ameerozigi/defi-security-suite

# defi-security-suite     Auditor-grade Foundry test suite covering common DeFi vulnerability patterns, historical exploit reproductions, invariant tests, and fuzz campaigns. Each exploit test deploys the vulnerable contract, executes the attack, and demonstrates profit. The patched counterpart is tested in the same file. ## 快速开始 ``` # 安装 Foundry curl -L https://foundry.paradigm.xyz | bash && foundryup # 安装依赖项（OpenZeppelin） forge install OpenZeppelin/openzeppelin-contracts # 运行所有测试 forge test -vvv # 仅运行利用 PoCs forge test --match-path "test/exploits/**" -vvv # 使用更多运行次数运行模糊测试 FOUNDRY_FUZZ_RUNS=10000 forge test --match-path "test/fuzz/**" # 运行不变式套件 forge test --match-path "test/invariants/**" -vvv ``` ## 漏洞索引 | # | Vulnerability | Severity | Mirrors | Vulnerable Contract | Test File | |---|---|---|---|---|---| | 1 | Reentrancy | Critical | The DAO (2016, 3.6M ETH), Rari Fuse (2022, $80M) | `VulnerableVault` | `test/exploits/Reentrancy.t.sol` | | 2 | ERC-4626 Inflation / Donation Attack | High | Wise Lending, Hundred Finance (2023, $7M) | `VulnerableVault` | `test/exploits/DonationAttack.t.sol` | | 3 | Flash Loan Oracle Manipulation | Critical | Cream Finance (2021, $130M), Mango (2022) | `VulnerableLending` | `test/exploits/FlashLoanManipulation.t.sol` | | 4 | Missing Access Control | Critical | Poly Network (2021, $611M), Ronin Bridge (2022, $625M) | `VulnerableAdmin` | `test/exploits/AccessControl.t.sol` | | 5 | Precision Loss / Rounding | Medium | Compound COMP bug, Hundred Finance | `VulnerableAMM` | `test/exploits/RoundingExploit.t.sol` | ## 架构 ``` src/ targets/ Intentionally vulnerable contracts (clearly marked) fixed/ Patched versions — same interface, fixed implementation test/ exploits/ PoC tests: deploy vulnerable → exploit → assert profit invariants/ Stateful fuzzing with handler pattern fuzz/ Property-based fuzz tests on fixed contracts ``` Each vulnerable contract is paired 1:1 with a fixed contract. The fixes are annotated inline with `[FIX-N]` comments referencing the specific vulnerability class. ## 如何运行模糊测试 Fuzz tests use Foundry's built-in fuzzer. Configure runs in `foundry.toml`: ``` [profile.default.fuzz] runs = 2000 [profile.ci] fuzz = { runs = 10000 } ``` Run with extra seeds for reproducibility: ``` forge test --match-path "test/fuzz/**" --fuzz-seed 0xdeadbeef -vvv ``` ## 如何添加新的利用 1. Add vulnerable contract to `src/targets/YourVulnerable.sol` 2. Add fixed contract to `src/fixed/YourFixed.sol` 3. Create `test/exploits/YourExploit.t.sol` with: - Top comment block: CVE/incident reference, loss amount, root cause - `test_exploit_vulnerable()` — proves the attack - `test_exploit_fixed()` — proves the fix works 4. Add fuzz coverage to `test/fuzz/FuzzYour.t.sol` 5. Add row to the Vulnerability Index above ## 不变式测试模式 Invariant tests use the `targetContract` + handler pattern: ``` contract Handler { function action1(uint256 seed, uint256 amount) external { ... } function action2(uint256 seed) external { ... } } contract MyInvariants is StdInvariant, Test { function setUp() public { targetContract(address(handler)); } function invariant_myProperty() public view { ... } } ``` Foundry calls handler functions in random sequences. After every sequence, all `invariant_*` functions must pass. This catches bugs that only emerge from specific interaction orders. ## 许可证 MIT

标签：DeFi 安全, ERC-4626, Foundry, Solidity, 不变性测试, 关键词SEO, 合约部署, 安全防护, 审计工具, 审计级, 捐赠攻击, 攻击演示, 智能合约安全, 杀软绕过, 测试套件, 漏洞利用 PoC, 漏洞模式, 精度丢失, 补丁验证, 访问控制缺失, 重入攻击, 链上安全, 闪贷操纵