# Phylax Credible Layer Documentation ## Docs - [Using the Assertions Book](https://docs.phylax.systems/assertions-book/assertions-book-intro.md): Learn how to use the Assertions Book as a catalog of assertion patterns and a set of exploit case studies - [Aave V3 Suite](https://docs.phylax.systems/assertions-book/assertions/aave-v3-suite.md): Credible Layer Assertions for Aave V3 - [Implementation Address Change](https://docs.phylax.systems/assertions-book/assertions/ass01-impl-addr-change.md): Assert that the address of an implementation has not changed unexpectedly - [KYC Whitelist Assertion](https://docs.phylax.systems/assertions-book/assertions/ass04-kyc-whitelist.md): Unified KYC Registry for DeFi Protocols - [Owner Change](https://docs.phylax.systems/assertions-book/assertions/ass05-ownership-change.md): Assert that the owner of a contract has not changed unexpectedly - [Constant Product](https://docs.phylax.systems/assertions-book/assertions/ass06-constant-product.md): Assert that a constant product is maintained in an AMM pool - [Lending Health Factor](https://docs.phylax.systems/assertions-book/assertions/ass07-lending-health-factor.md): Assert that the health factor of updated positions in a lending protocol is above a certain threshold - [Sum of all positions](https://docs.phylax.systems/assertions-book/assertions/ass08-sum-of-all-positions.md): Assert that the sum of all positions is the same as the total supply reported by the protocol - [Timelock Verification](https://docs.phylax.systems/assertions-book/assertions/ass09-timelock-verification.md): Make sure that a timelock has been correctly triggered for governance actions - [Oracle Liveness Validation](https://docs.phylax.systems/assertions-book/assertions/ass10-oracle-validation.md): Assert that an oracle is updated within a specified time window - [TWAP Deviation](https://docs.phylax.systems/assertions-book/assertions/ass11-twap-deviation.md): Assert that the TWAP price doesn't deviate more than X% from the pre-state TWAP price - [ERC4626 Assets to Shares](https://docs.phylax.systems/assertions-book/assertions/ass12-erc4626-assets-to-shares.md): Make sure that the total shares are not more than the total assets - [ERC4626 Vault Operations](https://docs.phylax.systems/assertions-book/assertions/ass13-erc4626-deposit-withdraw.md): Ensure that ERC4626 operations maintain correct accounting - [Fee Calculations](https://docs.phylax.systems/assertions-book/assertions/ass14-fee-calculations.md): Make sure that the fees do not change unexpectedly - [Price Within Ticks](https://docs.phylax.systems/assertions-book/assertions/ass15-price-within-ticks.md): Make sure that the price is within the tick range - [Liquidation Health Factor](https://docs.phylax.systems/assertions-book/assertions/ass16-liquidation-health-factor.md): Make sure that liquidations can only happen if the position is unhealthy - [Emergency State Validation](https://docs.phylax.systems/assertions-book/assertions/ass17-panic-state-validation.md): Ensure protocol behaves correctly during emergency pause states - [Harvest Increases Balance](https://docs.phylax.systems/assertions-book/assertions/ass18-harvest-increases-balance.md): Make sure that the balance increases after a harvest - [Tokens Borrowed Invariant](https://docs.phylax.systems/assertions-book/assertions/ass19-tokens-borrowed-invariant.md): Make sure that the tokens borrowed are not more than the tokens deposited - [ERC20 Drain](https://docs.phylax.systems/assertions-book/assertions/ass20-erc20-drain.md): Prevent tokens from being drained from a contract - [Ether Drain](https://docs.phylax.systems/assertions-book/assertions/ass21-ether-drain.md): Make sure that ether is not drained from a contract - [Intra-tx Oracle Deviation](https://docs.phylax.systems/assertions-book/assertions/ass28-intra-tx-oracle-deviation.md): Assert that oracle price updates stay within an acceptable deviation range - [Optimism FMA Suite](https://docs.phylax.systems/assertions-book/assertions/optimism-fma-suite.md): Assertions for Optimism's Failure Mode Analysis - [Assertion Pattern Catalog](https://docs.phylax.systems/assertions-book/assertions/use-cases-index.md): Reference catalog of reusable assertion patterns organized by security category - [Abracadabra GMX V2 Cauldron Exploit](https://docs.phylax.systems/assertions-book/previous-hacks/abracadabra-gmx-v2-exploit.md): Exploit that drained $13.4M from Abracadabra's GMX V2 Cauldron through accounting manipulation in the RouterOrder system - [Abracadabra CauldronV4 Cook Function Exploit](https://docs.phylax.systems/assertions-book/previous-hacks/abracadabra-hack-3.md): Logic flaw in the cook() function allowed bypassing solvency checks, enabling $1.8M in uncollateralized borrowing - [Abracadabra Rounding Error Attack](https://docs.phylax.systems/assertions-book/previous-hacks/abracadabra-rounding-error.md): Rounding error in Abracadabra protocol allowed attacker to inflate base value without corresponding adjustment of elastic value - [Balancer V2 Rate Manipulation Exploit](https://docs.phylax.systems/assertions-book/previous-hacks/balancer-v2-stable-rate-exploit.md): $120m+ lost due to rate manipulation caused by rounding error