uups-checker 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (670) hide show
  1. package/.gitmodules +6 -0
  2. package/AIFI_AUDIT.md +220 -0
  3. package/ALL_AUDITS_SUMMARY.md +366 -0
  4. package/ALPHA_PROXY_CRITICAL_FINDING.md +136 -0
  5. package/ALPHA_PROXY_FINAL_ANALYSIS.md +213 -0
  6. package/ALPHA_PROXY_FINAL_VERDICT.md +233 -0
  7. package/ALPHA_PROXY_SELFDESTRUCT_EXPLOIT.md +161 -0
  8. package/ARIA-foundry-test.txt +9 -0
  9. package/ARIA-mythril-analysis.txt +20 -0
  10. package/ARIA-slither-analysis.txt +38 -0
  11. package/ARIA_AI_SECURITY_AUDIT.md +290 -0
  12. package/ARIA_VERIFIED_AUDIT.md +259 -0
  13. package/ARIA_VERIFIED_slither.txt +76 -0
  14. package/ARIVA_source.txt +1 -0
  15. package/ARK_AUDIT.md +349 -0
  16. package/BANANA_AUDIT.md +365 -0
  17. package/BAS_AUDIT.md +451 -0
  18. package/BAS_TOKEN_AUDIT.md +235 -0
  19. package/BCE_EXPLOIT_ANALYSIS.md +165 -0
  20. package/BEEFY_BNB_CHAIN_ANALYSIS.md +488 -0
  21. package/BEEFY_MONAD_ANALYSIS.md +239 -0
  22. package/BEEFY_STAKING_ANALYSIS.md +136 -0
  23. package/BEEFY_XVS_WBNB_ACTUAL_FINDINGS.md +223 -0
  24. package/BEEFY_XVS_WBNB_CRITICAL_FINDINGS.md +269 -0
  25. package/BLOCKSEC_ATTACK_KNOWLEDGE_BASE.md +771 -0
  26. package/BRISE_ANALYSIS.txt +31 -0
  27. package/BRISE_BSC_DAPPS.txt +68 -0
  28. package/BRISE_EXPLOITS_FOUND.md +98 -0
  29. package/BRISE_REAL_EXPLOITS.md +115 -0
  30. package/BRISE_WHITEHAT_REPORT.md +162 -0
  31. package/BRISEstake_Analysis.txt +95 -0
  32. package/BSCSLOCKTOKEN_CRITICAL_FINDING.md +240 -0
  33. package/BSW_BISWAP_SECURITY_AUDIT.md +330 -0
  34. package/BTCST_FINAL_VERDICT.md +319 -0
  35. package/BTCST_MINING_REBASE_ANALYSIS.md +229 -0
  36. package/BTCST_ROUNDING_DEEP_DIVE.md +293 -0
  37. package/BTCST_ROUNDING_FINAL_VERDICT.md +9 -0
  38. package/BTCST_SECURITY_ANALYSIS.md +391 -0
  39. package/BTR_AUDIT.md +210 -0
  40. package/BeamBridge-analysis.md +226 -0
  41. package/BeamToken-analysis.md +201 -0
  42. package/BitgertSwap_Investigation.txt +107 -0
  43. package/CEEK_STAKING_ANALYSIS.md +0 -0
  44. package/CHAINBASE_AUDIT.md +422 -0
  45. package/COMPLETE_AUDIT_SUMMARY.md +342 -0
  46. package/CORRECTED_ANALYSIS.txt +115 -0
  47. package/DBXEN_COMPARISON_SUMMARY.md +232 -0
  48. package/DBXEN_EXPLOIT_ANALYSIS.md +530 -0
  49. package/DOPFairLaunch_raw.json +29 -0
  50. package/DOPFairLaunch_source.txt +0 -0
  51. package/DOP_BRIDGE_FINAL_ANALYSIS.txt +86 -0
  52. package/DOP_BUSD_LP_ANALYSIS.txt +44 -0
  53. package/DOP_FAIRLAUNCH_ANALYSIS.txt +61 -0
  54. package/DOP_FAIRLAUNCH_FINAL_VERDICT.txt +113 -0
  55. package/DOP_STAKING_CONTRACT_ANALYSIS.txt +67 -0
  56. package/DSYNC_ECOSYSTEM_ANALYSIS.md +221 -0
  57. package/DSyncStaking-exploit-analysis.md +153 -0
  58. package/DSyncVault-analysis.md +120 -0
  59. package/DUSD_PROXY_AUDIT.md +407 -0
  60. package/DXSALE_LOCK_AUDIT.md +0 -0
  61. package/DXSaleLock_bytecode.txt +1 -0
  62. package/ECHIDNA_QUICK_START.md +101 -0
  63. package/ELEPHANT_ECOSYSTEM_AUDIT_PLAN.md +159 -0
  64. package/ELEPHANT_ECOSYSTEM_COMPREHENSIVE_AUDIT.md +427 -0
  65. package/ELEPHANT_SECURITY_ANALYSIS.md +209 -0
  66. package/ELEPHANT_VULNERABILITIES_EXPLAINED.md +455 -0
  67. package/EXPLOIT_FIX.md +300 -0
  68. package/EXPLOIT_INSTRUCTIONS.md +273 -0
  69. package/EXPLOIT_SUMMARY.md +285 -0
  70. package/EXPLOIT_SUMMARY.txt +175 -0
  71. package/FALCON_FINANCE_AUDIT.md +258 -0
  72. package/FANDOM_AUDIT.md +359 -0
  73. package/FEE_ON_TRANSFER_ANALYSIS.md +228 -0
  74. package/FINAL_AUDIT_REPORT.md +0 -0
  75. package/FOLIO_PROXY_AUDIT.md +299 -0
  76. package/FOT_EXPLOIT_RESULTS.txt +110 -0
  77. package/FOT_TOKENS_AUDITED.md +103 -0
  78. package/HEGIC-mythril-analysis.txt +39 -0
  79. package/HEGIC_COMPLETE_ANALYSIS.md +343 -0
  80. package/HOTCROSS_SWAP_EXPLOIT_ANALYSIS.md +123 -0
  81. package/ICECREAMSWAP_EXPLOITS.md +259 -0
  82. package/IMMUNEFI_REPORT.md +314 -0
  83. package/KCCPAD_EXPLOIT_GUIDE.md +285 -0
  84. package/KEL_CEL_EXPLOIT_ANALYSIS.md +0 -0
  85. package/KOGE_AUDIT.md +328 -0
  86. package/LENDFLARE_ANALYSIS.md +239 -0
  87. package/LENDFLARE_ECHIDNA_GUIDE.md +356 -0
  88. package/LENDFLARE_EXPLOIT_INSTRUCTIONS.md +297 -0
  89. package/LENDFLARE_EXPLOIT_SUMMARY.md +292 -0
  90. package/LENDFLARE_FLASHLOAN_GUIDE.md +383 -0
  91. package/LENDFLARE_FUZZING_RESULTS.md +252 -0
  92. package/LENDFLARE_HONEYPOT_BYPASS_ANALYSIS.md +420 -0
  93. package/LENDFLARE_MANUAL_FUZZING.md +324 -0
  94. package/LENDFLARE_MYTHRIL_ANALYSIS.md +339 -0
  95. package/LENDFLARE_V3_BYPASS.md +296 -0
  96. package/LFTDECOMPILE.txt +14478 -0
  97. package/LFT_ACCOUNTING_ANALYSIS.md +0 -0
  98. package/LFT_ACCOUNTING_BUG_ANALYSIS.md +426 -0
  99. package/LFT_BACKDOOR_DEEP_DIVE.md +0 -0
  100. package/LFT_CRITICAL_EXPLOIT_CONFIRMED.md +428 -0
  101. package/LFT_EXPLOIT_VISUAL.md +253 -0
  102. package/LFT_QUICK_SUMMARY.md +124 -0
  103. package/LFT_REVERSE_EXPLOIT_ANALYSIS.md +521 -0
  104. package/MGO_AUDIT_REPORT.md +420 -0
  105. package/MYTHRIL_FINAL_REPORT.md +306 -0
  106. package/MYTHRIL_SLITHER_SUMMARY.md +244 -0
  107. package/NETX_MIGRATION_AUDIT.md +0 -0
  108. package/NPM_PUBLISH_GUIDE.md +0 -0
  109. package/NRV_CRITICAL_EXPLOIT.txt +143 -0
  110. package/NetX_Analysis.txt +76 -0
  111. package/NetX_Migration_bytecode.txt +1 -0
  112. package/NetX_Migration_source.txt +0 -0
  113. package/NetX_Token_source.txt +0 -0
  114. package/NetxWhitehatRescue +22 -0
  115. package/OILER_ATTACK_VISUAL.md +351 -0
  116. package/OILER_BLOCKSEC_TEST_RESULTS.md +421 -0
  117. package/OILER_DEEP_ANALYSIS.md +212 -0
  118. package/OILER_FINAL_EXPLOIT_REPORT.md +241 -0
  119. package/OILER_FINAL_VERDICT.md +339 -0
  120. package/OILER_REENTRANCY_EXPLAINED.md +638 -0
  121. package/OILER_REENTRANCY_FINAL_SUMMARY.md +391 -0
  122. package/OILER_REENTRANCY_REALITY_CHECK.md +393 -0
  123. package/OILER_REENTRANCY_STEP_BY_STEP.md +597 -0
  124. package/OILER_STAKING_MAINNET_ANALYSIS.md +366 -0
  125. package/OILER_STAKING_SECURITY_ANALYSIS.md +409 -0
  126. package/PANCAKESWAP_UNDERFLOW_HUNTING.md +317 -0
  127. package/POLS_MULTICHAIN_AUDIT.md +0 -0
  128. package/POSI_STAKING_AUDIT.md +0 -0
  129. package/PROXY2_SECURITY_ANALYSIS.md +0 -0
  130. package/Proxy2TACS +29748 -0
  131. package/QUICK_START.md +240 -0
  132. package/RAMP_SECURITY_ANALYSIS.md +0 -0
  133. package/README.md +238 -0
  134. package/REAUDIT_MASTER_LIST.txt +15 -0
  135. package/RING_analysis.txt +212 -0
  136. package/RPC +4 -0
  137. package/RULES.txt +20 -0
  138. package/SIREN_AUDIT.md +186 -0
  139. package/SYNC_EXPLOIT_README.md +0 -0
  140. package/SYNC_TOKEN_EXPLOIT_REPORT.md +224 -0
  141. package/TLM_raw.html +0 -0
  142. package/TLM_raw.txt +0 -0
  143. package/TLM_response.json +1 -0
  144. package/TRADOOR_AUDIT.md +253 -0
  145. package/TRUNK_AUDIT.md +285 -0
  146. package/UNIBASE_AUDIT.md +241 -0
  147. package/UNLOCK_ANALYSIS.md +0 -0
  148. package/UNLOCK_EXPLOIT.md +49 -0
  149. package/UNLOCK_EXPLOIT_ANALYSIS.md +0 -0
  150. package/UPS +232 -0
  151. package/UUPSCHECKER +208 -0
  152. package/VAULT_PROXY_AUDIT.md +457 -0
  153. package/VAULT_PROXY_FINAL_VERDICT.md +0 -0
  154. package/VERIFIED_EXPLOITS_FINAL.txt +146 -0
  155. package/WKEYDAO2_AUDIT.md +245 -0
  156. package/WSG_AUDIT.md +0 -0
  157. package/XFI_DEEP_ANALYSIS.md +327 -0
  158. package/YOOSHI_EXPLOIT_GUIDE.md +119 -0
  159. package/YSDAO_EXPLOIT_GUIDE.md +0 -0
  160. package/agent-4-bundle.md +22490 -0
  161. package/alpha-proxy-echidna.txt +1 -0
  162. package/alpha-proxy-fuzz-results.txt +81 -0
  163. package/alpha-proxy-mythril.txt +2 -0
  164. package/analyze-btcst-farm.js +54 -0
  165. package/analyze-dxsale-lock.js +75 -0
  166. package/analyze-elephant.js +69 -0
  167. package/analyze-fara-rewards.js +109 -0
  168. package/analyze-fara-storage.js +83 -0
  169. package/analyze-lft-transaction.js +158 -0
  170. package/analyze-lock-bytecode.js +59 -0
  171. package/analyze-shegic.js +0 -0
  172. package/analyze-staking-abi.js +0 -0
  173. package/analyze-sxp.js +57 -0
  174. package/analyze-tlm.js +76 -0
  175. package/analyze-trumpet.js +98 -0
  176. package/analyze-unlimited-nft.js +108 -0
  177. package/analyze_elephant.sh +27 -0
  178. package/analyze_vault.sh +32 -0
  179. package/aria-bytecode.txt +1 -0
