{"id":50430075,"url":"https://github.com/yudis-bit/defi-exploit-pocs","last_synced_at":"2026-06-08T02:01:12.058Z","repository":{"id":348834483,"uuid":"1200026257","full_name":"Yudis-bit/DeFi-Exploit-PoCs","owner":"Yudis-bit","description":"Foundry-style local security workbench for DeFi protocol mapping, money-flow analysis, proof/trace evidence, and report drafting.","archived":false,"fork":false,"pushed_at":"2026-05-31T13:51:52.000Z","size":3977,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-31T14:13:24.357Z","etag":null,"topics":["arkheionx","audit-readiness","bug-bounty","defi","defi-security","developer-tools","foundry","invariant-testing","local-first","money-flow","proof-of-concept","sarif","security-research","security-tools","smart-contract-security","solidity","static-analysis","trace-analysis","value-flow","web3-security"],"latest_commit_sha":null,"homepage":"https://github.com/Yudis-bit/DeFi-Exploit-PoCs#readme","language":"Solidity","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Yudis-bit.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"docs/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":"docs/ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["Yudis-bit"]}},"created_at":"2026-04-03T00:45:45.000Z","updated_at":"2026-05-31T14:13:15.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Yudis-bit/DeFi-Exploit-PoCs","commit_stats":null,"previous_names":["yudis-bit/defi-exploit-pocs"],"tags_count":35,"template":false,"template_full_name":null,"purl":"pkg:github/Yudis-bit/DeFi-Exploit-PoCs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Yudis-bit%2FDeFi-Exploit-PoCs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Yudis-bit%2FDeFi-Exploit-PoCs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Yudis-bit%2FDeFi-Exploit-PoCs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Yudis-bit%2FDeFi-Exploit-PoCs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Yudis-bit","download_url":"https://codeload.github.com/Yudis-bit/DeFi-Exploit-PoCs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Yudis-bit%2FDeFi-Exploit-PoCs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34044919,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-08T02:00:07.615Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arkheionx","audit-readiness","bug-bounty","defi","defi-security","developer-tools","foundry","invariant-testing","local-first","money-flow","proof-of-concept","sarif","security-research","security-tools","smart-contract-security","solidity","static-analysis","trace-analysis","value-flow","web3-security"],"created_at":"2026-05-31T14:00:18.483Z","updated_at":"2026-06-08T02:01:12.020Z","avatar_url":"https://github.com/Yudis-bit.png","language":"Solidity","funding_links":["https://github.com/sponsors/Yudis-bit"],"categories":[],"sub_categories":[],"readme":"# ArkheionX\n\n\u003c!-- Compatibility alias for existing public-surface tests: # Arkheionx --\u003e\n\n**A local review map for DeFi smart-contract repos.**\n\n\u003e **Foundry tells you whether the tests you wrote pass. ArkheionX helps show\n\u003e the value paths you may have forgotten to test.**\n\nArkheionX turns a local Solidity / Foundry repository into a deterministic\n**review map**: where value enters, moves, and exits; the trust assumptions that\nguard each path; which paths have no tests; and a ranked list of what a human\nreviewer should inspect first.\n\n```bash\npython3 -m pip install -e .\narkheionx doctor\narkheionx review-map .                                        # your repo\narkheionx review-map examples/vault-strategy-oracle-fixture   # bundled demo\n```\n\n```text\nOK    Map review surface  3 contracts, 14 functions, 3 value paths, 5 test gaps\n\nInspect first\n1  HIGH   Strategy.divest            Signals  external-call, value-out\n2  HIGH   Vault.emergencyWithdraw    Signals  external-call, privileged, value-out\n3  HIGH   Vault.withdraw             Signals  external-call, value-out\n\nTest gap   Vault.withdraw   Source  src/Vault.sol:63   Proof  proof-vault-withdraw\n```\n\nLocal only. Static only. No RPC. No live-chain calls. No exploit automation.\nNot an audit replacement. New here? See\n[`docs/TRY_IN_5_MINUTES.md`](docs/TRY_IN_5_MINUTES.md) and the bundled\n[multi-contract demo](examples/vault-strategy-oracle-fixture/README.md).\n\n## Core workflow\n\nArkheionX supports one workflow end to end:\n\n```text\nrepo → review-map → value paths → assumptions → test gaps → proof direction → human review\n```\n\nEverything below serves that workflow. A human always makes the security call.\n\n## Why ArkheionX exists\n\nReviewing a DeFi protocol is not just checking whether the tests you wrote pass.\nA reviewer needs to know where value enters, moves, and exits, which assumptions\nprotect each path, and which value paths have no tests at all. That context is\nusually rebuilt by hand, inconsistently, every time. ArkheionX makes the review\nsurface explicit and repeatable **before** manual review, so you spend review\ntime where value moves.\n\n## What is ArkheionX?\n\nArkheionX helps security researchers and protocol engineers create a repeatable\nlocal review surface for DeFi repositories. It maps protocol structure, roles,\nvalue paths, assumptions, test gaps, evidence context, and benchmarked fixture\noutput.\n\nFoundry tells you which tests passed. ArkheionX helps organize what a human\nreviewer should inspect next: money-flow graph, review-map output, Test Gap Map,\nassumptions, evidence links, and local validation artifacts.\n\nThe v3.1 line introduced the Developer-Native Review Map and Local Artifact Foundation.\nv3.9.0 adds the public-safe fixture benchmark harness, deterministic artifact\nfingerprints, and snapshot drift checks.\nThe full v4 Protocol Security Control Plane remains planned direction,\nnot a completed v3.2.0 runtime surface.\n\n## What Arkheionx Does\n\n- Maps contracts, functions, value paths, assumptions, and test gaps.\n- Surfaces a ranked \"inspect first\" list (review order, not severity).\n- Shows source evidence (`Source: \u003cfile\u003e:\u003cline\u003e`) for each test gap where available.\n- Suggests local proof directions you can scaffold with Foundry.\n- Builds local review packages under `.arkheionx/out/`.\n- Provides a fixture benchmark harness for static/local fixtures.\n- Supports deterministic fixture source fingerprints and snapshot drift checks.\n- Produces human-review-oriented evidence context.\n\n## What It Does Not Do\n\n- Does not confirm vulnerabilities automatically.\n- Does not replace auditors.\n- Does not prove protocol safety.\n- Does not assign final severity.\n- Does not submit reports or bounties.\n- Does not run live-chain operations by default.\n- Does not require RPC, private keys, seed phrases, or secrets.\n- Does not automate exploits.\n\n## V4 stable scope\n\n**Arkheionx v4.0.0 stabilizes the local review-map workflow.** It does not mean\nArkheionx guarantees protocol safety.\n\nStable commands (work on any install): `arkheionx version`, `arkheionx doctor`,\n`arkheionx review-map`, `arkheionx value-paths`, `arkheionx assumptions`,\n`arkheionx test-gap-map`, `arkheionx proof-plan`.\n\nExperimental / advanced (source-tree only): `scan`, `test-plan`, and `search`\ndelegate to repository helpers and are not the canonical first run. Deeper\ncross-contract tracing is limited, and real-protocol case studies are pending.