accumulation - [Bunni XYZ Rounding Error Exploit](https://docs.phylax.systems/assertions-book/previous-hacks/bunni-xyz-rounding-error.md): Sophisticated rounding error exploitation in Bunni AMM led to $8.4M loss through disproportionate liquidity manipulation - [Bybit - Compromised Safe Wallet UI](https://docs.phylax.systems/assertions-book/previous-hacks/bybit-safe-ui.md): Safe Wallet UI was compromised by gaining access to the host machine. - [Compound Upgrade Bug](https://docs.phylax.systems/assertions-book/previous-hacks/compound-upgrade-bug.md): Compound comptroller contract had a one letter bug that allowed users to receive massive amounts of COMP rewards - [Cream Finance 2](https://docs.phylax.systems/assertions-book/previous-hacks/cream-finance-2.md): Cream Finance suffered a price manipulation hack - [Euler Finance Donation Hack](https://docs.phylax.systems/assertions-book/previous-hacks/euler-finance-donation-hack.md): Euler Finance forgot to add a health check to the donation function - [First Depositor Bug](https://docs.phylax.systems/assertions-book/previous-hacks/first-depositor.md): First depositor bug in Compound / Aave v2 lending protocols - [GMX v1 AUM Manipulation Hack](https://docs.phylax.systems/assertions-book/previous-hacks/gma-aum-jul25-hack.md) - [Radiant Capital Hack](https://docs.phylax.systems/assertions-book/previous-hacks/hack1-radiant-capital.md): Ownership change of lending pools lead to drain - [Vestra DAO Hack](https://docs.phylax.systems/assertions-book/previous-hacks/hack2-vestra-dao.md): Unchecked isActive flag in maturity - [KiloEx Price Oracle Manipulation](https://docs.phylax.systems/assertions-book/previous-hacks/kiloex-price-manipulation-hack.md): Access control vulnerability in price oracle implementation led to $7.5M loss across multiple chains - [Hack Case Studies](https://docs.phylax.systems/assertions-book/previous-hacks/prev-hacks-index.md): Explanation-focused case studies of real-world hacks and the assertions that would have prevented them - [UxLink Multisig Ownership Compromise](https://docs.phylax.systems/assertions-book/previous-hacks/uxlink-multisig-hack.md): Compromised private keys led to \$10M+ drain from UxLink multisig through threshold manipulation and owner replacement - [Vicuna Finance Oracle Manipulation Hack](https://docs.phylax.systems/assertions-book/previous-hacks/vicuna-finance-hack.md): Vicuna Finance lost $700K due to LP token oracle manipulation that ignored invariant-based pricing - [Visor Finance Unrestricted Mint](https://docs.phylax.systems/assertions-book/previous-hacks/visor-finance-unrestricted-mint.md): Visor Finance allowed anyone to mint rewardTokens - [Accelerate Development with AI](https://docs.phylax.systems/credible/accelerate-with-ai.md): Use AI assistants to generate assertion templates - [Apply Assertions](https://docs.phylax.systems/credible/apply-assertions.md): Configure assertions and create a release on the platform using `pcl apply` - [General Design](https://docs.phylax.systems/credible/architecture-overview.md): How the Credible Layer components work together to enforce security rules - [Assertion Data Availability](https://docs.phylax.systems/credible/assertion-da.md): How assertion bytecode is stored and accessed in the Credible Layer - [Assertion Enforcer](https://docs.phylax.systems/credible/assertion-enforcer.md): The sidecar component that orchestrates assertion validation during block production - [Overview](https://docs.phylax.systems/credible/assertions-overview.md): Understanding Credible Layer assertions - [Backtesting](https://docs.phylax.systems/credible/backtesting.md): Test assertions against historical blockchain transactions - [Backtesting Reference](https://docs.phylax.systems/credible/backtesting-reference.md): API reference for backtesting configuration and options - [Cheatcodes](https://docs.phylax.systems/credible/cheatcodes-overview.md): Understanding cheatcodes in the Phylax Credible Layer and why they exist - [Cheatcodes API Reference](https://docs.phylax.systems/credible/cheatcodes-reference.md): Complete API reference for cheatcodes in the Phylax Credible Layer - [CI/CD Integration](https://docs.phylax.systems/credible/ci-cd-integration.md): Automate assertion testing in your CI/CD pipeline - [pcl Reference](https://docs.phylax.systems/credible/cli-reference.md): Reference documentation for all `pcl` commands, options, and parameters - [Installation](https://docs.phylax.systems/credible/credible-install.md): This page explains how to install the Phylax Credible Layer (`pcl`) CLI tool - [Introduction](https://docs.phylax.systems/credible/credible-introduction.md): Block exploits before they execute by linking security rules to your smart contracts on-chain. - [Credible Layer Contracts](https://docs.phylax.systems/credible/credible-layer-contracts.md): On-chain smart contracts that manage the assertion registry and coordinate protocol admins with network operators - [High-Level Overview](https://docs.phylax.systems/credible/credible-layer-overview.md): High-level overview of the Credible Layer system that explains how exploit prevention works, without requiring deep technical knowledge. - [credible-std