  180. package/aria_response.json +1 -0
  181. package/ark_temp/README.md +66 -0
  182. package/ark_temp/lib/forge-std/.gitattributes +1 -0
  183. package/ark_temp/lib/forge-std/.github/CODEOWNERS +1 -0
  184. package/ark_temp/lib/forge-std/.github/dependabot.yml +6 -0
  185. package/ark_temp/lib/forge-std/.github/workflows/ci.yml +125 -0
  186. package/ark_temp/lib/forge-std/.github/workflows/sync.yml +36 -0
  187. package/ark_temp/lib/forge-std/CONTRIBUTING.md +193 -0
  188. package/ark_temp/lib/forge-std/LICENSE-APACHE +203 -0
  189. package/ark_temp/lib/forge-std/LICENSE-MIT +25 -0
  190. package/ark_temp/lib/forge-std/README.md +314 -0
  191. package/ark_temp/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  192. package/ark_temp/lib/forge-std/package.json +16 -0
  193. package/ark_temp/lib/forge-std/scripts/vm.py +636 -0
  194. package/audits/AiFi-security-audit-20260326.md +499 -0
  195. package/audits/BasedAI-Brains-security-audit-20260324.md +651 -0
  196. package/audits/BinanceAlphaWallet-pashov-ai-audit-report-20260324-170000.md +362 -0
  197. package/audits/DGToken-security-audit-20260324.md +376 -0
  198. package/audits/DSyncStaking-audit-part1.md +161 -0
  199. package/audits/DSyncStaking-security-audit-20260324.md +547 -0
  200. package/audits/DecompiledERC20-security-audit-20260325.md +397 -0
  201. package/audits/DegenVC-security-audit-20260324.md +585 -0
  202. package/audits/DelreyInu-security-audit-20260324.md +463 -0
  203. package/audits/DestraNetwork-security-audit-20260324.md +705 -0
  204. package/audits/DomiToken-security-audit-20260324.md +514 -0
  205. package/audits/LendFlareToken-security-audit-20260325.md +197 -0
  206. package/audits/LockReleaseTokenPool-security-audit-20260324.md +482 -0
  207. package/audits/MOG-pashov-ai-audit-report-20260324-164900.md +229 -0
  208. package/audits/PAALAI-security-audit-20260324.md +475 -0
  209. package/audits/PAR-security-audit-20260325.md +311 -0
  210. package/audits/PepeCoinStaking-security-audit-20260324.md +358 -0
  211. package/audits/StakingPool-security-audit-20260324.md +517 -0
  212. package/audits/SyncToken-security-audit-20260324.md +778 -0
  213. package/audits/UndeadToken-decompiled-security-audit-20260324.md +485 -0
  214. package/audits/UnknownToken-decompiled-security-audit-20260324.md +647 -0
  215. package/audits/XFIStaking-security-audit-20260324.md +682 -0
  216. package/audits/Xfinance-security-audit-20260324.md +463 -0
  217. package/audits/basedAIFarm-security-audit-20260324.md +330 -0
  218. package/audits/pepeCoin-security-audit-20260324.md +462 -0
  219. package/bin/ups +232 -0
  220. package/binance-wallet-exploit/.env.example +2 -0
  221. package/binance-wallet-exploit/EXECUTIVE_SUMMARY.md +272 -0
  222. package/binance-wallet-exploit/EXPLOIT_SUMMARY.md +104 -0
  223. package/binance-wallet-exploit/FINAL_ANALYSIS.md +326 -0
  224. package/binance-wallet-exploit/FLASHLOAN_ATTACK.md +292 -0
  225. package/binance-wallet-exploit/HONEYPOT_REPORT.md +526 -0
  226. package/binance-wallet-exploit/INVESTIGATION_COMPLETE.md +362 -0
  227. package/binance-wallet-exploit/LENDFLARE_EXPLOIT.md +219 -0
  228. package/binance-wallet-exploit/LENDFLARE_FINAL_ATTACK.md +307 -0
  229. package/binance-wallet-exploit/LENDFLARE_REAL_EXPLOIT.md +286 -0
  230. package/binance-wallet-exploit/LENDFLARE_RUGPULL.md +269 -0
  231. package/binance-wallet-exploit/LFT_ANALYSIS.md +206 -0
  232. package/binance-wallet-exploit/QUICK_START.md +75 -0
  233. package/binance-wallet-exploit/README.md +195 -0
  234. package/binance-wallet-exploit/REAL_TX_EXPLOIT_ANALYSIS.md +271 -0
  235. package/binance-wallet-exploit/REMIX_INSTRUCTIONS.md +223 -0
  236. package/binance-wallet-exploit/TEST_RESULTS.md +203 -0
  237. package/binance-wallet-exploit/cache/solidity-files-cache.json +1 -0
  238. package/binance-wallet-exploit/cache/test-failures +1 -0
  239. package/binance-wallet-exploit/lib/forge-std/.gitattributes +1 -0
  240. package/binance-wallet-exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  241. package/binance-wallet-exploit/lib/forge-std/.github/dependabot.yml +6 -0
  242. package/binance-wallet-exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  243. package/binance-wallet-exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  244. package/binance-wallet-exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  245. package/binance-wallet-exploit/lib/forge-std/LICENSE-APACHE +203 -0
  246. package/binance-wallet-exploit/lib/forge-std/LICENSE-MIT +25 -0
  247. package/binance-wallet-exploit/lib/forge-std/README.md +314 -0
  248. package/binance-wallet-exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  249. package/binance-wallet-exploit/lib/forge-std/package.json +16 -0
  250. package/binance-wallet-exploit/lib/forge-std/scripts/vm.py +636 -0
  251. package/binance-wallet-exploit/out/build-info/1e9aa7e86cf56962.json +1 -0
  252. package/binance-wallet-exploit/out/build-info/6f56f10e9d7b56eb.json +1 -0
  253. package/binance-wallet-exploit/out/build-info/7edba961ff697a24.json +1 -0
  254. package/binance-wallet-exploit/out/build-info/8c27fe3efea2f2e7.json +1 -0
  255. package/binance-wallet-exploit/out/build-info/978b680daffec63a.json +1 -0
  256. package/binance-wallet-exploit/out/build-info/9806b900b5672d0c.json +1 -0
  257. package/binance-wallet-exploit/out/build-info/b4b9ff36e9b3fc27.json +1 -0
  258. package/binance-wallet-exploit/out/build-info/b6f4df9ae05c0812.json +1 -0
  259. package/binance-wallet-exploit/out/build-info/c88dbc86551f7b5c.json +1 -0
  260. package/binance-wallet-exploit/out/build-info/e9657504010623db.json +1 -0
  261. package/cache/fuzz/failures/ARIAVerifiedFuzzTest/testFuzz_ApprovalRaceCondition +1 -0
  262. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_DirectTransferExploit +1 -0
  263. package/cache/fuzz/failures/HotCrossSwapFuzzTest/testFuzz_LargeSwapDrain +1 -0
  264. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_ApprovalExploit +1 -0
  265. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_BalanceManipulation +1 -0
  266. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_RateManipulation +1 -0
  267. package/cache/fuzz/failures/LendFlareFuzz/testFuzz_StorageManipulation +1 -0
  268. package/cache/fuzz/failures/PARFuzzTest/testFuzz_OverflowTransfer +1 -0
  269. package/cache/fuzz/failures/PARFuzzTest/testFuzz_Transfer +1 -0
  270. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_FrontrunAddfunds +1 -0
  271. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RewardOverflow +1 -0
  272. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_RoundingExploit +1 -0
  273. package/cache/fuzz/failures/XFIDeepFuzz/testFuzz_WithdrawLimit +1 -0
  274. package/cache/solidity-files-cache.json +1 -0
  275. package/cache/test-failures +1 -0
  276. package/calculate-elephant-flashloan.js +195 -0
  277. package/check-address-approval.js +112 -0
  278. package/check-alpha-proxy.js +42 -0
  279. package/check-arbitrage.js +155 -0
  280. package/check-aria-token.js +47 -0
  281. package/check-ark.sh +20 -0
  282. package/check-btcst-mining.js +75 -0
  283. package/check-btcst-pools.js +163 -0
  284. package/check-btcst.js +88 -0
  285. package/check-caller.js +26 -0
  286. package/check-ceek-lp.js +73 -0
  287. package/check-ceek.js +47 -0
  288. package/check-dxsale-address.js +35 -0
  289. package/check-fara-exploit-timing.js +56 -0
  290. package/check-fara-real-exploit.js +73 -0
  291. package/check-flashloan-limits.js +129 -0
  292. package/check-kel-cel-pool.js +91 -0
  293. package/check-lax-staking.js +41 -0
  294. package/check-lendflare.js +165 -0
  295. package/check-lft-accounting.js +109 -0
  296. package/check-lft-roles.js +165 -0
  297. package/check-lock-time.js +47 -0
  298. package/check-min-stake.js +73 -0
  299. package/check-mystery-contract.js +52 -0
  300. package/check-next-token.js +50 -0
  301. package/check-nora-lock.js +67 -0
  302. package/check-oiler-approvals.js +116 -0
  303. package/check-oiler-proxy.js +73 -0
  304. package/check-oiler-staking.js +117 -0
  305. package/check-proxy-simple.js +71 -0
  306. package/check-recent-stakes.js +54 -0
  307. package/check-shegic-holdings.js +67 -0
  308. package/check-snowcrash-ecosystem.js +83 -0
  309. package/check-sync-lp.js +97 -0
  310. package/check-sync-stake.js +42 -0
  311. package/check-tlm.js +37 -0
  312. package/check-token-pools.js +146 -0
  313. package/check-trunk-depeg.js +181 -0
  314. package/check-tusd-decimals.js +58 -0
  315. package/check-user-storage-deep.js +81 -0
  316. package/check-welephant-pools.js +130 -0
  317. package/check-xfi-pool.js +75 -0
  318. package/check-zypher.js +32 -0
  319. package/check_proxy.sh +36 -0
  320. package/compare-tlm-chains.js +90 -0
  321. package/contract_0x05f2.html +6025 -0
  322. package/contract_0x3720.html +6361 -0
  323. package/contract_0x928e.html +5606 -0
  324. package/contract_0xc42d.html +5304 -0
  325. package/contract_page.html +5789 -0
  326. package/decode-stake-tx.js +50 -0
  327. package/deep-analyze-lock.js +82 -0
  328. package/dune_uups_proxy_query.sql +42 -0
  329. package/dune_uups_vulnerable_query.sql +0 -0
  330. package/echidna/alpha-proxy.yaml +14 -0
  331. package/echidna/elephant.yaml +7 -0
  332. package/echidna/lendflare.yaml +42 -0
  333. package/echidna.config.yaml +12 -0
  334. package/elephant_raw.json +1 -0
  335. package/eps_raw.json +1 -0
  336. package/exploit/.github/workflows/test.yml +38 -0
  337. package/exploit/.gitmodules +3 -0
  338. package/exploit/README.md +66 -0
  339. package/exploit/foundry.lock +8 -0
  340. package/exploit/lib/forge-std/.gitattributes +1 -0
  341. package/exploit/lib/forge-std/.github/CODEOWNERS +1 -0
  342. package/exploit/lib/forge-std/.github/dependabot.yml +6 -0
  343. package/exploit/lib/forge-std/.github/workflows/ci.yml +125 -0
  344. package/exploit/lib/forge-std/.github/workflows/sync.yml +36 -0
  345. package/exploit/lib/forge-std/CONTRIBUTING.md +193 -0
  346. package/exploit/lib/forge-std/LICENSE-APACHE +203 -0
  347. package/exploit/lib/forge-std/LICENSE-MIT +25 -0
  348. package/exploit/lib/forge-std/README.md +314 -0
  349. package/exploit/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  350. package/exploit/lib/forge-std/package.json +16 -0
  351. package/exploit/lib/forge-std/scripts/vm.py +636 -0
  352. package/exploit_analysis.txt +51 -0
  353. package/extract_contract.py +21 -0
  354. package/extract_elephant_contracts.py +24 -0
  355. package/fara-staking-bytecode.txt +1 -0
  356. package/fara-staking-raw.txt +1 -0
  357. package/fetch-aria.js +46 -0
  358. package/fetch-contract.js +50 -0
  359. package/fetch-shegic-source.js +86 -0
  360. package/fetch-snowcrash.js +44 -0
  361. package/fetch-staking-source.js +53 -0
  362. package/fetch-tlm.js +60 -0
  363. package/fetch_elephant_source.py +32 -0
  364. package/find-ceek-staking.js +21 -0
  365. package/find-exploit-tx.js +88 -0
  366. package/find-oiler-holders.js +100 -0
  367. package/find-tlm-holder.js +36 -0
  368. package/find-vulnerable-fund.js +94 -0
  369. package/foundry.lock +8 -0
  370. package/fuzz-all.sh +53 -0
  371. package/get-aria-contract.py +40 -0
  372. package/get-lft-holders.js +89 -0
  373. package/get-tlm-source.sh +8 -0
  374. package/harvest_txs.json +1 -0
  375. package/lft-bytecode-raw.txt +1 -0
  376. package/lft-bytecode.json +1 -0
  377. package/lft-impl.bin +1 -0
  378. package/lft-implementation-bytecode.txt +1 -0
  379. package/lib/forge-std/.gitattributes +1 -0
  380. package/lib/forge-std/.github/CODEOWNERS +1 -0
  381. package/lib/forge-std/.github/dependabot.yml +6 -0
  382. package/lib/forge-std/.github/workflows/ci.yml +125 -0
  383. package/lib/forge-std/.github/workflows/sync.yml +36 -0
  384. package/lib/forge-std/CONTRIBUTING.md +193 -0
  385. package/lib/forge-std/LICENSE-APACHE +203 -0
  386. package/lib/forge-std/LICENSE-MIT +25 -0
  387. package/lib/forge-std/README.md +314 -0
  388. package/lib/forge-std/RELEASE_CHECKLIST.md +12 -0
  389. package/lib/forge-std/package.json +16 -0
  390. package/lib/forge-std/scripts/vm.py +636 -0
  391. package/lib/openzeppelin-contracts/.changeset/config.json +12 -0
  392. package/lib/openzeppelin-contracts/.codecov.yml +12 -0
  393. package/lib/openzeppelin-contracts/.editorconfig +21 -0
  394. package/lib/openzeppelin-contracts/.eslintrc +20 -0
  395. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/bug_report.md +21 -0
  396. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/config.yml +4 -0
  397. package/lib/openzeppelin-contracts/.github/ISSUE_TEMPLATE/feature_request.md +14 -0
  398. package/lib/openzeppelin-contracts/.github/PULL_REQUEST_TEMPLATE.md +20 -0
  399. package/lib/openzeppelin-contracts/.github/actions/gas-compare/action.yml +49 -0
  400. package/lib/openzeppelin-contracts/.github/actions/setup/action.yml +21 -0
  401. package/lib/openzeppelin-contracts/.github/actions/storage-layout/action.yml +55 -0
  402. package/lib/openzeppelin-contracts/.github/workflows/actionlint.yml +18 -0
  403. package/lib/openzeppelin-contracts/.github/workflows/changeset.yml +28 -0
  404. package/lib/openzeppelin-contracts/.github/workflows/checks.yml +118 -0
  405. package/lib/openzeppelin-contracts/.github/workflows/docs.yml +19 -0
  406. package/lib/openzeppelin-contracts/.github/workflows/formal-verification.yml +68 -0
  407. package/lib/openzeppelin-contracts/.github/workflows/release-cycle.yml +214 -0
  408. package/lib/openzeppelin-contracts/.github/workflows/upgradeable.yml +34 -0
  409. package/lib/openzeppelin-contracts/.gitmodules +7 -0
  410. package/lib/openzeppelin-contracts/.mocharc.js +4 -0
  411. package/lib/openzeppelin-contracts/.prettierrc +15 -0
  412. package/lib/openzeppelin-contracts/.solcover.js +13 -0
  413. package/lib/openzeppelin-contracts/CHANGELOG.md +972 -0
  414. package/lib/openzeppelin-contracts/CODE_OF_CONDUCT.md +73 -0
  415. package/lib/openzeppelin-contracts/CONTRIBUTING.md +36 -0
  416. package/lib/openzeppelin-contracts/GUIDELINES.md +148 -0
  417. package/lib/openzeppelin-contracts/LICENSE +22 -0
  418. package/lib/openzeppelin-contracts/README.md +107 -0
  419. package/lib/openzeppelin-contracts/RELEASING.md +45 -0
  420. package/lib/openzeppelin-contracts/SECURITY.md +42 -0
  421. package/lib/openzeppelin-contracts/audits/2017-03.md +292 -0
  422. package/lib/openzeppelin-contracts/audits/2018-10.pdf +0 -0
  423. package/lib/openzeppelin-contracts/audits/2022-10-Checkpoints.pdf +0 -0
  424. package/lib/openzeppelin-contracts/audits/2022-10-ERC4626.pdf +0 -0
  425. package/lib/openzeppelin-contracts/audits/2023-05-v4.9.pdf +0 -0
  426. package/lib/openzeppelin-contracts/audits/2023-10-v5.0.pdf +0 -0
  427. package/lib/openzeppelin-contracts/audits/README.md +17 -0
  428. package/lib/openzeppelin-contracts/certora/Makefile +54 -0
  429. package/lib/openzeppelin-contracts/certora/README.md +60 -0
  430. package/lib/openzeppelin-contracts/certora/diff/access_manager_AccessManager.sol.patch +97 -0
  431. package/lib/openzeppelin-contracts/certora/reports/2021-10.pdf +0 -0
  432. package/lib/openzeppelin-contracts/certora/reports/2022-03.pdf +0 -0
  433. package/lib/openzeppelin-contracts/certora/reports/2022-05.pdf +0 -0
  434. package/lib/openzeppelin-contracts/certora/run.js +160 -0
  435. package/lib/openzeppelin-contracts/certora/specs/AccessControl.spec +119 -0
  436. package/lib/openzeppelin-contracts/certora/specs/AccessControlDefaultAdminRules.spec +464 -0
  437. package/lib/openzeppelin-contracts/certora/specs/DoubleEndedQueue.spec +300 -0
  438. package/lib/openzeppelin-contracts/certora/specs/ERC20.spec +352 -0
  439. package/lib/openzeppelin-contracts/certora/specs/ERC20FlashMint.spec +55 -0
  440. package/lib/openzeppelin-contracts/certora/specs/ERC20Wrapper.spec +198 -0
  441. package/lib/openzeppelin-contracts/certora/specs/ERC721.spec +679 -0
  442. package/lib/openzeppelin-contracts/certora/specs/EnumerableMap.spec +333 -0
  443. package/lib/openzeppelin-contracts/certora/specs/EnumerableSet.spec +246 -0
  444. package/lib/openzeppelin-contracts/certora/specs/Initializable.spec +165 -0
  445. package/lib/openzeppelin-contracts/certora/specs/Ownable.spec +77 -0
  446. package/lib/openzeppelin-contracts/certora/specs/Ownable2Step.spec +108 -0
  447. package/lib/openzeppelin-contracts/certora/specs/Pausable.spec +96 -0
  448. package/lib/openzeppelin-contracts/certora/specs/TimelockController.spec +274 -0
  449. package/lib/openzeppelin-contracts/certora/specs/helpers/helpers.spec +7 -0
  450. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControl.spec +8 -0