\n\nFull detail: [`docs/V4_STABLE_SCOPE.md`](docs/V4_STABLE_SCOPE.md).\n\n## Why local-first?\n\nSecurity review tooling should be inspectable and reproducible. ArkheionX keeps\nthe default workflow on local repository files so review artifacts can be\nregenerated, diffed, and checked without hidden services or network state.\n\nDefault operation is intentionally narrow:\n\n- Local repository analysis only.\n- No RPC by default.\n- No live-chain mutation.\n- No private keys or secrets.\n- No automated exploitation.\n- No auto-submit.\n- Not an audit, certification, or replacement for manual review.\n- No guaranteed vulnerability discovery.\n- No severity guarantee.\n\nHuman review is required. ArkheionX provides review context, not final security\njudgments.\n\n## Quick Start\n\n```bash\npython3 -m venv .venv\nsource .venv/bin/activate\npython3 -m pip install -e .\narkheionx version\narkheionx doctor\narkheionx review-map .\n```\n\nThe source-mode equivalent of any command is\n`python3 -m arkheionx.cli.main \u003ccommand\u003e`. The local install helper is also\navailable:\n\n```bash\nsh install.sh\n```\n\nFor installer details, see [`docs/INSTALLER.md`](docs/INSTALLER.md). No API key,\nprivate key, RPC URL, or token is required.\n\n## Try the V4 demo\n\n```bash\narkheionx review-map examples/vault-strategy-oracle-fixture\n```\n\nThe bundled fixture is a small multi-contract protocol — `Vault`, `Strategy`,\n`PriceOracle`, and `MockToken`. Its test covers `deposit`, and deliberately\nleaves the value exits (`withdraw`, `emergencyWithdraw`, `divest`) and the admin\nsetters (`setOracle`, `setPrice`) untested. ArkheionX surfaces those as value\npaths and test gaps. The output is real engine output, not hardcoded, and is\nlocked by tests so it cannot silently degrade.\n\n## Quick Start Commands\n\nStable review workflow (start here):\n\n- `doctor` / `arkheionx doctor`\n- `review-map` / `arkheionx review-map`\n- `value-paths` / `arkheionx value-paths`\n- `assumptions` / `arkheionx assumptions`\n- `test-gap-map` / `arkheionx test-gap-map`\n- `proof-plan` / `arkheionx proof-plan`\n\nAdditional workbench commands:\n\n- `open` / `arkheionx open`\n- `map` / `arkheionx map`\n- `flow` / `arkheionx flow`\n- `hunt` / `arkheionx hunt`\n- `prove` / `arkheionx prove`\n- `trace` / `arkheionx trace`\n- `evidence` / `arkheionx evidence`\n- `report` / `arkheionx report`\n- `validate-artifacts` / `arkheionx validate-artifacts`\n- `local-validate` / `arkheionx local-validate`\n- `demo` / `arkheionx demo`\n\nResearch memory (v4.1, AI-assisted review):\n\n- `agent-brief` / `arkheionx agent-brief`\n- `hypothesis-log` / `arkheionx hypothesis-log`\n- `case-study` / `arkheionx case-study`\n\nBlind Spot Intelligence (v5, attention allocation):\n\n- `blind-spots` / `arkheionx blind-spots`\n- `criticality-map` / `arkheionx criticality-map`\n- `counterfactuals` / `arkheionx counterfactuals`\n- `research-pack` / `arkheionx research-pack`\n\nGenerated outputs are written under `.arkheionx/out/`; they are generated, local, gitignored, and not intended to be committed as source truth.\n\n## Bug bounty and pre-audit usage\n\nArkheionX is a triage and preparation aid, used by a human:\n\n- **Bug bounty triage** — find where value moves, which paths are untested, and\n  what to review first; turn test gaps into manual hypotheses. See\n  [`docs/BUG_BOUNTY_WORKFLOW.md`](docs/BUG_BOUNTY_WORKFLOW.md).\n- **Pre-audit readiness** — map value paths, write missing tests, and hand a\n  reviewer a clearer surface. See\n  [`docs/PRE_AUDIT_WORKFLOW.md`](docs/PRE_AUDIT_WORKFLOW.md).