/transpile.sh +47 -0
package/lib/openzeppelin-contracts/scripts/upgradeable/upgradeable.patch +360 -0
package/lib/openzeppelin-contracts/slither.config.json +5 -0
package/lib/openzeppelin-contracts/solhint.config.js +20 -0
package/mythril-lft-output.txt +1 -0
package/mythril-lft-symbolic.txt +18 -0
package/mythril-lft.sh +20 -0
package/mythril-symbolic-output.txt +1 -0
package/mythril-symbolic.sh +42 -0
package/out/build-info/0026b78428192979.json +1 -0
package/out/build-info/03c4fc3b88486eba.json +1 -0
package/out/build-info/0540afa9b9a5c5a6.json +1 -0
package/out/build-info/081932f505bc08b9.json +1 -0
package/out/build-info/0da104ba0d6642d5.json +1 -0
package/out/build-info/197281971dbb5f23.json +1 -0
package/out/build-info/197e7e332832a232.json +1 -0
package/out/build-info/1a1cab9136eb5f94.json +1 -0
package/out/build-info/1b320204eb162aa2.json +1 -0
package/out/build-info/1e03f94398052674.json +1 -0
package/out/build-info/22ac085949602937.json +1 -0
package/out/build-info/234ef37453a9fa64.json +1 -0
package/out/build-info/2447db7b1878fa8e.json +1 -0
package/out/build-info/25568daeb484f5ff.json +1 -0
package/out/build-info/27465853244c49ce.json +1 -0
package/out/build-info/2c57a9e0f087453b.json +1 -0
package/out/build-info/3c62ae7de8da68c4.json +1 -0
package/out/build-info/3e771ae109e97bb3.json +1 -0
package/out/build-info/460499bc0a3465c4.json +1 -0
package/out/build-info/47ce37e50a4f115e.json +1 -0
package/out/build-info/4fcce5c63cf427d6.json +1 -0
package/out/build-info/4fd0a53fe63fddbb.json +1 -0
package/out/build-info/50f1247db9d769cc.json +1 -0
package/out/build-info/5317d0181a7a5e02.json +1 -0
package/out/build-info/594df509275ceb5b.json +1 -0
package/out/build-info/61983ac3f6141719.json +1 -0
package/out/build-info/638c4548307122fe.json +1 -0
package/out/build-info/67c2c43bdb7c0ded.json +1 -0
package/out/build-info/777f42643aad37b7.json +1 -0
package/out/build-info/7d7856f19e845354.json +1 -0
package/out/build-info/83976260b6f71e94.json +1 -0
package/out/build-info/83c23882000b963d.json +1 -0
package/out/build-info/84b2cce8f70b36be.json +1 -0
package/out/build-info/8bc13d31d7c3206a.json +1 -0
package/out/build-info/8e183bd4d9d8cf88.json +1 -0
package/out/build-info/94bfe1e7cafa8ff5.json +1 -0
package/out/build-info/99ec7d5e8d8ff360.json +1 -0
package/out/build-info/9ac044b29daa7d5e.json +1 -0
package/out/build-info/9b203227ff5d2e63.json +1 -0
package/out/build-info/9d18c5872c4282dd.json +1 -0
package/out/build-info/9f77f04f33baf9a3.json +1 -0
package/out/build-info/a6e1caf974787982.json +1 -0
package/out/build-info/a94b6348867a62d6.json +1 -0
package/out/build-info/ad93721947a8b195.json +1 -0
package/out/build-info/b42daddb5aa4b19f.json +1 -0
package/out/build-info/bf13512ae899f7e8.json +1 -0
package/out/build-info/c39f86c20a548c4a.json +1 -0
package/out/build-info/cb12bb975a2f4e65.json +1 -0
package/out/build-info/d0c6788fadc2aa60.json +1 -0
package/out/build-info/d2726bf94ed5b845.json +1 -0
package/out/build-info/d4eb00da50cce5cb.json +1 -0
package/out/build-info/db931924a3bc8bdd.json +1 -0
package/out/build-info/e1a503d49bc77401.json +1 -0
package/out/build-info/efe5396f8892ce77.json +1 -0