  451. package/lib/openzeppelin-contracts/certora/specs/methods/IAccessControlDefaultAdminRules.spec +36 -0
  452. package/lib/openzeppelin-contracts/certora/specs/methods/IERC20.spec +11 -0
  453. package/lib/openzeppelin-contracts/certora/specs/methods/IERC2612.spec +5 -0
  454. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashBorrower.spec +3 -0
  455. package/lib/openzeppelin-contracts/certora/specs/methods/IERC3156FlashLender.spec +5 -0
  456. package/lib/openzeppelin-contracts/certora/specs/methods/IERC5313.spec +3 -0
  457. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721.spec +17 -0
  458. package/lib/openzeppelin-contracts/certora/specs/methods/IERC721Receiver.spec +3 -0
  459. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable.spec +5 -0
  460. package/lib/openzeppelin-contracts/certora/specs/methods/IOwnable2Step.spec +7 -0
  461. package/lib/openzeppelin-contracts/certora/specs.json +86 -0
  462. package/lib/openzeppelin-contracts/contracts/access/README.adoc +43 -0
  463. package/lib/openzeppelin-contracts/contracts/finance/README.adoc +14 -0
  464. package/lib/openzeppelin-contracts/contracts/governance/README.adoc +167 -0
  465. package/lib/openzeppelin-contracts/contracts/interfaces/README.adoc +82 -0
  466. package/lib/openzeppelin-contracts/contracts/metatx/README.adoc +12 -0
  467. package/lib/openzeppelin-contracts/contracts/package.json +32 -0
  468. package/lib/openzeppelin-contracts/contracts/proxy/README.adoc +87 -0
  469. package/lib/openzeppelin-contracts/contracts/token/ERC1155/README.adoc +41 -0
  470. package/lib/openzeppelin-contracts/contracts/token/ERC20/README.adoc +67 -0
  471. package/lib/openzeppelin-contracts/contracts/token/ERC721/README.adoc +67 -0
  472. package/lib/openzeppelin-contracts/contracts/token/common/README.adoc +10 -0
  473. package/lib/openzeppelin-contracts/contracts/utils/README.adoc +88 -0
  474. package/lib/openzeppelin-contracts/contracts/vendor/compound/LICENSE +11 -0
  475. package/lib/openzeppelin-contracts/docs/README.md +16 -0
  476. package/lib/openzeppelin-contracts/docs/antora.yml +7 -0
  477. package/lib/openzeppelin-contracts/docs/config.js +21 -0
  478. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3a.png +0 -0
  479. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-3b.png +0 -0
  480. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack-6.png +0 -0
  481. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-attack.png +0 -0
  482. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-deposit.png +0 -0
  483. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-mint.png +0 -0
  484. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-linear.png +0 -0
  485. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglog.png +0 -0
  486. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/erc4626-rate-loglogext.png +0 -0
  487. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-exec.png +0 -0
  488. package/lib/openzeppelin-contracts/docs/modules/ROOT/images/tally-vote.png +0 -0
  489. package/lib/openzeppelin-contracts/docs/modules/ROOT/nav.adoc +23 -0
  490. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/access-control.adoc +204 -0
  491. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/backwards-compatibility.adoc +48 -0
  492. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/crowdsales.adoc +11 -0
  493. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/drafts.adoc +19 -0
  494. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc1155.adoc +145 -0
  495. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20-supply.adoc +71 -0
  496. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc20.adoc +77 -0
  497. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc4626.adoc +214 -0
  498. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/erc721.adoc +79 -0
  499. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/extending-contracts.adoc +77 -0
  500. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/faq.adoc +13 -0
  501. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/governance.adoc +240 -0
  502. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/index.adoc +79 -0
  503. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/tokens.adoc +31 -0
  504. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/upgradeable.adoc +77 -0
  505. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/utilities.adoc +185 -0
  506. package/lib/openzeppelin-contracts/docs/modules/ROOT/pages/wizard.adoc +15 -0
  507. package/lib/openzeppelin-contracts/docs/templates/contract.hbs +111 -0
  508. package/lib/openzeppelin-contracts/docs/templates/helpers.js +46 -0
  509. package/lib/openzeppelin-contracts/docs/templates/page.hbs +4 -0
  510. package/lib/openzeppelin-contracts/docs/templates/properties.js +64 -0
  511. package/lib/openzeppelin-contracts/hardhat/env-artifacts.js +24 -0
  512. package/lib/openzeppelin-contracts/hardhat/env-contract.js +25 -0
  513. package/lib/openzeppelin-contracts/hardhat/ignore-unreachable-warnings.js +45 -0
  514. package/lib/openzeppelin-contracts/hardhat/skip-foundry-tests.js +6 -0
  515. package/lib/openzeppelin-contracts/hardhat/task-test-get-files.js +25 -0
  516. package/lib/openzeppelin-contracts/hardhat.config.js +131 -0
  517. package/lib/openzeppelin-contracts/lib/erc4626-tests/LICENSE +661 -0
  518. package/lib/openzeppelin-contracts/lib/erc4626-tests/README.md +116 -0
  519. package/lib/openzeppelin-contracts/lib/forge-std/.github/workflows/ci.yml +92 -0
  520. package/lib/openzeppelin-contracts/lib/forge-std/.gitmodules +3 -0
  521. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-APACHE +203 -0
  522. package/lib/openzeppelin-contracts/lib/forge-std/LICENSE-MIT +25 -0
  523. package/lib/openzeppelin-contracts/lib/forge-std/README.md +250 -0
  524. package/lib/openzeppelin-contracts/lib/forge-std/package.json +16 -0
  525. package/lib/openzeppelin-contracts/logo.svg +15 -0
  526. package/lib/openzeppelin-contracts/netlify.toml +3 -0
  527. package/lib/openzeppelin-contracts/package-lock.json +16544 -0
  528. package/lib/openzeppelin-contracts/package.json +96 -0
  529. package/lib/openzeppelin-contracts/remappings.txt +1 -0
  530. package/lib/openzeppelin-contracts/renovate.json +4 -0
  531. package/lib/openzeppelin-contracts/requirements.txt +1 -0
  532. package/lib/openzeppelin-contracts/scripts/checks/compare-layout.js +20 -0
  533. package/lib/openzeppelin-contracts/scripts/checks/compareGasReports.js +243 -0
  534. package/lib/openzeppelin-contracts/scripts/checks/extract-layout.js +38 -0
  535. package/lib/openzeppelin-contracts/scripts/checks/generation.sh +6 -0
  536. package/lib/openzeppelin-contracts/scripts/checks/inheritance-ordering.js +54 -0
  537. package/lib/openzeppelin-contracts/scripts/gen-nav.js +41 -0
  538. package/lib/openzeppelin-contracts/scripts/generate/format-lines.js +16 -0
  539. package/lib/openzeppelin-contracts/scripts/generate/run.js +49 -0
  540. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.js +247 -0
  541. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.opts.js +17 -0
  542. package/lib/openzeppelin-contracts/scripts/generate/templates/Checkpoints.t.js +146 -0
  543. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableMap.js +283 -0
  544. package/lib/openzeppelin-contracts/scripts/generate/templates/EnumerableSet.js +250 -0
  545. package/lib/openzeppelin-contracts/scripts/generate/templates/SafeCast.js +126 -0
  546. package/lib/openzeppelin-contracts/scripts/generate/templates/StorageSlot.js +78 -0
  547. package/lib/openzeppelin-contracts/scripts/generate/templates/conversion.js +30 -0
  548. package/lib/openzeppelin-contracts/scripts/git-user-config.sh +6 -0
  549. package/lib/openzeppelin-contracts/scripts/helpers.js +37 -0
  550. package/lib/openzeppelin-contracts/scripts/prepack.sh +23 -0
  551. package/lib/openzeppelin-contracts/scripts/prepare-docs.sh +26 -0
  552. package/lib/openzeppelin-contracts/scripts/release/format-changelog.js +33 -0
  553. package/lib/openzeppelin-contracts/scripts/release/synchronize-versions.js +15 -0
  554. package/lib/openzeppelin-contracts/scripts/release/update-comment.js +34 -0
  555. package/lib/openzeppelin-contracts/scripts/release/version.sh +11 -0
