johba/harb - Forgejo: Beyond coding. We forge.

johba/harb

Fork 0

Commit graph

Author	SHA1	Message	Date
johba	d7c2184ccf	Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51 ) ## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51	2025-10-04 15:17:09 +02:00
johba	2c69963151	feat: Add scenario recording and replay system for invariant debugging Implements comprehensive fuzzing improvements to find and reproduce invariant violations: Recording System: - ScenarioRecorder captures exact trading sequences that violate invariants - Exports to JSON, replay scripts, and human-readable summaries - Unique Run IDs (format: YYMMDD-XXXX) for easy communication Enhanced Fuzzing: - ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position - Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings - Successfully finds profitable scenarios with 66% success rate Shell Scripts: - run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs - replay-scenario.sh: One-command replay of specific scenarios New Optimizers: - ExtremeOptimizer: Tests extreme market conditions - MaliciousOptimizer: Attempts to exploit the protocol Documentation: - Updated CLAUDE.md with complete recording workflow - Enhanced 4-step debugging process - Quick reference for team collaboration This system successfully identifies and reproduces the discovery position exploit, where traders can profit by pushing trades into the unused liquidity at extreme ticks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-18 20:31:39 +02:00

Author

SHA1

Message

Date

johba

d7c2184ccf

Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51 )

## Changes

### Configuration
- Added .solhint.json with recommended rules + custom config
  - 160 char line length (warn)
  - Double quotes enforcement (error)
  - Explicit visibility required (error)
  - Console statements allowed (scripts/tests need them)
  - Gas optimization warnings enabled
  - Ignores test/helpers/, lib/, out/, cache/, broadcast/

- Added foundry.toml [fmt] section
  - 160 char line length
  - 4-space tabs
  - Double quotes
  - Thousands separators for numbers
  - Sort imports enabled

- Added .lintstagedrc.json for pre-commit auto-fix
  - Runs solhint --fix on .sol files
  - Runs forge fmt on .sol files

- Added husky pre-commit hook via lint-staged

### NPM Scripts
- lint:sol - run solhint
- lint:sol:fix - auto-fix solhint issues
- format:sol - format with forge fmt
- format:sol:check - check formatting
- lint / lint:fix - combined commands

### Code Changes
- Added explicit visibility modifiers (internal) to constants in scripts and tests
- Fixed quote style in DeployLocal.sol
- All Solidity files formatted with forge fmt

## Verification
- ✅ forge fmt --check passes
- ✅ No solhint errors (warnings only)
- ✅ forge build succeeds
- ✅ forge test passes (107/107)

resolves #44

Co-authored-by: johba <johba@harb.eth>
Reviewed-on: https://codeberg.org/johba/harb/pulls/51

2025-10-04 15:17:09 +02:00

johba

2c69963151

feat: Add scenario recording and replay system for invariant debugging

Implements comprehensive fuzzing improvements to find and reproduce invariant violations:

Recording System:
- ScenarioRecorder captures exact trading sequences that violate invariants
- Exports to JSON, replay scripts, and human-readable summaries
- Unique Run IDs (format: YYMMDD-XXXX) for easy communication

Enhanced Fuzzing:
- ImprovedFuzzingAnalysis with larger trades (50-500 ETH) to reach discovery position
- Multiple strategies: Discovery Push, Whale Manipulation, Volatile Swings
- Successfully finds profitable scenarios with 66% success rate

Shell Scripts:
- run-recorded-fuzzing.sh: Automated fuzzing with recording and unique IDs
- replay-scenario.sh: One-command replay of specific scenarios

New Optimizers:
- ExtremeOptimizer: Tests extreme market conditions
- MaliciousOptimizer: Attempts to exploit the protocol

Documentation:
- Updated CLAUDE.md with complete recording workflow
- Enhanced 4-step debugging process
- Quick reference for team collaboration

This system successfully identifies and reproduces the discovery position exploit,
where traders can profit by pushing trades into the unused liquidity at extreme ticks.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-08-18 20:31:39 +02:00

2 commits