package/out/build-info/f536d90ced745969.json +1 -0
package/out/build-info/fed38823c7019b82.json +1 -0
package/package.json +51 -0
package/page.html +5384 -0
package/pancakeswap-simple-tvl.sql +15 -0
package/pancakeswap-top-pools.sql +29 -0
package/pancakeswap-tvl-optimized.sql +57 -0
package/pancakeswap-tvl-query.sql +60 -0
package/pancakeswap-underflow-hunting.sql +51 -0
package/pancakeswap-vulnerability-queries.sql +200 -0
package/posi_page.html +6369 -0
package/posi_response.json +29 -0
package/proxy_page.html +500 -0
package/run_mythril_elephant.sh +18 -0
package/sHEGIC-bytecode.bin +6 -0
package/sHEGIC-mythril-analysis.txt +1 -0
package/sHEGIC-mythril-full.txt +134 -0
package/sHEGIC_ANALYSIS.md +135 -0
package/sHEGIC_EXPLOIT_ANALYSIS.md +317 -0
package/sHEGIC_MYTHRIL_ANALYSIS.md +361 -0
package/scrape-snowcrash.js +28 -0
package/scripts/yooshi_drain.sh +154 -0
package/shi_raw.json +1 -0
package/temp.json +1 -0
package/temp_harvest.json +1 -0
package/temp_pika.json +1 -0
package/temp_posi.json +1 -0
package/temp_response.json +1 -0
package/test-lft-hidden-balance.js +108 -0
package/test-xfi-exploit.js +140 -0
package/trunk-liquidity-rescue.js +164 -0
package/vBABY_page.html +6153 -0
package/vBABY_response.json +29 -0
package/wsg_response.json +1 -0
package/yooldo_page.html +10371 -0

package/audits/pepeCoin-security-audit-20260324.md ADDED Viewed

@@ -0,0 +1,462 @@
+# pepeCoin - Security Audit Report
+**Audit Date**: March 24, 2026
+**Contract**: pepeCoin.sol
+**Token Name**: pepeCoin
+**Token Symbol**: pepecoin
+**Compiler**: Solidity ^0.8.0
+**Deployment**: April 28, 2023
+**Type**: Meme Token
+---
+## Executive Summary
+pepeCoin is a simple meme token with basic ERC20 functionality plus owner-controlled price tracking and ETH withdrawal. The contract uses OpenZeppelin v4.x and has minimal custom logic.
+**Overall Risk**: 🟢 **LOW** (Minor issues only)
+**Key Finding**: The `_tokenPrice` variable is **COMPLETELY USELESS** - it's stored on-chain but never used by any contract logic. It's just a number the owner can change that has no effect on anything.
+---
+## Contract Overview
+```solidity
+contract pepeCoin is ERC20, Ownable {
+    uint256 private _totalSupply = 133769420 * (10 ** 18);  // ~133M tokens
+    uint256 private _tokenPrice = 200000 * (10 ** 18);      // Unused variable
+    constructor() ERC20("pepeCoin", "pepecoin") {
+        _mint(msg.sender, _totalSupply);  // Mint all to deployer
+    }
+}
+```
+**Supply**: 133,769,420 tokens (meme number reference)
+**Distribution**: 100% to deployer at launch
+**Decimals**: 18 (standard)
+---
+## Function Analysis
+### 1. `withdraw()` - Owner ETH Withdrawal
+```solidity
+function withdraw() external onlyOwner {
+    uint256 balance = address(this).balance;
+    require(balance > 0, "No balance to withdraw");
+    payable(msg.sender).transfer(balance);
+}
+```
+**Purpose**: Allows owner to withdraw ETH from contract
+**Risk**: 🟢 LOW
+**Analysis**:
+- Standard withdrawal pattern
+- Only owner can call
+- Uses `.transfer()` (2300 gas limit, safe from reentrancy)
+- No issues
+**Question**: How does ETH get into the contract?
+- Contract has no `receive()` or `fallback()` function
+- Contract has no payable functions
+- ETH can only arrive via `selfdestruct` from another contract
+- This function is essentially useless unless someone force-sends ETH
+### 2. `setTokenPrice()` - Set Price Variable
+```solidity
+function setTokenPrice(uint256 newTokenPrice) external onlyOwner {
+    require(newTokenPrice > 0, "Token price should be greater than 0");
+    _tokenPrice = newTokenPrice;
+}
+```
+**Purpose**: Owner can update the `_tokenPrice` variable
+**Risk**: 🟢 NONE
+**Critical Finding**: **THIS DOES NOTHING**
+The `_tokenPrice` variable:
+- ❌ Is NOT used in any transfer logic
+- ❌ Does NOT affect fees or taxes
+- ❌ Does NOT control buying/selling
+- ❌ Does NOT interact with any DEX
+- ✅ Can only be read via `getTokenPrice()`
+**This is purely cosmetic** - it's like writing a number on a piece of paper and calling it "the price". The actual market price is determined by DEX liquidity pools (Uniswap, etc.), not this variable.
+### 3. `getTokenPrice()` - Read Price Variable
+```solidity
+function getTokenPrice() external view returns (uint256) {
+    return _tokenPrice;
+}
+```
+**Purpose**: Returns the stored price value
+**Risk**: 🟢 NONE
+**Analysis**: Just returns the useless `_tokenPrice` variable. External contracts or frontends could read this, but it has no bearing on actual token price.
+### 4. `burn()` - Token Burning
+```solidity
+function burn(uint256 amount) external {
+    require(amount > 0, "Amount to burn should be greater than 0");
+    require(balanceOf(msg.sender) >= amount, "Not enough tokens to burn");
+    _burn(msg.sender, amount);
+}
+```
+**Purpose**: Anyone can burn their own tokens
+**Risk**: 🟢 LOW
+**Analysis**:
+- Standard burn implementation
+- Users can only burn their own tokens
+- Reduces total supply
+- Deflationary mechanism
+- No issues
+**Note**: The `balanceOf()` check is redundant - `_burn()` already checks this internally.
+---
+## Security Analysis
+### ✅ STRENGTHS
+1. **OpenZeppelin Standard**
+   - Uses audited OZ v4.x contracts
+   - No custom transfer logic
+   - Standard ERC20 implementation
+2. **No Honeypot Mechanisms**
+   - No transfer restrictions
+   - No blacklist
+   - No whitelist
+   - No hidden fees
+   - Anyone can buy and sell freely
+3. **No Tax System**
+   - No buy tax
+   - No sell tax
+   - No reflection mechanism
+   - Pure ERC20 transfers
+4. **Simple and Transparent**
+   - Minimal custom code
+   - Easy to audit
+   - No complex logic
+   - Verified on Etherscan
+5. **Deflationary Option**
+   - Users can burn tokens
+   - Reduces supply over time
+   - Standard mechanism
+### 🟡 MINOR ISSUES
+#### 1. Useless `_tokenPrice` Variable (INFORMATIONAL)
+**Issue**: The contract stores and allows updating a "token price" that has no effect on anything.
+```solidity
+uint256 private _tokenPrice = 200000 * (10 ** 18);  // 200,000 tokens per ETH?
+```
+**Problems**:
+- Misleading to users who might think this controls the price
+- Wastes gas storing/updating unused data
+- Could confuse external integrations
+- Initial value (200,000 * 10^18) is nonsensical
+**Impact**: None (it's not used)
+**Recommendation**: Remove entirely or document clearly that it's just a reference value.
+#### 2. Redundant Balance Check (GAS OPTIMIZATION)
+```solidity
+require(balanceOf(msg.sender) >= amount, "Not enough tokens to burn");
+_burn(msg.sender, amount);  // Already checks balance internally
+```
+**Issue**: `_burn()` already checks if the account has enough balance.
+**Impact**: Wastes ~2,000 gas per burn
+**Recommendation**: Remove the redundant check.
