https://github.com/assert-kth/dfhl-invariants

Humaira's Internship

https://github.com/assert-kth/dfhl-invariants

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (9.6%) to scientific vocabulary
Last synced: 10 months ago · JSON representation

Repository

Humaira's Internship

Basic Info
  • Host: GitHub
  • Owner: ASSERT-KTH
  • License: mit
  • Language: Solidity
  • Default Branch: main
  • Homepage:
  • Size: 6.79 MB
Statistics
  • Stars: 1
  • Watchers: 1
  • Forks: 1
  • Open Issues: 2
  • Releases: 0
Created about 1 year ago · Last pushed 11 months ago
Metadata Files
Readme License

README.md

DeFiHackLabs Invariants

This repository contains development of security invariants derived from real-world DeFi exploits, based on the DeFiHackLabs dataset.

Objective

To analyze historical DeFi exploits and develop and test invariants that could have mitigated or prevented the vulnerabilities exploited.

Repository Structure

``` dfhl-invariants/ ├── .github/ # GitHub Actions workflows ├── interfaces/ # Interfaces for smart contracts ├── lib/ # Utility libraries ├── nodemodules/ # OpenZeppelin Contracts ├── src/ # Source code for exploits │ ├── *exp/ # Example exploit folder │ │ ├── *.sol # Original contract │ │ ├── *patch.sol # Patched contract with invariants │ │ ├── *exp.sol # PoC exploit | | ├── diff.diff # diff file comparing original vs patched contract │ │ ├── memoryLayoutoriginal.txt # Memory layout of original contract │ │ ├── memoryLayoutpatch.txt # Memory layout after patch │ │ ├── original.bin # Original compiled bytecode │ │ ├── original.hex # Original bytecode in hex format │ │ ├── patch.bin # Patched compiled bytecode │ │ ├── patch.hex # Patched bytecode in hex format │ │ ├── readme.md # Summary │ │ ├── testoriginal.sh # Test script for original contract │ │ └── testpatch.sh # Test script for patched contract ├── .gitignore # Git ignore rules ├── LICENSE # Project license file ├── README.md # Project documentation ├── foundry.toml # Foundry configuration file ├── getcode.py # Script to retrieve contract code ├── mainnetfilter.py # Script to filter mainnet data └── mainnetforkanalysis.csv # Analysis results in CSV format

```

Workflow

  1. Exploit Simulation Each exploit has its own folder in src/. The PoC is in *_exp.sol, and the original contract is in *.sol.

  2. Invariant Identification Analyze the PoC to identify invariant violations.

  3. Implementation Implement the invariants in *_patch.sol and update bytecode (patch.bin / patch.hex).

  4. Verification Use Foundry’s vm.etch to inject modified bytecode and test the patched bytecode to ensure the invariant blocks the exploit.

  5. Testing Run test_original.sh and test_patch.sh to compare behaviour before and after the patch.

Tools

  • Foundry — for writing, compiling, and testing smart contracts.

Running Tests

bash cd dfhl-invariants Run tests for the original contract: ```bash

Make the test script executable

chmod +x src//test_original.sh

Run the test

./src//test_original.sh ```

Run tests for the patched contract: ```bash

Make the test script executable

chmod +x src//test_patch.sh

Run the test

./src//test_patch.sh ```

Owner

  • Name: ASSERT
  • Login: ASSERT-KTH
  • Kind: organization
  • Location: Sweden

assertEquals("Research group at KTH Royal Institute of Technology, Stockholm, Sweden", description);

GitHub Events

Total
  • Issues event: 3
  • Issue comment event: 4
  • Member event: 1
  • Push event: 97
  • Pull request event: 36
  • Fork event: 2
  • Create event: 24
Last Year
  • Issues event: 3
  • Issue comment event: 4
  • Member event: 1
  • Push event: 97
  • Pull request event: 36
  • Fork event: 2
  • Create event: 24