\n- **AI-assisted review (v4.1)** — generate an agent brief, track hypotheses, and\n  keep rejected findings as research memory:\n  `arkheionx gives the map, the agent grinds the tests, the research memory keeps\n  the evidence, the human makes the final call`. See\n  [`docs/V4_1_RESEARCH_WORKFLOW.md`](docs/V4_1_RESEARCH_WORKFLOW.md) and\n  [`docs/RESEARCH_MEMORY_MODEL.md`](docs/RESEARCH_MEMORY_MODEL.md).\n\nDo not submit ArkheionX output as a vulnerability by itself, validate manually,\nand only run it on repositories you are authorized to review.\n\n## Validation\n\n```bash\npython3 scripts/check_docs_links.py --check\npython3 scripts/check_safety_wording.py --strict\npython3 scripts/check_version_consistency.py --check\npython3 scripts/check_release_readiness.py --check\npython3 -m unittest discover -s tests -p \"test_*.py\"\nmake validate\n```\n\n## Fixture Benchmark Harness\n\nThe fixture harness covers 9 local/static fixtures and produces deterministic\nbenchmark output for public validation. It records source fingerprints, checks\nsnapshot drift, and does not perform network calls, RPC calls, or Foundry\nexecution in benchmark logic.\n\nThe harness is for repeatable review context. It does not prove safety.\n\n## Evidence Model\n\nArkheionX distinguishes local review signals from human conclusions. Artifact\nstates such as `HUMAN_REVIEWED` are manual reviewer attestation only.\nMachine-generated context can help prioritize inspection; it does not decide\nimpact, exploitability, or severity. Even a relevant local Foundry test executed\nis still review context, not a final security judgment.\n\n## Architecture\n\nThe current public surface is v3.x local tooling plus fixture benchmarks. The\nv3.0.0 is the public stable launch baseline; v4.0.0 is the current technical\nstate for this branch.\n\n![ArkheionX workflow](docs/assets/arkheionx-workflow-v27.svg)\n\n![ArkheionX output pipeline](docs/assets/arkheionx-output-pipeline.svg)\n\n![ArkheionX evidence ladder](docs/assets/arkheionx-evidence-ladder.svg)\n\n![ArkheionX v3 architecture](docs/assets/arkheionx-v3-architecture.svg)\n\n![ArkheionX v3 public surface](docs/assets/arkheionx-v3-public-surface.svg)\n\n![ArkheionX v3 demo fixtures](docs/assets/arkheionx-v3-demo-fixtures.svg)\n\n![ArkheionX v3 stability](docs/assets/arkheionx-v3-stability.svg)\n\n## What's Stable in v3.0.0\n\nThe v3 public baseline stabilized the installable CLI, the local review-map\nworkflow, demo fixtures, safety boundaries, and documentation contracts. v3.9.0\nkeeps those contracts while adding deterministic fixture benchmarks and source\nfingerprints, and v4.0.0 makes the review-map workflow the stable public surface.\n\n## Safety Boundaries\n\nHuman review is required. ArkheionX provides review context, not final security\njudgments.\n\nDo not use ArkheionX on repositories you are not authorized to review. Do not\nuse generated artifacts as standalone proof of exploitability, safety, or\nimpact. Do not add private keys, seed phrases, RPC credentials, or production\ntargets to local configs.\n\n## GitHub Action\n\nPinned stable action example:\n\n```yaml\nuses: Yudis-bit/DeFi-Exploit-PoCs/.github/actions/pre-audit@v5.0.0\n```\n\nSee [`docs/GITHUB_ACTION_USAGE.md`](docs/GITHUB_ACTION_USAGE.md).\n\n## Documentation\n\nFull index: [`docs/README.md`](docs/README.md).\n\nTechnical paper: [Read the Arkheionx v4 technical paper](docs/papers/arkheionx-v4-technical-paper.md)\n([PDF](docs/papers/arkheionx-v4-technical-paper.pdf)) — a standalone overview of\nthe local review-map workflow. See [`docs/papers/README.md`](docs/papers/README.md).