  556. package/lib/openzeppelin-contracts/scripts/release/workflow/exit-prerelease.sh +8 -0
  557. package/lib/openzeppelin-contracts/scripts/release/workflow/github-release.js +48 -0
  558. package/lib/openzeppelin-contracts/scripts/release/workflow/integrity-check.sh +20 -0
  559. package/lib/openzeppelin-contracts/scripts/release/workflow/pack.sh +26 -0
  560. package/lib/openzeppelin-contracts/scripts/release/workflow/publish.sh +26 -0
  561. package/lib/openzeppelin-contracts/scripts/release/workflow/rerun.js +7 -0
  562. package/lib/openzeppelin-contracts/scripts/release/workflow/set-changesets-pr-title.js +17 -0
  563. package/lib/openzeppelin-contracts/scripts/release/workflow/start.sh +35 -0
  564. package/lib/openzeppelin-contracts/scripts/release/workflow/state.js +112 -0
  565. package/lib/openzeppelin-contracts/scripts/remove-ignored-artifacts.js +45 -0
  566. package/lib/openzeppelin-contracts/scripts/solhint-custom/index.js +84 -0
  567. package/lib/openzeppelin-contracts/scripts/solhint-custom/package.json +5 -0
  568. package/lib/openzeppelin-contracts/scripts/update-docs-branch.js +65 -0
  569. package/lib/openzeppelin-contracts/scripts/upgradeable/README.md +21 -0
  570. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-apply.sh +19 -0
  571. package/lib/openzeppelin-contracts/scripts/upgradeable/patch-save.sh +18 -0
  572. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile-onto.sh +54 -0
  573. package/lib/openzeppelin-contracts/scripts/upgradeable/transpile.sh +47 -0
  574. package/lib/openzeppelin-contracts/scripts/upgradeable/upgradeable.patch +360 -0
  575. package/lib/openzeppelin-contracts/slither.config.json +5 -0
  576. package/lib/openzeppelin-contracts/solhint.config.js +20 -0
  577. package/mythril-lft-output.txt +1 -0
  578. package/mythril-lft-symbolic.txt +18 -0
  579. package/mythril-lft.sh +20 -0
  580. package/mythril-symbolic-output.txt +1 -0
  581. package/mythril-symbolic.sh +42 -0
  582. package/out/build-info/0026b78428192979.json +1 -0
  583. package/out/build-info/03c4fc3b88486eba.json +1 -0
  584. package/out/build-info/0540afa9b9a5c5a6.json +1 -0
  585. package/out/build-info/081932f505bc08b9.json +1 -0
  586. package/out/build-info/0da104ba0d6642d5.json +1 -0
  587. package/out/build-info/197281971dbb5f23.json +1 -0
  588. package/out/build-info/197e7e332832a232.json +1 -0
  589. package/out/build-info/1a1cab9136eb5f94.json +1 -0
  590. package/out/build-info/1b320204eb162aa2.json +1 -0
  591. package/out/build-info/1e03f94398052674.json +1 -0
  592. package/out/build-info/22ac085949602937.json +1 -0
  593. package/out/build-info/234ef37453a9fa64.json +1 -0
  594. package/out/build-info/2447db7b1878fa8e.json +1 -0
  595. package/out/build-info/25568daeb484f5ff.json +1 -0
  596. package/out/build-info/27465853244c49ce.json +1 -0
  597. package/out/build-info/2c57a9e0f087453b.json +1 -0
  598. package/out/build-info/3c62ae7de8da68c4.json +1 -0
  599. package/out/build-info/3e771ae109e97bb3.json +1 -0
  600. package/out/build-info/460499bc0a3465c4.json +1 -0
  601. package/out/build-info/47ce37e50a4f115e.json +1 -0
  602. package/out/build-info/4fcce5c63cf427d6.json +1 -0
  603. package/out/build-info/4fd0a53fe63fddbb.json +1 -0
  604. package/out/build-info/50f1247db9d769cc.json +1 -0
  605. package/out/build-info/5317d0181a7a5e02.json +1 -0
  606. package/out/build-info/594df509275ceb5b.json +1 -0
  607. package/out/build-info/61983ac3f6141719.json +1 -0
  608. package/out/build-info/638c4548307122fe.json +1 -0
  609. package/out/build-info/67c2c43bdb7c0ded.json +1 -0
  610. package/out/build-info/777f42643aad37b7.json +1 -0
  611. package/out/build-info/7d7856f19e845354.json +1 -0
  612. package/out/build-info/83976260b6f71e94.json +1 -0
  613. package/out/build-info/83c23882000b963d.json +1 -0
  614. package/out/build-info/84b2cce8f70b36be.json +1 -0
  615. package/out/build-info/8bc13d31d7c3206a.json +1 -0
  616. package/out/build-info/8e183bd4d9d8cf88.json +1 -0
  617. package/out/build-info/94bfe1e7cafa8ff5.json +1 -0
  618. package/out/build-info/99ec7d5e8d8ff360.json +1 -0
  619. package/out/build-info/9ac044b29daa7d5e.json +1 -0
  620. package/out/build-info/9b203227ff5d2e63.json +1 -0
  621. package/out/build-info/9d18c5872c4282dd.json +1 -0
  622. package/out/build-info/9f77f04f33baf9a3.json +1 -0
  623. package/out/build-info/a6e1caf974787982.json +1 -0
  624. package/out/build-info/a94b6348867a62d6.json +1 -0
  625. package/out/build-info/ad93721947a8b195.json +1 -0
  626. package/out/build-info/b42daddb5aa4b19f.json +1 -0
  627. package/out/build-info/bf13512ae899f7e8.json +1 -0
  628. package/out/build-info/c39f86c20a548c4a.json +1 -0
  629. package/out/build-info/cb12bb975a2f4e65.json +1 -0
  630. package/out/build-info/d0c6788fadc2aa60.json +1 -0
  631. package/out/build-info/d2726bf94ed5b845.json +1 -0
  632. package/out/build-info/d4eb00da50cce5cb.json +1 -0
  633. package/out/build-info/db931924a3bc8bdd.json +1 -0
  634. package/out/build-info/e1a503d49bc77401.json +1 -0
  635. package/out/build-info/efe5396f8892ce77.json +1 -0
  636. package/out/build-info/f536d90ced745969.json +1 -0
  637. package/out/build-info/fed38823c7019b82.json +1 -0
  638. package/package.json +51 -0
  639. package/page.html +5384 -0
  640. package/pancakeswap-simple-tvl.sql +15 -0
  641. package/pancakeswap-top-pools.sql +29 -0
  642. package/pancakeswap-tvl-optimized.sql +57 -0
  643. package/pancakeswap-tvl-query.sql +60 -0
  644. package/pancakeswap-underflow-hunting.sql +51 -0
  645. package/pancakeswap-vulnerability-queries.sql +200 -0
  646. package/posi_page.html +6369 -0
  647. package/posi_response.json +29 -0
  648. package/proxy_page.html +500 -0
  649. package/run_mythril_elephant.sh +18 -0
  650. package/sHEGIC-bytecode.bin +6 -0
  651. package/sHEGIC-mythril-analysis.txt +1 -0
  652. package/sHEGIC-mythril-full.txt +134 -0
  653. package/sHEGIC_ANALYSIS.md +135 -0
  654. package/sHEGIC_EXPLOIT_ANALYSIS.md +317 -0
  655. package/sHEGIC_MYTHRIL_ANALYSIS.md +361 -0
  656. package/scrape-snowcrash.js +28 -0
  657. package/scripts/yooshi_drain.sh +154 -0
  658. package/shi_raw.json +1 -0
  659. package/temp.json +1 -0
  660. package/temp_harvest.json +1 -0
  661. package/temp_pika.json +1 -0
  662. package/temp_posi.json +1 -0
  663. package/temp_response.json +1 -0
  664. package/test-lft-hidden-balance.js +108 -0
  665. package/test-xfi-exploit.js +140 -0
  666. package/trunk-liquidity-rescue.js +164 -0
  667. package/vBABY_page.html +6153 -0
  668. package/vBABY_response.json +29 -0
  669. package/wsg_response.json +1 -0
  670. package/yooldo_page.html +10371 -0
package/check-nora-lock.js ADDED
@@ -0,0 +1,67 @@
1
+ const ethers = require('ethers');
2
+
3
+ const provider = new ethers.providers.JsonRpcProvider('https://bsc-dataseed.binance.org/');
4
+
5
+ async function checkLock() {
6
+ const lockAddress = '0x7536592bb74b5d62eb82e8b93b17eed4eed9a85c';
7
+ const noraToken = '0x1f39dd2bf5a27e2d4ed691dcf933077371777cb0';
8
+
9
+ // Get bytecode
10
+ const code = await provider.getCode(lockAddress);
11
+ console.log('Lock contract bytecode length:', code.length);
12
+
13
+ // Check if it's verified
14
+ console.log('\nContract Address:', lockAddress);
15
+ console.log('Checking token balance in lock...\n');
16
+
17
+ const tokenContract = new ethers.Contract(noraToken, [
18
+ 'function balanceOf(address) view returns (uint256)',
19
+ 'function decimals() view returns (uint8)'
20
+ ], provider);
21
+
22
+ const balance = await tokenContract.balanceOf(lockAddress);
23
+ const decimals = await tokenContract.decimals();
24
+
25
+ console.log('NORA tokens locked:', ethers.utils.formatUnits(balance, decimals));
26
+ console.log('Raw balance:', balance.toString());
27
+
28
+ // Try to call common lock contract functions
29
+ const lockContract = new ethers.Contract(lockAddress, [
30
+ 'function withdrawTokens(address) external',
31
+ 'function token() view returns (address)',
32
+ 'function beneficiary() view returns (address)',
33
+ 'function releaseTime() view returns (uint256)',
34
+ 'function owner() view returns (address)'
35
+ ], provider);
36
+
37
+ try {
38
+ const token = await lockContract.token();
39
+ console.log('\nLocked token:', token);
40
+ } catch (e) {
41
+ console.log('\nNo token() function');
