johba/harb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: gardener housekeeping 2026-03-23

Browse source 
AGENTS.md watermarks refreshed to HEAD (209e0c7). Key content updates:
- root AGENTS.md: added packages/analytics/ to directory map
- landing/AGENTS.md: documented @harb/analytics integration and Umami funnel tracking
- web-app/AGENTS.md: documented analytics events (wallet_connect, swap_initiated, stake_created)
- onchain/AGENTS.md: documented AttackRunner fixes (taxRate as index, vm.warp, same-broadcast recenter), 2000-trade floor-ratchet evidence

Pending actions (6): promote #1083 and #1086 to backlog, unblock #1099.
This commit is contained in:
johba 2026-03-23 18:07:12 +00:00
parent 209e0c798e
commit 2ef2e48f8a
10 changed files with 57 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

5
onchain/AGENTS.md
View file

@ -1,4 +1,4 @@
<!-- last-reviewed: b276392e7a1d4eda36ec20a90ef22de471da2344 -->
<!-- last-reviewed: 209e0c798ea85204c5fe466ba7b54b874095e08f -->
# Agent Brief: Kraiken Protocol
## Protocol Philosophy & Business Logic
@ -72,5 +72,6 @@ The staking system traces a triangle in (staking%, avgTax) space:
- `recenterAccess` is removed — `recenter()` always enforces cooldown and TWAP stability. No bypass path exists.
- `feeDestinationLocked` prevents CREATE2 bypass: once `feeDestination` is set to a contract address, it cannot be changed. `setFeeDestination` checks `.code.length > 0` to detect contract addresses.
- Optimizer input slots 0-7 all require `<= 1e18` — the overflow guard previously only applied to slot 0 (`percentageStaked`); slots 1-7 (including `averageTaxRate`) are now also validated (#997).
- Floor Ratchet attack (buy→stake→recenter oscillation) is defeated — evidence in `evidence/red-team/2026-03-22-floor-ratchet-oscillation.json` shows floor holds under 2000-trade oscillation (#1067).
- Floor Ratchet attack (buy→stake→recenter oscillation) is defeated — evidence in `evidence/red-team/2026-03-22-floor-ratchet-oscillation.json` and `2026-03-23-floor-ratchet-oscillation.json` shows floor holds under the full 2000-trade oscillation sequence (#1082). Attack script now uses 200-iteration `buy_recenter_loop` with large stake (10M KRK) and proper `vm.warp` time advancement.
- `AttackRunner.s.sol`: `taxRate` param to `snatch()` is an **index into `TAX_RATES[]`**, not a raw rate value. `buy_recenter_loop` now advances `block.timestamp` by 61s per iteration (past 60s recenter cooldown) and calls `recenter()` in the same broadcast as the buy to avoid multi-key issues.
- Fee-income delta_bps calculation is documented in `evidence/README.md`; `LmTotalEth.s.sol` now captures the auditable snapshot methodology (#1084).