d7c2184ccf
## Changes ### Configuration - Added .solhint.json with recommended rules + custom config - 160 char line length (warn) - Double quotes enforcement (error) - Explicit visibility required (error) - Console statements allowed (scripts/tests need them) - Gas optimization warnings enabled - Ignores test/helpers/, lib/, out/, cache/, broadcast/ - Added foundry.toml [fmt] section - 160 char line length - 4-space tabs - Double quotes - Thousands separators for numbers - Sort imports enabled - Added .lintstagedrc.json for pre-commit auto-fix - Runs solhint --fix on .sol files - Runs forge fmt on .sol files - Added husky pre-commit hook via lint-staged ### NPM Scripts - lint:sol - run solhint - lint:sol:fix - auto-fix solhint issues - format:sol - format with forge fmt - format:sol:check - check formatting - lint / lint:fix - combined commands ### Code Changes - Added explicit visibility modifiers (internal) to constants in scripts and tests - Fixed quote style in DeployLocal.sol - All Solidity files formatted with forge fmt ## Verification - ✅ forge fmt --check passes - ✅ No solhint errors (warnings only) - ✅ forge build succeeds - ✅ forge test passes (107/107) resolves #44 Co-authored-by: johba <johba@harb.eth> Reviewed-on: https://codeberg.org/johba/harb/pulls/51
60 lines
1.9 KiB
Solidity
60 lines
1.9 KiB
Solidity
// SPDX-License-Identifier: GPL-3.0-or-later
|
|
pragma solidity ^0.8.19;
|
|
|
|
/**
|
|
* @title MaliciousOptimizer
|
|
* @notice Intentionally returns parameters that should break the protocol
|
|
* @dev Used to find edge cases where the LiquidityManager becomes exploitable
|
|
*/
|
|
contract MaliciousOptimizer {
|
|
uint256 private callCount;
|
|
|
|
function getOptimalParameters(
|
|
uint256, // percentageStaked
|
|
uint256, // avgTaxRate
|
|
uint256 // sentiment
|
|
)
|
|
external
|
|
returns (uint256, uint256, uint256, uint256)
|
|
{
|
|
callCount++;
|
|
|
|
// Return parameters that should cause problems:
|
|
// 1. First call: All liquidity in floor (no anchor protection)
|
|
if (callCount == 1) {
|
|
return (
|
|
0, // 0% capital inefficiency (minimum KRAIKEN value)
|
|
0, // 0% anchor share (100% to floor)
|
|
1, // Minimal width
|
|
0 // No discovery
|
|
);
|
|
}
|
|
|
|
// 2. Second call: Suddenly switch to all anchor (no floor protection)
|
|
if (callCount == 2) {
|
|
return (
|
|
1e18, // 100% capital inefficiency (maximum KRAIKEN value)
|
|
1e18, // 100% anchor share (0% to floor)
|
|
100, // Maximum width
|
|
0 // No discovery
|
|
);
|
|
}
|
|
|
|
// 3. Third call: Create huge discovery position
|
|
if (callCount == 3) {
|
|
return (
|
|
0.5e18, // 50% capital inefficiency
|
|
0.1e18, // 10% anchor share
|
|
10, // Small width
|
|
100e18 // Massive discovery depth
|
|
);
|
|
}
|
|
|
|
// 4. Oscillate wildly
|
|
return (callCount % 2 == 0 ? 0 : 1e18, callCount % 2 == 0 ? 0 : 1e18, callCount % 2 == 0 ? 1 : 100, callCount % 2 == 0 ? 0 : 10e18);
|
|
}
|
|
|
|
function calculateSentiment(uint256, uint256) public pure returns (uint256) {
|
|
return 0;
|
|
}
|
|
}
|