Skip to content

Musyg/security-reviews

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

Security Reviews

Reproducible smart-contract and ZK circuit security reviews, one repository per vulnerability class. Each review ships a deliberately vulnerable target, an exploit proof of concept, a fixed branch that neutralises it, and a written report. Every PoC runs in CI on both branches, so the results can be checked without trusting a screenshot.

Reviews

Vulnerability class Review Finding Severity Tests
ERC-4626 inflation erc4626-inflation-audit First-deposit share inflation drains the next depositor High tests
Signature malleability eip712-signature-replay-audit An ECDSA-malleable twin replays a signed claim for a double-spend High tests
Reward accounting drift reward-accounting-drift-audit A stale accumulator on deposit lets a late depositor steal accrued rewards High tests
Oracle, reentrancy, rounding stvault-audit Lending vault: stale-oracle drain, cross-function reentrancy, fee under-charge High, Medium, Low tests
Access control (Vyper) vyper-access-control-audit An unguarded ownership transfer lets any account seize control and drain the vault High tests
Under-constrained ZK circuit circom-underconstrained-audit An unconstrained signal lets a forged witness pass Groth16 verification High tests
Formal verification (overflow) formal-verification-overflow-audit Averaging overflow refuted by a Halmos counterexample, then proven correct for all inputs Medium tests

How each review is structured

Two branches:

  • master: the vulnerable contract and a passing PoC that exploits it.
  • fixed: the remediated contract and the same scenario, now neutralised.

Plus a written report (Markdown and PDF) stating impact, root cause, and remediation.

Run any of them:

git clone https://github.com/Musyg/<review>.git
cd <review>
forge install
forge test -vv      # master: the exploit
git checkout fixed
forge test -vv      # fixed: neutralised

Note

These are demonstrations on intentionally vulnerable code, written to show methodology end to end. They are not production code and must never be deployed. Each finding is a real vulnerability in its demo contract, proven with an executable proof of concept.

About

Catalogue of reproducible smart-contract security reviews, one repository per vulnerability class. Each review ships a vulnerable target, an exploit PoC, a fixed branch, and a report.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors