https://github.com/assert-kth/dfhl-invariants
Humaira's Internship
Science Score: 26.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (9.6%) to scientific vocabulary
Repository
Humaira's Internship
Basic Info
Statistics
- Stars: 1
- Watchers: 1
- Forks: 1
- Open Issues: 2
- Releases: 0
Metadata Files
README.md
DeFiHackLabs Invariants
This repository contains development of security invariants derived from real-world DeFi exploits, based on the DeFiHackLabs dataset.
Objective
To analyze historical DeFi exploits and develop and test invariants that could have mitigated or prevented the vulnerabilities exploited.
Repository Structure
``` dfhl-invariants/ ├── .github/ # GitHub Actions workflows ├── interfaces/ # Interfaces for smart contracts ├── lib/ # Utility libraries ├── nodemodules/ # OpenZeppelin Contracts ├── src/ # Source code for exploits │ ├── *exp/ # Example exploit folder │ │ ├── *.sol # Original contract │ │ ├── *patch.sol # Patched contract with invariants │ │ ├── *exp.sol # PoC exploit | | ├── diff.diff # diff file comparing original vs patched contract │ │ ├── memoryLayoutoriginal.txt # Memory layout of original contract │ │ ├── memoryLayoutpatch.txt # Memory layout after patch │ │ ├── original.bin # Original compiled bytecode │ │ ├── original.hex # Original bytecode in hex format │ │ ├── patch.bin # Patched compiled bytecode │ │ ├── patch.hex # Patched bytecode in hex format │ │ ├── readme.md # Summary │ │ ├── testoriginal.sh # Test script for original contract │ │ └── testpatch.sh # Test script for patched contract ├── .gitignore # Git ignore rules ├── LICENSE # Project license file ├── README.md # Project documentation ├── foundry.toml # Foundry configuration file ├── getcode.py # Script to retrieve contract code ├── mainnetfilter.py # Script to filter mainnet data └── mainnetforkanalysis.csv # Analysis results in CSV format
```
Workflow
Exploit Simulation Each exploit has its own folder in
src/. The PoC is in*_exp.sol, and the original contract is in*.sol.Invariant Identification Analyze the PoC to identify invariant violations.
Implementation Implement the invariants in
*_patch.soland update bytecode (patch.bin / patch.hex).Verification Use Foundry’s
vm.etchto inject modified bytecode and test the patched bytecode to ensure the invariant blocks the exploit.Testing Run
test_original.shandtest_patch.shto compare behaviour before and after the patch.
Tools
- Foundry — for writing, compiling, and testing smart contracts.
Running Tests
bash
cd dfhl-invariants
Run tests for the original contract:
```bash
Make the test script executable
chmod +x src/
Run the test
./src/
Run tests for the patched contract: ```bash
Make the test script executable
chmod +x src/
Run the test
./src/
Owner
- Name: ASSERT
- Login: ASSERT-KTH
- Kind: organization
- Location: Sweden
- Website: https://github.com/ASSERT-KTH/
- Repositories: 87
- Profile: https://github.com/ASSERT-KTH
assertEquals("Research group at KTH Royal Institute of Technology, Stockholm, Sweden", description);
GitHub Events
Total
- Issues event: 3
- Issue comment event: 4
- Member event: 1
- Push event: 97
- Pull request event: 36
- Fork event: 2
- Create event: 24
Last Year
- Issues event: 3
- Issue comment event: 4
- Member event: 1
- Push event: 97
- Pull request event: 36
- Fork event: 2
- Create event: 24