\n\nStart:\n\n- [`docs/START_HERE.md`](docs/START_HERE.md)\n- [`docs/TRY_IN_5_MINUTES.md`](docs/TRY_IN_5_MINUTES.md)\n- [`docs/INTERPRET_RESULTS.md`](docs/INTERPRET_RESULTS.md)\n- [`docs/WHAT_ARKHEIONX_IS_NOT.md`](docs/WHAT_ARKHEIONX_IS_NOT.md)\n- [`docs/BUG_BOUNTY_WORKFLOW.md`](docs/BUG_BOUNTY_WORKFLOW.md)\n- [`docs/PRE_AUDIT_WORKFLOW.md`](docs/PRE_AUDIT_WORKFLOW.md)\n- [`docs/PUBLIC_ALPHA_READINESS.md`](docs/PUBLIC_ALPHA_READINESS.md)\n- [`docs/INSTALLATION.md`](docs/INSTALLATION.md)\n\nCore workflow:\n\n- [`docs/CLI_REFERENCE.md`](docs/CLI_REFERENCE.md)\n- [`docs/V4_STABLE_SCOPE.md`](docs/V4_STABLE_SCOPE.md)\n- [`docs/PUBLIC_SURFACE.md`](docs/PUBLIC_SURFACE.md)\n- [`docs/STABILITY_CONTRACT.md`](docs/STABILITY_CONTRACT.md)\n- [`docs/V3_READINESS.md`](docs/V3_READINESS.md)\n- [`docs/VALUE_FLOW_WORKBENCH.md`](docs/VALUE_FLOW_WORKBENCH.md)\n- [`docs/PROTOCOL_MAP.md`](docs/PROTOCOL_MAP.md)\n- [`docs/SOLO_RESEARCH_WORKFLOW.md`](docs/SOLO_RESEARCH_WORKFLOW.md)\n- [`docs/TRACE_ENGINE.md`](docs/TRACE_ENGINE.md)\n- [`docs/EVIDENCE_PACKAGE.md`](docs/EVIDENCE_PACKAGE.md)\n- [`docs/LOCAL_VALIDATION.md`](docs/LOCAL_VALIDATION.md)\n\nAdvanced:\n\n- [`docs/FIXTURE_HARNESS.md`](docs/FIXTURE_HARNESS.md)\n- [`docs/FIXTURE_BENCHMARKS.md`](docs/FIXTURE_BENCHMARKS.md)\n- [`docs/FIXTURE_SNAPSHOT_WORKFLOW.md`](docs/FIXTURE_SNAPSHOT_WORKFLOW.md)\n- [`docs/REVIEW_MAP.md`](docs/REVIEW_MAP.md)\n- [`docs/REVIEW_PACKAGE.md`](docs/REVIEW_PACKAGE.md)\n- [`docs/ARTIFACT_VALIDATION.md`](docs/ARTIFACT_VALIDATION.md)\n- [`docs/DEMO_WORKFLOW.md`](docs/DEMO_WORKFLOW.md)\n- [`reports/research_dashboard.md`](reports/research_dashboard.md)\n\n## Contributing and feedback\n\nIssues and feedback use the templates under\n[`.github/ISSUE_TEMPLATE`](.github/ISSUE_TEMPLATE) (general feedback and a\nreview-map noise/quality report). See [`CONTRIBUTING.md`](CONTRIBUTING.md) and\nthe security policy in [`SECURITY.md`](SECURITY.md).\n\n## License\n\nArkheionX is licensed under the Apache License 2.0. See [`LICENSE`](LICENSE).\nThe earlier license-pending note is kept at\n[`LICENSE_PENDING.md`](LICENSE_PENDING.md) for historical context only.\n\n## Version and release status\n\n**Python 3.11+** · **Local-first** · **No RPC by default** ·\n**Human review required** · **v5.0.0**\n\nLatest stable release: **v5.0.0**. Current package version: **5.0.0** — adds the\nv5 Blind Spot Intelligence layer (blind-spots, criticality-map, counterfactuals,\nresearch-pack) on top of the stable v4.0.0 review-map workflow and the v4.1\nresearch-memory workflow. The source installers and the GitHub Action pin to the\n**v5.0.0** tag. Last published tag: **v4.0.0** (the **v5.0.0** tag is cut by the\nfounder at release). Next milestone: **v5.1.0**.\n\nPositioning: Local-first protocol security control plane for DeFi teams.\nMap the protocol. Prove the path. Prepare the handoff.\nv5.0.0 adds Blind Spot Intelligence — a local/static way to prioritize\nhigh-impact surfaces with weak review evidence — on top of the stable v4.0.0\nreview-map workflow; the broader control plane remains planned direction.\n\nThis public-safe branch contains the engine, tests, public technical docs, and\nsafety workflow. The v4.0.0 tag and GitHub release are published; the v5.0.0\nrelease metadata is finalized locally and pending push, tag, and site deploy. The\npublic release branch is sanitized.\n\nOfficial website: [https://arkheionx.dev](https://arkheionx.dev) (live).\nInstaller and deployment details are documented in\n[`docs/WEBSITE_DEPLOYMENT.md`](docs/WEBSITE_DEPLOYMENT.md).\n\nReproducible research context: [`reports/research_dashboard.md`](reports/research_dashboard.md).\n\n## Security\n\nSee [`SECURITY.md`](SECURITY.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyudis-bit%2Fdefi-exploit-pocs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyudis-bit%2Fdefi-exploit-pocs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyudis-bit%2Fdefi-exploit-pocs/lists"}