This repository contains a collection of sample assertions for the Phylax Credible Layer. These assertions demonstrate how to prevent various types of vulnerabilities and attacks in smart contracts.
Check out the official documentation to learn more about assertions and the Credible Layer.
To run the tests run the following command:
pcl test assertions/test
We have collected a list of previous hacks and vulnerabilities and created assertions that would have prevented them. You can explore them in the previous hacks directory.
- Owner Change: Prevents unauthorized changes to contract ownership and admin roles
- Implementation Change: Ensures contract implementation addresses remain unchanged
- ERC20 Drain: Prevents unauthorized draining of ERC20 tokens
- Ether Drain: Protects against unauthorized ETH withdrawals
- ERC4626 Protection: Ensures proper accounting in ERC4626 vaults
- ERC4626 Deposit/Withdraw: Verifies proper deposit and withdrawal operations
- Constant Product: Maintains AMM pool invariant
- Lending Health Factor: Ensures proper collateralization
- Liquidation Health Factor: Prevents unsafe liquidations
- Positions Sum: Maintains protocol balance invariants
- Tokens Borrowed Invariant: Ensures proper tracking of borrowed assets
- Oracle Liveness: Ensures oracle price feeds are active
- TWAP Deviation: Prevents price manipulation
- Price Within Ticks: Maintains price bounds
- Intra-TX Oracle Deviation: Prevents oracle manipulation within transactions
- Timelock Verification: Ensures proper timelock delays
- Panic State Verification: Monitors emergency states
- Harvest Balance Increase: Ensures yield farming operations are profitable
- Fee Verification: Maintains proper fee accounting
- Farcaster Message Validity: Ensures message integrity in social protocols
If you have suggestions for new assertions or improvements to existing ones, please open a PR or reach out. We're always interested in exploring new use cases and patterns for assertions.