+#### 3. Useless `withdraw()` Function (INFORMATIONAL)
+**Issue**: Contract cannot receive ETH normally (no `receive()`/`fallback()`), so `withdraw()` will almost never have ETH to withdraw.
+**Impact**: None (function is harmless)
+**Recommendation**: Either add `receive()` function or remove `withdraw()`.
+#### 4. Shadow Variable `_totalSupply` (INFORMATIONAL)
+```solidity
+uint256 private _totalSupply = 133769420 * (10 ** 18);  // Local variable
+```
+**Issue**: ERC20 already has a `_totalSupply` state variable. This creates a local variable that shadows it.
+**Impact**: None (the local variable is only used in constructor to pass to `_mint()`)
+**Recommendation**: Rename to `INITIAL_SUPPLY` for clarity.
+---
+## Exploit Analysis
+### Can This Contract Be Exploited?
+**NO** - This is a clean, standard ERC20 token.
+**Why not exploitable**:
+1. ✅ **No Math Bugs**: Uses Solidity 0.8.x (built-in overflow protection)
+2. ✅ **No Reentrancy**: No external calls in transfer logic
+3. ✅ **No Access Control Issues**: Only owner functions are properly protected
+4. ✅ **No Flash Loan Attacks**: No price oracles or lending logic
+5. ✅ **No Honeypot**: Standard transfer logic, anyone can sell
+6. ✅ **No Hidden Fees**: Pure ERC20, no taxes
+7. ✅ **No Blacklist**: No way to freeze accounts
+**Centralization Risks**:
+- Owner can change `_tokenPrice` (but this does nothing)
+- Owner can withdraw ETH (but contract can't receive ETH normally)
+- Owner CANNOT mint more tokens
+- Owner CANNOT pause transfers
+- Owner CANNOT blacklist addresses
+---
+## Attack Scenarios
+### Scenario 1: Price Manipulation via `setTokenPrice()`
+```
+Attacker needs: Owner private key
+Attack: Set _tokenPrice to 0 or 999999999
+Result: Nothing happens (variable is unused)
+Exploitable: ❌ NO
+```
+### Scenario 2: Drain ETH via `withdraw()`
+```
+Attacker needs: Owner private key
+Attack: Call withdraw() to steal ETH
+Result: No ETH to steal (contract can't receive ETH)
+Exploitable: ❌ NO
+```
+### Scenario 3: Flash Loan Attack
+```
+Attacker: Borrows tokens, manipulates price
+Result: No price-dependent logic to exploit
+Exploitable: ❌ NO
+```
+### Scenario 4: Reentrancy on Burn
+```
+Attacker: Calls burn() with malicious contract
+Result: No external calls in burn logic
+Exploitable: ❌ NO
+```
+**Conclusion**: No exploits possible. This is a clean token.
+---
+## Comparison to Other Audited Tokens
+| Token | Type | Risk Level | Main Issue |
+|-------|------|-----------|------------|
+| pepeCoin | Meme | 🟢 LOW | Useless price variable |
+| DGToken | Standard | 🟡 MEDIUM | Unlimited minting |
+| BeamToken | Governance | 🟡 MEDIUM | Centralized burning |
+| DSync | Scam | 🔴 HIGH | 60% sell tax |
+| LFT | Honeypot | 🔴 CRITICAL | Cannot sell |
+| MOG | Meme | 🟡 MEDIUM | Centralization |
+**pepeCoin is the cleanest token audited so far** - no significant issues.