42
+ }
43
+
44
+ try {
45
+ const beneficiary = await lockContract.beneficiary();
46
+ console.log('Beneficiary:', beneficiary);
47
+ } catch (e) {
48
+ console.log('No beneficiary() function');
49
+ }
50
+
51
+ try {
52
+ const releaseTime = await lockContract.releaseTime();
53
+ const date = new Date(releaseTime.toNumber() * 1000);
54
+ console.log('Release time:', releaseTime.toString(), '(' + date.toISOString() + ')');
55
+ } catch (e) {
56
+ console.log('No releaseTime() function');
57
+ }
58
+
59
+ try {
60
+ const owner = await lockContract.owner();
61
+ console.log('Owner:', owner);
62
+ } catch (e) {
63
+ console.log('No owner() function');
64
+ }
65
+ }
66
+
67
+ checkLock().catch(console.error);
package/check-oiler-approvals.js ADDED
@@ -0,0 +1,116 @@
1
+ const { ethers } = require('ethers');
2
+
3
+ // Setup provider
4
+ const provider = new ethers.providers.JsonRpcProvider('https://eth-mainnet.g.alchemy.com/v2/5IWkkFu-rS6plYHO9MLq-');
5
+
6
+ // Addresses
7
+ const OIL_TOKEN = '0x0275E1001e293C46CFe158B3702AADe0B99f88a5';
8
+ const PROXY = '0xA94db69502920A657F8685978e62D3E3B9762adf';
9
+
10
+ async function checkApprovals() {
11
+ console.log('=== CHECKING ALL OIL APPROVALS FROM PROXY ===\n');
12
+ console.log(`Proxy: ${PROXY}`);
13
+ console.log(`OIL Token: ${OIL_TOKEN}\n`);
14
+
15
+ try {
16
+ // Get all Approval events where owner = PROXY
17
+ const approvalTopic = ethers.utils.id('Approval(address,address,uint256)');
18
+ const proxyTopic = ethers.utils.hexZeroPad(PROXY.toLowerCase(), 32);
19
+
20
+ console.log('Fetching approval events from blockchain...\n');
21
+
22
+ // Get events in chunks (last 10000 blocks at a time)
23
+ const currentBlock = await provider.getBlockNumber();
24
+ const startBlock = currentBlock - 100000; // Last ~100k blocks
25
+
26
+ const filter = {
27
+ address: OIL_TOKEN,
28
+ topics: [
29
+ approvalTopic,
30
+ proxyTopic // owner = PROXY
31
+ ],
32
+ fromBlock: startBlock,
33
+ toBlock: 'latest'
34
+ };
35
+
36
+ const logs = await provider.getLogs(filter);
37
+
38
+ console.log(`Found ${logs.length} approval events\n`);
39
+
40
+ if (logs.length === 0) {
41
+ console.log('No recent approval events found.');
42
+ console.log('The proxy may have never approved OIL to any contract,');
43
+ console.log('or approvals happened more than 100k blocks ago.\n');
44
+ }
45
+
46
+ // Parse and display approvals
47
+ const ERC20_ABI = ['event Approval(address indexed owner, address indexed spender, uint256 value)'];
48
+ const iface = new ethers.utils.Interface(ERC20_ABI);
49
+
50
+ const approvals = new Map();
51
+
52
+ for (const log of logs) {
53
+ const parsed = iface.parseLog(log);
54
+ const spender = parsed.args.spender;
55
+ const value = parsed.args.value;
56
+
57
+ // Keep only the latest approval for each spender
58
+ approvals.set(spender, value);
59
+ }
60
+
61
+ console.log('=== CURRENT APPROVALS ===\n');
62
+
63
+ let hasActiveApprovals = false;
64
+
65
+ for (const [spender, value] of approvals.entries()) {
66
+ const valueFormatted = ethers.utils.formatUnits(value, 18);
67
+
68
+ if (!value.eq(0)) {
69
+ hasActiveApprovals = true;
70
+ console.log(`🚨 ACTIVE APPROVAL:`);
71
+ console.log(` Spender: ${spender}`);
72
+ console.log(` Amount: ${valueFormatted} OIL`);
73
+ console.log(` Raw: ${value.toString()}\n`);
74
+ } else {
75
+ console.log(`✅ Revoked approval to: ${spender}\n`);
76
+ }
77
+ }
78
+
79
+ if (!hasActiveApprovals && approvals.size > 0) {
80
+ console.log('\n✅ All approvals have been revoked (set to 0)');
81
+ console.log('The proxy is SAFE from approval-based attacks.\n');
82
+ } else if (!hasActiveApprovals && approvals.size === 0) {
83
+ console.log('No approval events found in recent history.\n');
84
+ }
85
+
86
+ // Now check specific common contracts
87
+ console.log('\n=== CHECKING SPECIFIC CONTRACTS ===\n');
88
+
89
+ const contractsToCheck = [
90
+ { name: 'Uniswap V2 Router', address: '0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D' },
91
+ { name: 'Uniswap V3 Router', address: '0xE592427A0AEce92De3Edee1F18E0157C05861564' },
92
+ { name: 'Uniswap V3 Router 2', address: '0x68b3465833fb72A70ecDF485E0e4C7bD8665Fc45' },
93
+ ];
94
+
95
+ const ERC20_ABI_CHECK = ['function allowance(address owner, address spender) view returns (uint256)'];
96
+ const oilToken = new ethers.Contract(OIL_TOKEN, ERC20_ABI_CHECK, provider);
97
+
98
+ for (const contract of contractsToCheck) {
99
+ const allowance = await oilToken.allowance(PROXY, contract.address);
100
+ const allowanceFormatted = ethers.utils.formatUnits(allowance, 18);
101
+
102
+ if (allowance.gt(0)) {
103
+ console.log(`🚨 ${contract.name}:`);
104
+ console.log(` Address: ${contract.address}`);
105
+ console.log(` Allowance: ${allowanceFormatted} OIL\n`);
106
+ } else {
107
+ console.log(`✅ ${contract.name}: No approval\n`);
108
+ }
109
+ }
110
+
111
+ } catch (error) {
112
+ console.error('Error:', error.message);
113
+ }
114
+ }
115
+
116
+ checkApprovals();
package/check-oiler-proxy.js ADDED
@@ -0,0 +1,73 @@
1
+ const { ethers } = require('ethers');
2
+
3
+ // Setup provider (ethers v5 syntax)
4
+ const provider = new ethers.providers.JsonRpcProvider('https://eth-mainnet.g.alchemy.com/v2/5IWkkFu-rS6plYHO9MLq-');
5
+
6
+ // Addresses
7
+ const OIL_TOKEN = '0x0275E1001e293C46CFe158B3702AADe0B99f88a5';
8
+ const PROXY = '0xA94db69502920A657F8685978e62D3E3B9762adf';
9
+ const UNISWAP_ROUTER = '0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D';
10
+
11
+ // ERC20 ABI (minimal)
12
+ const ERC20_ABI = [
13
+ 'function balanceOf(address) view returns (uint256)',
14
+ 'function allowance(address owner, address spender) view returns (uint256)',
15
+ 'function decimals() view returns (uint8)'
16
+ ];
17
+
18
+ async function checkProxyState() {
19
+ console.log('=== OILER LP PROXY ANALYSIS ===\n');
20
+
21
+ const oilToken = new ethers.Contract(OIL_TOKEN, ERC20_ABI, provider);
22
+
23
+ try {
24
+ // Get proxy's OIL balance
25
+ const balance = await oilToken.balanceOf(PROXY);
26
+ const decimals = await oilToken.decimals();
27
+ const balanceFormatted = ethers.utils.formatUnits(balance, decimals);
28
+
29
+ console.log(`Proxy Address: ${PROXY}`);
30
+ console.log(`OIL Token: ${OIL_TOKEN}`);
31
+ console.log(`\nProxy OIL Balance: ${balance.toString()} (${balanceFormatted} OIL)`);
32
+
33
+ // Get proxy's approval to Uniswap Router
34
+ const approval = await oilToken.allowance(PROXY, UNISWAP_ROUTER);
35
+ const approvalFormatted = ethers.utils.formatUnits(approval, decimals);
36
+
37
+ console.log(`\nApproval to Uniswap Router: ${approval.toString()} (${approvalFormatted} OIL)`);
38
+ console.log(`Router Address: ${UNISWAP_ROUTER}`);
39
+
40
+ // Analysis
41
+ console.log('\n=== VULNERABILITY ANALYSIS ===');
42
+
43
+ if (approval.gt(0) && balance.gt(0)) {
44
+ const maxSteal = approval.lt(balance) ? approval : balance;
45
+ const maxStealFormatted = ethers.utils.formatUnits(maxSteal, decimals);
46
+
47
+ console.log(`\n🚨 CRITICALLY VULNERABLE!`);
48
+ console.log(`\nThe proxy has approved ${approvalFormatted} OIL to the Uniswap Router.`);
49
+ console.log(`Combined with the OIL token's transferAndCall reentrancy bug,`);
50
+ console.log(`an attacker can steal up to ${maxStealFormatted} OIL tokens!`);
51
+ console.log(`\nATTACK VECTOR:`);
52
+ console.log(`1. Call OIL.transferAndCall() to trigger callback`);
53
+ console.log(`2. During callback, call OIL.transferFrom(PROXY, attacker, amount)`);
54
+ console.log(`3. The approval allows transferFrom to succeed`);
55
+ console.log(`4. Steal ${maxStealFormatted} OIL tokens`);
56
+
57
+ // Calculate USD value (approximate)
58
+ console.log(`\n💰 POTENTIAL LOSS: ~${maxStealFormatted} OIL tokens`);
59
+
60
+ } else if (approval.eq(0)) {
61
+ console.log(`\n✅ SAFE: Proxy has no approval to Router`);
62
+ console.log(`The proxy cannot be exploited via this attack vector.`);
63
+ } else if (balance.eq(0)) {
64
+ console.log(`\n✅ SAFE: Proxy has no OIL balance`);
65
+ console.log(`Nothing to steal.`);
66
+ }
67
+
68
+ } catch (error) {
69
+ console.error('Error:', error.message);
70
+ }
71
+ }
72
+
73
+ checkProxyState();
package/check-oiler-staking.js ADDED
@@ -0,0 +1,117 @@
1
+ const { ethers } = require('ethers');
2
+
3
