https://github.com/0xh4ty/sushiswap-v1-exploit-lab
Ported SushiSwap v1 contracts to Solidity 0.8.25 for replicating PeckShield-audited vulnerabilities, writing fuzz tests, and researching exploits.
https://github.com/0xh4ty/sushiswap-v1-exploit-lab
exploits foundry fuzzing security-research sushiswap
Last synced: 11 months ago
JSON representation
Ported SushiSwap v1 contracts to Solidity 0.8.25 for replicating PeckShield-audited vulnerabilities, writing fuzz tests, and researching exploits.
- Host: GitHub
- URL: https://github.com/0xh4ty/sushiswap-v1-exploit-lab
- Owner: 0xh4ty
- License: wtfpl
- Created: 2025-06-30T05:30:54.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-07-01T02:49:24.000Z (about 1 year ago)
- Last Synced: 2025-07-01T03:39:09.659Z (about 1 year ago)
- Topics: exploits, foundry, fuzzing, security-research, sushiswap
- Language: Solidity
- Homepage: https://0xh4ty.github.io/
- Size: 38.1 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# sushiswap-v1-exploit-lab
A lab environment for replicating and exploring the vulnerabilities and exploits documented in the [PeckShield audit of SushiSwap v1.0](https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-SushiSwap-v1.0.pdf), as well as performing advanced fuzzing and invariant testing on its Uniswap V2-based AMM core.
This project is a port of the original SushiSwap v1 contracts (commit `180bc9b`) from [sushiswap/sushiswap](https://github.com/sushiswap/sushiswap/tree/180bc9b) to Solidity 0.8.25, enabling modern testing frameworks and security validation tools.
## Overview
The lab provides a reproducible environment to:
- Replicate historical vulnerabilities described in public audits
- Validate patched code and security mitigations
- Develop proof-of-concept (PoC) exploits
- Perform stateful and stateless fuzz testing
- Conduct mutation testing and differential testing against reference implementations
## Structure
- `src/contracts/` — ported and patched SushiSwap v1 contracts
- `test/` — tests replicating audit findings and exploits
- `mocks/` — supporting mock contracts for tests
- `scripts/` — deployment or migration scripts
## Contributing
Contributions are welcome. If you plan to add fuzz tests, PoC exploits, or new invariants, please open an issue or pull request to discuss. Follow Solidity best practices and clearly document any security-relevant findings or modifications.
## Licensing
- Original SushiSwap contracts: WTFPL
- Portions derived from Uniswap V2: GPLv3
- Your contributions: choose your license or inherit the above
See the `NOTICE` file for detailed attribution.