+---
+## Findings Summary
+| # | Severity | Issue | Impact |
+|---|----------|-------|--------|
+| 1 | 🔵 INFO | Useless `_tokenPrice` variable | None (not used) |
+| 2 | 🔵 INFO | Useless `withdraw()` function | None (no ETH) |
+| 3 | 🔵 INFO | Redundant balance check in `burn()` | Gas waste |
+| 4 | 🔵 INFO | Shadow variable `_totalSupply` | Confusing naming |
+**Total Issues**: 4 (all informational/gas optimization)
+**Critical Issues**: 0
+**High Issues**: 0
+**Medium Issues**: 0
+**Low Issues**: 0
+---
+## Recommendations
+### For Token Team
+**Optional Improvements**:
+1. **Remove or Document `_tokenPrice`**
+   ```solidity
+   // Option 1: Remove entirely
+   // Delete _tokenPrice, setTokenPrice(), getTokenPrice()
+   // Option 2: Document clearly
+   /// @notice Reference price only - does not affect transfers
+   /// @dev This is NOT the actual market price
+   uint256 private _referencePrice;
+   ```
+2. **Fix Redundant Check**
+   ```solidity
+   function burn(uint256 amount) external {
+       require(amount > 0, "Amount to burn should be greater than 0");
+       _burn(msg.sender, amount);  // Remove redundant balanceOf check
+   }
+   ```
+3. **Add `receive()` or Remove `withdraw()`**
+   ```solidity
+   // Option 1: Add receive function
+   receive() external payable {}
+   // Option 2: Remove withdraw() entirely
+   ```
+4. **Rename Shadow Variable**
+   ```solidity
+   uint256 private constant INITIAL_SUPPLY = 133769420 * (10 ** 18);
+   constructor() ERC20("pepeCoin", "pepecoin") {
+       _mint(msg.sender, INITIAL_SUPPLY);
+   }
+   ```
+### For Users/Investors
+**Before Buying**:
+- ✅ Check liquidity on DEX (Uniswap, etc.)
+- ✅ Verify contract on Etherscan
+- ✅ Check holder distribution
+- ✅ Understand this is a meme token (high volatility)
+**Green Flags**:
+- ✅ Clean, standard ERC20
+- ✅ No honeypot mechanisms
+- ✅ No hidden fees or taxes
+- ✅ Verified source code
+- ✅ No owner mint function
+**Red Flags**:
+- 🟡 Meme token (speculative, no utility)
+- 🟡 100% supply to deployer initially
+- 🟡 Useless price variable (confusing)
+---
+## Code Quality
+**Score**: 7/10
+**Strengths**:
+- Uses OpenZeppelin standards
+- Clean and simple
+- No complex logic
+- Well-commented ASCII art 🐸
+**Weaknesses**:
+- Useless `_tokenPrice` variable
+- Useless `withdraw()` function
+- Redundant checks
+- Shadow variable naming
+---
+## Gas Optimization
+**Minor Optimizations Available**:
+1. Remove redundant `balanceOf()` check in `burn()`: ~2,000 gas saved
+2. Remove unused `_tokenPrice` storage: ~20,000 gas saved on deployment
+3. Use `constant` for initial supply: ~2,000 gas saved on deployment
+**Total Savings**: ~24,000 gas on deployment, ~2,000 per burn
+---
+## Conclusion
+pepeCoin is a **clean, standard meme token** with no security vulnerabilities. The contract is safe to use and has no exploitable bugs.
+**The main quirk**: The `_tokenPrice` variable is completely useless and misleading. It's stored on-chain but has zero effect on token functionality. The owner can change it, but it doesn't control the actual market price (which is determined by DEX liquidity).
+**Final Verdict**: 🟢 **LOW RISK**
+**Safe to use**: ✅ YES
+**Exploitable**: ❌ NO
+**Honeypot**: ❌ NO
+**Hidden fees**: ❌ NO
+**Can sell**: ✅ YES
+**This is just a simple meme token** - no tricks, no traps, just basic ERC20 with a useless price variable.
+---
+## Technical Details
+**Contract Address**: Check Etherscan (deployed April 28, 2023)
+**Total Supply**: 133,769,420 tokens
+**Decimals**: 18
+**OpenZeppelin Version**: v4.x
+**Verified**: Yes
+**Inherited Contracts**:
+- `ERC20` (OpenZeppelin)
+- `Ownable` (OpenZeppelin)
+- `Context` (OpenZeppelin)
+---
+## Fun Facts
+1. **Token supply** (133,769,420) is likely a meme reference
+2. **ASCII art** in comments shows Pepe the Frog
+3. **Initial "price"** (200,000 * 10^18) is nonsensical and unused
+4. **Symbol mismatch**: name is "pepeCoin" but symbol is "pepecoin" (usually symbol is shorter)
+---
+## Files
+- `pepeCoin.sol` - Token contract
+- `audits/pepeCoin-security-audit-20260324.md` - This audit report
+---
+**Audit Complete**: March 24, 2026
+**Auditor**: Security Analysis
+**Recommendation**: SAFE - Clean meme token with no exploits
+**TL;DR**: It's just a meme token. No scam, no honeypot, no tricks. The "price" variable is useless decoration. Buy at your own risk (it's a meme coin after all 🐸).