+ const provider = new ethers.providers.JsonRpcProvider('https://eth-mainnet.g.alchemy.com/v2/5IWkkFu-rS6plYHO9MLq-');
4
+
5
+ const OIL_TOKEN = '0x0275E1001e293C46CFe158B3702AADe0B99f88a5';
6
+ const STAKING_CONTRACT = '0xe546f8f17aff17c05dac9f9b4f9957f725fab087';
7
+ const OIL_USDC_LP = '0x0e9c8107682ab88604b4fbf847eeeceacf38e9e6'; // Uniswap V2 OIL-USDC pair
8
+
9
+ const ERC20_ABI = [
10
+ 'function balanceOf(address) view returns (uint256)',
11
+ 'function allowance(address owner, address spender) view returns (uint256)',
12
+ 'function decimals() view returns (uint8)',
13
+ 'function symbol() view returns (string)',
14
+ 'function name() view returns (string)'
15
+ ];
16
+
17
+ async function checkStaking() {
18
+ console.log('=== OILER STAKING CONTRACT ANALYSIS ===\n');
19
+ console.log(`Staking Contract: ${STAKING_CONTRACT}\n`);
20
+
21
+ const oilToken = new ethers.Contract(OIL_TOKEN, ERC20_ABI, provider);
22
+ const lpToken = new ethers.Contract(OIL_USDC_LP, ERC20_ABI, provider);
23
+
24
+ // Check OIL balance
25
+ const oilBalance = await oilToken.balanceOf(STAKING_CONTRACT);
26
+ const oilDecimals = await oilToken.decimals();
27
+ const oilBalanceFormatted = ethers.utils.formatUnits(oilBalance, oilDecimals);
28
+
29
+ console.log('=== TOKEN BALANCES ===');
30
+ console.log(`OIL Balance: ${oilBalanceFormatted} OIL`);
31
+
32
+ // Check LP token balance
33
+ const lpBalance = await lpToken.balanceOf(STAKING_CONTRACT);
34
+ const lpDecimals = await lpToken.decimals();
35
+ const lpBalanceFormatted = ethers.utils.formatUnits(lpBalance, lpDecimals);
36
+
37
+ console.log(`LP Token Balance: ${lpBalanceFormatted} LP tokens\n`);
38
+
39
+ // Check approvals from staking contract
40
+ const contractsToCheck = [
41
+ { name: 'Uniswap V2 Router', address: '0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D' },
42
+ { name: 'Uniswap V3 Router', address: '0xE592427A0AEce92De3Edee1F18E0157C05861564' },
43
+ { name: 'SushiSwap Router', address: '0xd9e1cE17f2641f24aE83637ab66a2cca9C378B9F' },
44
+ ];
45
+
46
+ console.log('=== OIL TOKEN APPROVALS FROM STAKING CONTRACT ===\n');
47
+
48
+ let vulnerableOil = false;
49
+
50
+ for (const contract of contractsToCheck) {
51
+ const allowance = await oilToken.allowance(STAKING_CONTRACT, contract.address);
52
+ const allowanceFormatted = ethers.utils.formatUnits(allowance, oilDecimals);
53
+
54
+ if (allowance.gt(0)) {
55
+ console.log(`🚨 VULNERABLE!`);
56
+ console.log(` Contract: ${contract.name}`);
57
+ console.log(` Address: ${contract.address}`);
58
+ console.log(` OIL Allowance: ${allowanceFormatted} OIL\n`);
59
+ vulnerableOil = true;
60
+ } else {
61
+ console.log(`✅ ${contract.name}: No OIL approval`);
62
+ }
63
+ }
64
+
65
+ console.log('\n=== LP TOKEN APPROVALS FROM STAKING CONTRACT ===\n');
66
+
67
+ let vulnerableLp = false;
68
+
69
+ for (const contract of contractsToCheck) {
70
+ const allowance = await lpToken.allowance(STAKING_CONTRACT, contract.address);
71
+ const allowanceFormatted = ethers.utils.formatUnits(allowance, lpDecimals);
72
+
73
+ if (allowance.gt(0)) {
74
+ console.log(`🚨 LP APPROVAL FOUND!`);
75
+ console.log(` Contract: ${contract.name}`);
76
+ console.log(` Address: ${contract.address}`);
77
+ console.log(` LP Allowance: ${allowanceFormatted} LP\n`);
78
+ vulnerableLp = true;
79
+ } else {
80
+ console.log(`✅ ${contract.name}: No LP approval`);
81
+ }
82
+ }
83
+
84
+ // Get contract bytecode to check if it's verified
85
+ const code = await provider.getCode(STAKING_CONTRACT);
86
+ console.log(`\n=== CONTRACT INFO ===`);
87
+ console.log(`Bytecode length: ${code.length} bytes`);
88
+ console.log(`Contract is deployed: ${code !== '0x'}`);
89
+
90
+ console.log('\n=== VULNERABILITY ASSESSMENT ===\n');
91
+
92
+ if (vulnerableOil) {
93
+ console.log('🚨 CRITICALLY VULNERABLE!');
94
+ console.log('The staking contract has approved OIL to external contracts.');
95
+ console.log('Combined with OIL token\'s transferAndCall reentrancy bug,');
96
+ console.log('an attacker can drain the approved OIL tokens!\n');
97
+ console.log('ATTACK VECTOR:');
98
+ console.log('1. Call OIL.transferAndCall() to trigger callback');
99
+ console.log('2. During callback, call OIL.transferFrom(STAKING, attacker, amount)');
100
+ console.log('3. Steal all approved OIL tokens\n');
101
+ } else if (vulnerableLp) {
102
+ console.log('⚠️ LP tokens are approved but OIL is not.');
103
+ console.log('LP tokens themselves don\'t have transferAndCall,');
104
+ console.log('so direct reentrancy attack may not work.\n');
105
+ } else {
106
+ console.log('✅ NO ACTIVE APPROVALS FOUND');
107
+ console.log('The staking contract appears safe from approval-based attacks.');
108
+ console.log('However, check the contract source code for other vulnerabilities.\n');
109
+ }
110
+
111
+ // Summary
112
+ console.log('=== SUMMARY ===');
113
+ console.log(`Total OIL at risk: ${vulnerableOil ? oilBalanceFormatted : '0'} OIL`);
114
+ console.log(`Total LP at risk: ${vulnerableLp ? lpBalanceFormatted : '0'} LP`);
115
+ }
116
+
117
+ checkStaking().catch(console.error);
package/check-proxy-simple.js ADDED
@@ -0,0 +1,71 @@
1
+ const { ethers } = require('ethers');
2
+
3
+ const provider = new ethers.providers.JsonRpcProvider('https://eth-mainnet.g.alchemy.com/v2/5IWkkFu-rS6plYHO9MLq-');
4
+
5
+ const OIL_TOKEN = '0x0275E1001e293C46CFe158B3702AADe0B99f88a5';
6
+ const PROXY = '0xA94db69502920A657F8685978e62D3E3B9762adf';
7
+
8
+ const ERC20_ABI = [
9
+ 'function balanceOf(address) view returns (uint256)',
10
+ 'function allowance(address owner, address spender) view returns (uint256)',
11
+ 'function decimals() view returns (uint8)'
12
+ ];
13
+
14
+ async function checkProxy() {
15
+ console.log('=== OILER LP PROXY VULNERABILITY CHECK ===\n');
16
+
17
+ const oilToken = new ethers.Contract(OIL_TOKEN, ERC20_ABI, provider);
18
+
19
+ // Get balance
20
+ const balance = await oilToken.balanceOf(PROXY);
21
+ const decimals = await oilToken.decimals();
22
+ const balanceFormatted = ethers.utils.formatUnits(balance, decimals);
23
+
24
+ console.log(`Proxy: ${PROXY}`);
25
+ console.log(`OIL Balance: ${balanceFormatted} OIL\n`);
26
+
27
+ // Check common contracts
28
+ const contractsToCheck = [
29
+ { name: 'Uniswap V2 Router', address: '0x7a250d5630B4cF539739dF2C5dAcb4c659F2488D' },
30
+ { name: 'Uniswap V3 Router', address: '0xE592427A0AEce92De3Edee1F18E0157C05861564' },
31
+ { name: 'Uniswap V3 Router 2', address: '0x68b3465833fb72A70ecDF485E0e4C7bD8665Fc45' },
32
+ { name: 'SushiSwap Router', address: '0xd9e1cE17f2641f24aE83637ab66a2cca9C378B9F' },
33
+ { name: '1inch Router V5', address: '0x1111111254EEB25477B68fb85Ed929f73A960582' },
34
+ ];
35
+
36
+ console.log('=== CHECKING APPROVALS ===\n');
37
+
38
+ let vulnerable = false;
39
+
40
+ for (const contract of contractsToCheck) {
41
+ const allowance = await oilToken.allowance(PROXY, contract.address);
42
+ const allowanceFormatted = ethers.utils.formatUnits(allowance, decimals);
43
+
44
+ if (allowance.gt(0)) {
45
+ console.log(`🚨 VULNERABLE!`);
46
+ console.log(` Contract: ${contract.name}`);
47
+ console.log(` Address: ${contract.address}`);
48
+ console.log(` Allowance: ${allowanceFormatted} OIL`);
49
+ console.log(` Can steal: ${allowanceFormatted} OIL via reentrancy\n`);
50
+ vulnerable = true;
51
+ } else {
52
+ console.log(`✅ ${contract.name}: No approval`);
53
+ }
54
+ }
55
+
56
+ console.log('\n=== CONCLUSION ===\n');
57
+
58
+ if (vulnerable) {
59
+ console.log('🚨 PROXY IS VULNERABLE TO REENTRANCY ATTACK!');
60
+ console.log('The OIL token has a transferAndCall reentrancy bug.');
61
+ console.log('An attacker can steal approved tokens during the callback.\n');
62
+ } else {
63
+ console.log('✅ PROXY IS CURRENTLY SAFE');
64
+ console.log('No active approvals found to common DEX routers.');
65
+ console.log('The proxy cannot be exploited via this attack vector.\n');
66
+ console.log('NOTE: The proxy may have approved other contracts not checked here.');
67
+ console.log('To be 100% certain, you would need to scan all historical Approval events.\n');
68
+ }
69
+ }
70
+
71
+ checkProxy().catch(console.error);
package/check-recent-stakes.js ADDED
@@ -0,0 +1,54 @@
1
+ const { ethers } = require('ethers');
2
+
3
+ const RPC = 'https://bsc-mainnet.infura.io/v3/db4d2c885bc946b691dbb3d5ef26d9e2';
4
