johba/harb
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
harb/onchain/test/mocks/MaliciousOptimizer.sol

61 lines
1.9 KiB
Solidity
Raw Normal View History

feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
// SPDX-License-Identifier: GPL-3.0-or-later
pragma solidity ^0.8.19;
/**
* @title MaliciousOptimizer
* @notice Intentionally returns parameters that should break the protocol
* @dev Used to find edge cases where the LiquidityManager becomes exploitable
*/
contract MaliciousOptimizer {
uint256 private callCount;
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
function getOptimalParameters(
uint256, // percentageStaked
uint256, // avgTaxRate
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
uint256 // sentiment
)
external
returns (uint256, uint256, uint256, uint256)
{
feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
callCount++;
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
// Return parameters that should cause problems:
// 1. First call: All liquidity in floor (no anchor protection)
if (callCount == 1) {
return (
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
0, // 0% capital inefficiency (minimum KRAIKEN value)
0, // 0% anchor share (100% to floor)
1, // Minimal width
0 // No discovery
feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
);
}
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
// 2. Second call: Suddenly switch to all anchor (no floor protection)
if (callCount == 2) {
return (
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
1e18, // 100% capital inefficiency (maximum KRAIKEN value)
1e18, // 100% anchor share (0% to floor)
100, // Maximum width
0 // No discovery
feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
);
}
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
// 3. Third call: Create huge discovery position
if (callCount == 3) {
return (
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
0.5e18, // 50% capital inefficiency
0.1e18, // 10% anchor share
10, // Small width
100e18 // Massive discovery depth
feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
);
}
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
// 4. Oscillate wildly
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
return (callCount % 2 == 0 ? 0 : 1e18, callCount % 2 == 0 ? 0 : 1e18, callCount % 2 == 0 ? 1 : 100, callCount % 2 == 0 ? 0 : 10e18);
feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
}
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-18 20:31:39 +02:00
function calculateSentiment(uint256, uint256) public pure returns (uint256) {
return 0;
}
Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
2025-10-04 15:17:09 +02:00
}
Reference in a new issue Copy permalink