package/bin/ups ADDED Viewed

@@ -0,0 +1,232 @@
+#!/bin/bash
+# UUPS Proxy Initialization Checker
+# Usage: ./UUPSCHECKER <contract_address> [chain]
+# Chains: eth (default), bsc, opbnb, polygon, arbitrum, optimism
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+# Banner
+echo -e "${BLUE}"
+echo "╔══════════════════════════════════════════╗"
+echo "║       UUPS INITIALIZATION CHECKER        ║"
+echo "║          Whitehat Bounty Tool            ║"
+echo "╚══════════════════════════════════════════╝"
+echo -e "${NC}"
+# Check if address provided
+if [ -z "$1" ]; then
+    echo -e "${RED}[ERROR]${NC} No address provided!"
+    echo "Usage: ./UUPSCHECKER <contract_address> [chain]"
+    echo "Chains: eth, bsc, opbnb, polygon, arbitrum, optimism"
+    exit 1
+fi
+ADDRESS=$1
+CHAIN=${2:-eth}
+# Set RPC based on chain
+case $CHAIN in
+    eth)
+        RPC_URL="https://mainnet.infura.io/v3/db4d2c885bc946b691dbb3d5ef26d9e2"
+        EXPLORER="https://etherscan.io/address"
+        ;;
+    bsc)
+        RPC_URL="https://bsc-mainnet.infura.io/v3/db4d2c885bc946b691dbb3d5ef26d9e2"
+        EXPLORER="https://bscscan.com/address"
+        ;;
+    opbnb)
+        RPC_URL="https://opbnb-mainnet-rpc.bnbchain.org"
+        EXPLORER="https://opbnbscan.com/address"
+        ;;
+    polygon)
+        RPC_URL="https://polygon-mainnet.infura.io/v3/db4d2c885bc946b691dbb3d5ef26d9e2"
+        EXPLORER="https://polygonscan.com/address"
+        ;;
+    arbitrum)
+        RPC_URL="https://arbitrum-mainnet.infura.io/v3/db4d2c885bc946b691dbb3d5ef26d9e2"
+        EXPLORER="https://arbiscan.io/address"
+        ;;
+    optimism)
+        RPC_URL="https://optimism-mainnet.infura.io/v3/db4d2c885bc946b691dbb3d5ef26d9e2"
+        EXPLORER="https://optimistic.etherscan.io/address"
+        ;;
+    *)
+        echo -e "${RED}[ERROR]${NC} Unknown chain: $CHAIN"
+        exit 1
+        ;;
+esac
+echo -e "${BLUE}[INFO]${NC} Checking: $ADDRESS"
+echo -e "${BLUE}[INFO]${NC} Chain: $CHAIN"
+echo -e "${BLUE}[INFO]${NC} Explorer: $EXPLORER/$ADDRESS"
+echo ""
+# EIP-1967 Implementation Slot
+IMPL_SLOT="0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc"
+# Check implementation slot
+echo -e "${YELLOW}[1/5]${NC} Reading EIP-1967 implementation slot..."
+IMPL_ADDRESS=$(cast storage $ADDRESS $IMPL_SLOT --rpc-url $RPC_URL 2>/dev/null)
+if [ -z "$IMPL_ADDRESS" ] || [ "$IMPL_ADDRESS" == "0x0000000000000000000000000000000000000000000000000000000000000000" ]; then
+    echo -e "${RED}[RESULT]${NC} Not a proxy or no implementation set"
+    exit 0
+fi
+# Convert to address format
+IMPL_ADDRESS="0x${IMPL_ADDRESS:26:40}"
+echo -e "${GREEN}[✓]${NC} Implementation: $IMPL_ADDRESS"
+# Check if it's UUPS by looking for proxiableUUID function (definitive UUPS marker)
+echo -e "${YELLOW}[2/5]${NC} Checking if UUPS proxy..."