+ const STAKING = '0x3E13019dA3BAAd134493e751704D2D4245Eec7CA';
5
+
6
+ // Staked event signature
7
+ const STAKED_EVENT = '0x9cfd25589d1eb8ad71e342a86a8524e83522e3936c0803048c08f6d9ad974f40';
8
+
9
+ // Also check for unstake events
10
+ const UNSTAKE_EVENT = '0x'; // We'll check all events
11
+
12
+ async function main() {
13
+ const provider = new ethers.providers.JsonRpcProvider(RPC);
14
+
15
+ const latestBlock = await provider.getBlockNumber();
16
+ console.log('Latest block:', latestBlock);
17
+ console.log('Checking last 5000 blocks for any events...\n');
18
+
19
+ // Check in smaller chunks
20
+ const chunkSize = 500;
21
+ for (let i = 0; i < 10; i++) {
22
+ const fromBlock = latestBlock - (i + 1) * chunkSize;
23
+ const toBlock = latestBlock - i * chunkSize;
24
+
25
+ try {
26
+ const logs = await provider.getLogs({
27
+ address: STAKING,
28
+ fromBlock,
29
+ toBlock
30
+ });
31
+
32
+ if (logs.length > 0) {
33
+ console.log(`Found ${logs.length} events in blocks ${fromBlock}-${toBlock}`);
34
+ console.log('Most recent event:');
35
+ const log = logs[logs.length - 1];
36
+ console.log('Block:', log.blockNumber);
37
+ console.log('Tx:', log.transactionHash);
38
+ console.log('Topics:', log.topics);
39
+
40
+ const block = await provider.getBlock(log.blockNumber);
41
+ const date = new Date(block.timestamp * 1000);
42
+ console.log('Date:', date.toISOString());
43
+ return;
44
+ }
45
+ } catch (e) {
46
+ console.log(`Error checking blocks ${fromBlock}-${toBlock}:`, e.message);
47
+ }
48
+ }
49
+
50
+ console.log('No recent events found in last 5000 blocks');
51
+ console.log('Contract might be inactive');
52
+ }
53
+
54
+ main().catch(console.error);
package/check-shegic-holdings.js ADDED
@@ -0,0 +1,67 @@
1
+ const { ethers } = require('ethers');
2
+
3
+ const provider = new ethers.providers.JsonRpcProvider('https://eth-mainnet.g.alchemy.com/v2/5IWkkFu-rS6plYHO9MLq-');
4
+
5
+ const SHEGIC = '0x6859ea44DC8E9A42222Ea1BC38ED74E8c8fe6DC7';
6
+ const HEGIC = '0x584bC13c7D411c00c01A62e8019472dE68768430';
7
+
8
+ const ERC20_ABI = [
9
+ 'function balanceOf(address) view returns (uint256)',
10
+ 'function totalSupply() view returns (uint256)',
11
+ 'function name() view returns (string)',
12
+ 'function symbol() view returns (string)'
13
+ ];
14
+
15
+ async function checkHoldings() {
16
+ console.log('=== sHEGIC CONTRACT ANALYSIS ===\n');
17
+ console.log(`sHEGIC: ${SHEGIC}`);
18
+ console.log(`HEGIC: ${HEGIC}\n`);
19
+
20
+ // Check ETH balance
21
+ const ethBalance = await provider.getBalance(SHEGIC);
22
+ console.log(`ETH Balance: ${ethers.utils.formatEther(ethBalance)} ETH\n`);
23
+
24
+ // Check HEGIC balance
25
+ const hegicToken = new ethers.Contract(HEGIC, ERC20_ABI, provider);
26
+ const hegicBalance = await hegicToken.balanceOf(SHEGIC);
27
+ console.log(`HEGIC Balance: ${ethers.utils.formatUnits(hegicBalance, 18)} HEGIC\n`);
28
+
29
+ // Check sHEGIC total supply
30
+ const shegicToken = new ethers.Contract(SHEGIC, ERC20_ABI, provider);
31
+ const totalSupply = await shegicToken.totalSupply();
32
+ console.log(`sHEGIC Total Supply: ${ethers.utils.formatUnits(totalSupply, 18)} sHEGIC\n`);
33
+
34
+ // Check recent transactions
35
+ console.log('=== CHECKING FOR VALUE ===\n');
36
+
37
+ if (ethBalance.eq(0) && hegicBalance.eq(0)) {
38
+ console.log('❌ NO FUNDS TO EXPLOIT');
39
+ console.log('The contract holds no ETH and no HEGIC tokens.');
40
+ console.log('Even if vulnerabilities exist, there is nothing to steal.\n');
41
+ } else {
42
+ console.log('✅ FUNDS DETECTED');
43
+ console.log(`Total Value: ${ethers.utils.formatEther(ethBalance)} ETH + ${ethers.utils.formatUnits(hegicBalance, 18)} HEGIC\n`);
44
+ }
45
+
46
+ // Check if contract is active
47
+ const code = await provider.getCode(SHEGIC);
48
+ console.log(`Contract Size: ${code.length} bytes`);
49
+ console.log(`Contract Active: ${code !== '0x'}\n`);
50
+
51
+ console.log('=== VULNERABILITY ASSESSMENT ===\n');
52
+ console.log('Mythril found:');
53
+ console.log('- 2x Integer Overflow (name/symbol) - View functions only');
54
+ console.log('- 2x Timestamp Dependence (withdraw/transfer) - Requires funds');
55
+ console.log('- 3x Assertion Violations - Logic errors\n');
56
+
57
+ console.log('EXPLOIT POTENTIAL:');
58
+ if (ethBalance.eq(0) && hegicBalance.eq(0)) {
59
+ console.log('❌ CANNOT EXPLOIT - No funds in contract');
60
+ console.log('The vulnerabilities are real but there is nothing to steal.');
61
+ } else {
62
+ console.log('⚠️ POTENTIALLY EXPLOITABLE');
63
+ console.log('Timestamp manipulation could allow early withdrawals.');
64
+ }
65
+ }
66
+
67
+ checkHoldings().catch(console.error);
package/check-snowcrash-ecosystem.js ADDED
@@ -0,0 +1,83 @@
1
+ const ethers = require('ethers');
2
+
3
+ const provider = new ethers.providers.JsonRpcProvider('https://bsc-dataseed.binance.org/');
4
+
5
+ async function checkEcosystem() {
6
+ const tokenAddress = '0x1f39dd2bf5a27e2d4ed691dcf933077371777cb0';
7
+
8
+ // PancakeSwap V2 Factory
9
+ const factoryAddress = '0xcA143Ce32Fe78f1f7019d7d551a6402fC5350c73';
10
+ const factoryAbi = ['function getPair(address,address) view returns (address)'];
11
+ const factory = new ethers.Contract(factoryAddress, factoryAbi, provider);
12
+
13
+ const wbnb = '0xbb4CdB9CBd36B01bD1cBaEBF2De08d9173bc095c';
14
+ const busd = '0xe9e7CEA3DedcA5984780Bafc599bD69ADd087D56';
15
+ const usdt = '0x55d398326f99059fF775485246999027B3197955';
16
+
17
+ console.log('Checking for LP pairs...\n');
18
+
19
+ // Check NORA-WBNB
20
+ const pairWBNB = await factory.getPair(tokenAddress, wbnb);
21
+ console.log('NORA-WBNB pair:', pairWBNB);
22
+ if (pairWBNB !== ethers.constants.AddressZero) {
23
+ const pairContract = new ethers.Contract(pairWBNB, [
24
+ 'function getReserves() view returns (uint112,uint112,uint32)',
25
+ 'function token0() view returns (address)',
26
+ 'function token1() view returns (address)'
27
+ ], provider);
28
+
29
+ const reserves = await pairContract.getReserves();
30
+ const token0 = await pairContract.token0();
31
+ const token1 = await pairContract.token1();
32
+
33
+ console.log(' Token0:', token0);
34
+ console.log(' Token1:', token1);
35
+ console.log(' Reserve0:', ethers.utils.formatEther(reserves[0]));
36
+ console.log(' Reserve1:', ethers.utils.formatEther(reserves[1]));
37
+ }
38
+
39
+ // Check NORA-BUSD
40
+ const pairBUSD = await factory.getPair(tokenAddress, busd);
41
+ console.log('\nNORA-BUSD pair:', pairBUSD);
42
+ if (pairBUSD !== ethers.constants.AddressZero) {
43
+ const pairContract = new ethers.Contract(pairBUSD, [
44
+ 'function getReserves() view returns (uint112,uint112,uint32)'
45
+ ], provider);
46
+ const reserves = await pairContract.getReserves();
47
+ console.log(' Reserve0:', ethers.utils.formatEther(reserves[0]));
48
+ console.log(' Reserve1:', ethers.utils.formatEther(reserves[1]));
49
+ }
50
+
51
+ // Check NORA-USDT
52
+ const pairUSDT = await factory.getPair(tokenAddress, usdt);
53
+ console.log('\nNORA-USDT pair:', pairUSDT);
54
+ if (pairUSDT !== ethers.constants.AddressZero) {
55
+ const pairContract = new ethers.Contract(pairUSDT, [
56
+ 'function getReserves() view returns (uint112,uint112,uint32)'
57
+ ], provider);
58
+ const reserves = await pairContract.getReserves();
59
+ console.log(' Reserve0:', ethers.utils.formatEther(reserves[0]));
60
+ console.log(' Reserve1:', ethers.utils.formatEther(reserves[1]));
61
+ }
62
+
63
+ // Check token distribution
64
+ console.log('\n--- Token Distribution ---');
65
+ const token = new ethers.Contract(tokenAddress, [
66
+ 'function balanceOf(address) view returns (uint256)',
67
+ 'function totalSupply() view returns (uint256)'
68
+ ], provider);
69
+
70
+ const totalSupply = await token.totalSupply();
71
+ console.log('Total Supply:', ethers.utils.formatEther(totalSupply));
72
+
73
+ // Check deployer balance
74
+ const deployer = '0xb9486eb11a51492b0af1a1f3248e399c17d89597';
75
+ const deployerBalance = await token.balanceOf(deployer);
76
+ console.log('Deployer balance:', ethers.utils.formatEther(deployerBalance));
77
+
78
+ // Check contract balance
79
+ const contractBalance = await token.balanceOf(tokenAddress);
80
+ console.log('Contract balance:', ethers.utils.formatEther(contractBalance));
81
+ }
82
+
83
+ checkEcosystem().catch(console.error);