Security & Audits
Slops contracts have undergone rigorous testing to guarantee solvency, prevent exploit loops, and safeguard user assets.
1. Test Coverage Summary
Our comprehensive test suite consists of 110 tests across 15 suites executed using the Foundry framework, including unit tests, fuzzing, and invariant tests:
- Sol solvency invariant: Proves that the curve reserve balance is strictly monotonic and the product constant $k$ never decreases under any random series of trades.
- Reentrancy checks: Verifies that the Checks-Effects-Interactions (CEI) pattern is enforced.
- Gas limit profiling: Confirms that the complex Uniswap V4 pool migration transaction operates safely under L2 gas limits.
2. Mitigations for Common Smart Contract Vulnerabilities
Reentrancy Protection
- Mechanism: All state updates (such as updating
realEthReserveandvirtualEthReserve) are processed prior to calling external transfer functions or returning refunds. - Status: Passed reentrancy simulations for boundary buy refunds and claim functions.
DOS via Rejecting ETH
- Mechanism: The protocol uses a pull-based fee extraction layout inside
GlobalFeeDistributor. Fees are credited to balances internally, requiring users to explicitly executeclaim(). If a malicious contract attempts to trade on the curve but rejects ETH during a boundary refund, the refund is bypassed silently, allowing market operations to proceed. - Status: Passed rejecter contract simulation tests.
Forced ETH Solvency Protection
- Mechanism: The bonding curve math relies on internal accounting variables (
realEthReserve) rather than trackingaddress(this).balancedirectly. Force-feeding ETH viaselfdestructdoes not affect price calculations or graduation thresholds. - Status: Verified via self-destruct simulation tests.
Dust Rounding Exploits
- Mechanism: Integer division truncation in Solidity can leak value over thousands of trades. The pricing math enforces round-up adjustments when computing virtual reserve changes (
if (k % newVirtualTokenReserve != 0) newVirtualEthReserve++), ensuring truncation rounding errors favor the protocol and protect solvency. - Status: Verified under fuzzing tests of consecutive 1-wei trades.
Referral Registry Loops
- Mechanism:
LaunchpadFactoryandReferralRegistryenforce direct validation rules:referrer != userandreferrers[user] == address(0). - Status: Prohibits self-referral and circular loops.