+UUPS_CHECK=$(cast call $IMPL_ADDRESS "proxiableUUID()(bytes32)" --rpc-url $RPC_URL 2>&1)
+if [[ $UUPS_CHECK == *"Error"* ]] || [[ $UUPS_CHECK == *"revert"* ]] || [ -z "$UUPS_CHECK" ]; then
+    echo -e "${RED}[!] Not UUPS (Transparent Proxy)${NC}"
+    IS_UUPS=false
+    # For Transparent Proxy, check admin slot instead
+    echo -e "${YELLOW}[2b/5]${NC} Checking Transparent Proxy admin..."
+    ADMIN_SLOT="0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103"
+    ADMIN_ADDRESS=$(cast storage $ADDRESS $ADMIN_SLOT --rpc-url $RPC_URL 2>/dev/null)
+    if [ -z "$ADMIN_ADDRESS" ] || [ "$ADMIN_ADDRESS" == "0x0000000000000000000000000000000000000000000000000000000000000000" ]; then
+        echo -e "${RED}[!]${NC} No admin set (VULNERABLE!)"
+        ADMIN_ADDRESS="0x0000000000000000000000000000000000000000"
+    else
+        ADMIN_ADDRESS="0x${ADMIN_ADDRESS:26:40}"
+        echo -e "${GREEN}[✓]${NC} Admin: $ADMIN_ADDRESS"
+    fi
+else
+    echo -e "${BLUE}[✓] UUPS proxy detected!${NC}"
+    IS_UUPS=true
+fi
+# Check owner/admin
+echo -e "${YELLOW}[3/5]${NC} Checking owner/admin..."
+if [ "$IS_UUPS" = true ]; then
+    # For UUPS, check owner on implementation
+    OWNER=$(cast call $IMPL_ADDRESS "owner()(address)" --rpc-url $RPC_URL 2>/dev/null)
+else
+    # For Transparent, we already have admin from step 2b
+    OWNER=$ADMIN_ADDRESS
+fi
+if [ -z "$OWNER" ] || [ "$OWNER" == "0x0000000000000000000000000000000000000000" ]; then
+    echo -e "${RED}[!]${NC} No owner/admin found"
+    OWNER="NOT_FOUND"
+else
+    echo -e "${GREEN}[✓]${NC} Owner/Admin: $OWNER"
+fi
+# Check if initialized
+echo -e "${YELLOW}[4/5]${NC} Checking initialization status..."
+PROXY_INITIALIZED=false
+IMPL_INITIALIZED=false
+# Check proxy initialization (slot 0 for Initializable)
+PROXY_INIT_SLOT="0x0000000000000000000000000000000000000000000000000000000000000000"
+PROXY_INIT_DATA=$(cast storage $ADDRESS $PROXY_INIT_SLOT --rpc-url $RPC_URL 2>/dev/null)
+if [ ! -z "$PROXY_INIT_DATA" ] && [ "$PROXY_INIT_DATA" != "0x0000000000000000000000000000000000000000000000000000000000000000" ]; then
+    PROXY_INITIALIZED=true
+    echo -e "${GREEN}[✓]${NC} Proxy: INITIALIZED"
+else
+    echo -e "${YELLOW}[!]${NC} Proxy: NOT INITIALIZED"
+fi
+# Check implementation initialization
+IMPL_INIT_DATA=$(cast storage $IMPL_ADDRESS $PROXY_INIT_SLOT --rpc-url $RPC_URL 2>/dev/null)
+if [ ! -z "$IMPL_INIT_DATA" ] && [ "$IMPL_INIT_DATA" != "0x0000000000000000000000000000000000000000000000000000000000000000" ]; then
+    IMPL_INITIALIZED=true
+    echo -e "${GREEN}[✓]${NC} Implementation: INITIALIZED"
+else
+    echo -e "${RED}[!]${NC} Implementation: NOT INITIALIZED"
+fi
+# Overall initialization status
+if [ "$IS_UUPS" = true ]; then
+    # For UUPS, check if owner is set as backup
+    if [ "$OWNER" != "NOT_FOUND" ] && [ "$OWNER" != "0x0000000000000000000000000000000000000000" ]; then
+        IMPL_INITIALIZED=true
+    fi
+    INITIALIZED=$IMPL_INITIALIZED
+else
+    # For Transparent Proxy, check if admin is set
+    if [ "$ADMIN_ADDRESS" != "0x0000000000000000000000000000000000000000" ] && [ "$ADMIN_ADDRESS" != "NOT_FOUND" ]; then
+        INITIALIZED=true
+    else
+        INITIALIZED=false
+    fi
+fi
+# Get balance
+echo -e "${YELLOW}[5/5]${NC} Checking balance..."
