An open API service indexing awesome lists of open source software.

https://github.com/0xh4ty/sushiswap-v1-exploit-lab

Ported SushiSwap v1 contracts to Solidity 0.8.25 for replicating PeckShield-audited vulnerabilities, writing fuzz tests, and researching exploits.
https://github.com/0xh4ty/sushiswap-v1-exploit-lab

exploits foundry fuzzing security-research sushiswap

Last synced: 11 months ago
JSON representation

Ported SushiSwap v1 contracts to Solidity 0.8.25 for replicating PeckShield-audited vulnerabilities, writing fuzz tests, and researching exploits.

Awesome Lists containing this project

README

          

# sushiswap-v1-exploit-lab

A lab environment for replicating and exploring the vulnerabilities and exploits documented in the [PeckShield audit of SushiSwap v1.0](https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-SushiSwap-v1.0.pdf), as well as performing advanced fuzzing and invariant testing on its Uniswap V2-based AMM core.

This project is a port of the original SushiSwap v1 contracts (commit `180bc9b`) from [sushiswap/sushiswap](https://github.com/sushiswap/sushiswap/tree/180bc9b) to Solidity 0.8.25, enabling modern testing frameworks and security validation tools.

## Overview

The lab provides a reproducible environment to:

- Replicate historical vulnerabilities described in public audits
- Validate patched code and security mitigations
- Develop proof-of-concept (PoC) exploits
- Perform stateful and stateless fuzz testing
- Conduct mutation testing and differential testing against reference implementations

## Structure

- `src/contracts/` — ported and patched SushiSwap v1 contracts
- `test/` — tests replicating audit findings and exploits
- `mocks/` — supporting mock contracts for tests
- `scripts/` — deployment or migration scripts

## Contributing

Contributions are welcome. If you plan to add fuzz tests, PoC exploits, or new invariants, please open an issue or pull request to discuss. Follow Solidity best practices and clearly document any security-relevant findings or modifications.

## Licensing

- Original SushiSwap contracts: WTFPL
- Portions derived from Uniswap V2: GPLv3
- Your contributions: choose your license or inherit the above

See the `NOTICE` file for detailed attribution.