Ownership Verification

Current Implementation

Future Development

Next Steps

Understanding ownership verification requirements for the Credible Layer

Phylax Credible Layer Documentation

Introduction

This page explains how to install the Phylax Credible Layer (PCL) CLI

Installation

A quickstart guide to writing assertions and using the Credible Layer CLI

Quickstart

An overview of the Credible Layer dApp features and functionality

DApp Overview

Common questions about the Phylax Credible Layer

Frequently Asked Questions (FAQ)

Write assertions and test them with the Credible Layer

Assertion Guide

Testing Assertions

Overview of the cheatcodes made available for the Phylax Credible Layer

Cheatcodes

Common patterns and best practices for writing assertions

Assertion Patterns

Reference documentation for the Credible Layer command-line interface

Credible Layer CLI Reference

Overview of the Phylax credible-std Library

credible-std Library

This glossary contains terms and concepts specific to the Phylax Credible Layer (PCL) and related technologies.

Glossary

This section documents the various use cases that can be implemented with the Credible Layer's cheatcodes. Each mapping demonstrates how specific cheatcodes enable different types of on-chain assertions.

Capture and verify function input parameters to validate that the resulting end state is as expected.

Function Call Inputs

Capture and verify logs as a signal for changes in the state of the contract.

Read Logs

Access the value of a storage variable at a specific address. Even if the variable is not publicly accessible and not part of the contract's state.

Storage Lookup

Track and assert all values assigned to a specific storage variable during a transaction's execution, including intermediate states.

Variable State Change Tracking

Resource for assertion use cases and patterns

Introduction to the Assertions Book

We solve security so that crypto can win.

Introduction to Phylax

Frequently Asked Questions

Install PCL

PCL Quickstart

Write assertions and test them with the PCL

PCL Assertion Guide

PhEVM Cheatcodes

Reference documentation for the PCL command-line interface

PCL CLI Reference

Gain fine-grained context about a call frame in order to improve the precision of assertions by allowing to access pre and post call frame states.

Call Frame Context

Modified Keys

Track the expected behavior of function calls, even if they are recursive.

Recursive Function Calls

Introduction to Assertions

Assert that an address of an implementation has changed

Implementation / Address Change

Assert if the owner of a contract has changed

Owner Change

Assert that a constant product is maintained in an AMM pool

Constant Product

Assert that the health factor of a lending protocol is above a certain threshold

Lending Health Factor

Assert that the sum of all positions is the same as the total supply reported by the protocol

Sum of all positions

Make sure that a timelock has been correctly triggered for governance actions

Timelock Verification

Assert that an oracle is working as expected

Oracle Validation

Make sure that the TWAP price doesn't deviate more than X% from the TWAP price.

TWAP Deviation

Make sure that the total shares are not more than the total assets

ERC4626 Assets to Shares

Make sure that deposit and withdraw are correct

ERC4626 Deposit and Withdraw

Make sure that the fees do not change unexpectedly

Fee Calculations

Make sure that the price is within the tick range

Price Within Ticks

Make sure that liquidations can only happen if the position is unhealthy

Liquidation Health Factor

Make sure that pool works as expected in panic state

Panic State Validation

Make sure that the balance increases after a harvest

Harvest Increases Balance

Make sure that the tokens borrowed are not more than the tokens deposited

Tokens Borrowed Invariant

Prevent tokens from being drained from a contract

ERC20 Drain

Make sure that ether is not drained from a contract

Ether Drain

Farcaster Message Validity

Farcaster Unique Username

Farcaster Rate Limits

Make sure that a user cannot withdraw more than they should

Correct Withdraw

Intra-tx Oracle Deviation

A collection of previous hacks that could have been prevented with assertions

Ownership change of lending pools lead to drain

Radiant Capital Hack

Vestra DAO Hack

Compound comptroller contract had a one letter bug that allowed users to receive massive amounts of COMP rewards

Compound Upgrade Bug

Cream Finance suffered a price manipulation hack

Cream Finance 2

Visor Finance allowed anyone to mint rewardTokens

Visor Finance Unrestricted Mint

First depositor bug in Compound / Aave v2 lending protocols

First Depositor Bug

Rounding error in Abracadabra protocol allowed attacker to inflate base value without corresponding adjustment of elastic value

Abracadabra Rounding Error Attack

Euler Finance forgot to add a health check to the donation function

Getting Started

Credible Layer

Use Case Mapping

Ownership Verification

Ownership Verification

Current Implementation

Future Development

Next Steps

Getting Started

Credible Layer

Use Case Mapping

​Ownership Verification

​Current Implementation

​Future Development

​Next Steps

Ownership Verification

Current Implementation

Future Development

Next Steps