+BALANCE=$(cast balance $ADDRESS --rpc-url $RPC_URL 2>/dev/null)
+BALANCE_ETH=$(echo "scale=4; $BALANCE / 1000000000000000000" | bc 2>/dev/null)
+if [ -z "$BALANCE_ETH" ]; then
+    BALANCE_ETH="0"
+fi
+echo -e "${GREEN}[✓]${NC} Balance: $BALANCE_ETH ETH"
+# Final verdict
+echo ""
+echo -e "${BLUE}═══════════════════════════════════════════${NC}"
+echo -e "${BLUE}              FINAL VERDICT                ${NC}"
+echo -e "${BLUE}═══════════════════════════════════════════${NC}"
+if [ "$IS_UUPS" = true ]; then
+    echo -e "Proxy Type:      ${GREEN}UUPS${NC}"
+else
+    echo -e "Proxy Type:      ${YELLOW}Transparent Proxy${NC}"
+fi
+echo -e "Implementation:  $IMPL_ADDRESS"
+if [ "$IS_UUPS" = true ]; then
+    echo -e "Owner:           $OWNER"
+else
+    echo -e "Admin:           $OWNER"
+fi
+echo -e "Balance:         $BALANCE_ETH ETH"
+if [ "$INITIALIZED" = true ]; then
+    echo -e "Status:          ${GREEN}✓ INITIALIZED${NC}"
+    echo ""
+    echo -e "${GREEN}[SAFE]${NC} Proxy is properly configured"
+else
+    echo -e "Status:          ${RED}✗ UNINITIALIZED${NC}"
+    echo ""
+    if [ "$IS_UUPS" = true ]; then
+        echo -e "${RED}[VULNERABLE]${NC} UUPS implementation is uninitialized!"
+        echo -e "${RED}[EXPLOIT]${NC} Potential takeover vulnerability!"
+        echo ""
+        echo -e "${YELLOW}Next steps:${NC}"
+        echo "1. Try calling initialize() on the implementation"
+        echo "2. Check if you can set yourself as owner"
+        echo "3. Verify with: cast call $IMPL_ADDRESS \"owner()(address)\" --rpc-url $RPC_URL"
+    else
+        echo -e "${RED}[VULNERABLE]${NC} Transparent proxy has no admin!"
+        echo -e "${RED}[EXPLOIT]${NC} Anyone can call admin functions!"
+        echo ""
+        echo -e "${YELLOW}Next steps:${NC}"
+        echo "1. Try calling admin() on the proxy"
+        echo "2. Try calling changeAdmin() to set yourself as admin"
+        echo "3. Verify with: cast call $ADDRESS \"admin()(address)\" --rpc-url $RPC_URL"
+    fi
+fi
+echo -e "${BLUE}═══════════════════════════════════════════${NC}"

package/binance-wallet-exploit/.env.example ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ MAINNET_RPC_URL=https://eth.llamarpc.com
2	+ ETHERSCAN_API_KEY=your_api_key_here