Library](https://docs.phylax.systems/credible/credible-std-overview.md): Overview of the Phylax credible-std Library - [Incidents](https://docs.phylax.systems/credible/dapp-incidents.md): View incidents prevented by the Credible Layer - [Platform Integration Overview](https://docs.phylax.systems/credible/dapp-integration.md): High-level integration path for protocols adopting the Credible Layer - [Incident Notifications](https://docs.phylax.systems/credible/dapp-integrations.md): Configure Slack and PagerDuty to receive real-time incident notifications - [Platform Overview](https://docs.phylax.systems/credible/dapp-overview.md): Overview of the Phylax platform and its role in the Credible Layer stack - [Projects](https://docs.phylax.systems/credible/dapp-projects.md): Create and manage projects in the Phylax platform - [Transparency Dashboard](https://docs.phylax.systems/credible/dapp-transparency-dashboard.md): Browse and analyze all projects and their active assertions - [Deploy Assertions with the Platform](https://docs.phylax.systems/credible/deploy-assertions-dapp.md): Create projects and deploy assertions to protect your contracts - [Development Effort](https://docs.phylax.systems/credible/development-effort.md): Understanding the effort required to develop assertions - [Evaluate Credible Layer](https://docs.phylax.systems/credible/evaluate-credible-layer.md): A quick checklist for protocol teams and networks evaluating Credible Layer - [Testing vs. Production](https://docs.phylax.systems/credible/execution-model.md): How assertion execution differs between testing and on-chain environments - [Frequently Asked Questions (FAQ)](https://docs.phylax.systems/credible/faq.md): Common questions about the Phylax Credible Layer - [Fuzz Testing](https://docs.phylax.systems/credible/fuzz-testing.md): Test assertions with random inputs to identify edge cases - [Glossary](https://docs.phylax.systems/credible/glossary.md): This glossary contains terms and concepts specific to the Credible Layer and related technologies. - [Interface Overview](https://docs.phylax.systems/credible/interfaces-overview.md): High-level interface boundaries between Credible Layer components - [From Invariant to Assertion](https://docs.phylax.systems/credible/invariant-to-assertion.md): A guide to writing assertions from protocol invariants - [Manual Verification](https://docs.phylax.systems/credible/manual-verification.md): How to authorize a protocol admin when contracts lack owner interfaces - [Network Integration Overview](https://docs.phylax.systems/credible/network-integration.md): High-level integration path for networks and sequencers adopting the Credible Layer - [Linea / Besu Integration](https://docs.phylax.systems/credible/network-integrations/architecture-linea.md): High-level integration of the Credible Layer with Linea via Besu plugins - [OP Stack](https://docs.phylax.systems/credible/network-integrations/architecture-op-stack.md): OP Stack specific implementation of the Credible Layer - [Neutrality & Decentralization](https://docs.phylax.systems/credible/neutrality.md): Why neutrality is critical to the Credible Layer architecture and how it preserves decentralization for both protocols and networks. - [Ownership Verification](https://docs.phylax.systems/credible/ownership-verification.md): Understand how the Credible Layer determines who is allowed to manage assertions for a contract - [Quickstart Tutorial](https://docs.phylax.systems/credible/pcl-quickstart.md): Tutorial: write, test, and deploy your first assertion with `pcl` - [PhEVM](https://docs.phylax.systems/credible/phevm.md): The Phylax EVM - a specialized execution environment for assertion validation - [System Requirements](https://docs.phylax.systems/credible/system-requirements.md): Hardware and infrastructure requirements for running the Credible Layer sidecar in production and development environments. - [How to Test Assertions](https://docs.phylax.systems/credible/testing-assertions.md): Validate assertions locally with `CredibleTest`, realistic test patterns, and gas checks - [Testing Strategy](https://docs.phylax.systems/credible/testing-strategy.md): Where to invest testing effort: deploy to staging early, iterate with real transactions - [Triggers](https://docs.phylax.systems/credible/triggers.md): Understanding assertion triggers and how to use them effectively - [Troubleshooting](https://docs.phylax.systems/credible/troubleshooting.md): Common errors and solutions when writing and testing assertions - [Trust Model & Guarantees](https://docs.phylax.systems/credible/trust-model.md): What the Credible Layer guarantees, what it does not, and the operational assumptions - [Call Frame Context](https://docs.phylax.systems/credible/use-case-mappings/call-frame-context.md): Gain fine-grained context about a call frame in order to improve the precision of assertions by allowing to access pre and post call frame states. - [Function Call Inputs](https://docs.phylax.systems/credible/use-case-mappings/function-call-inputs.md): Capture and verify function input parameters to validate that the resulting end state is as expected. - [Introduction](https://docs.phylax.systems/credible/use-case-mappings/intro-use-case-mapping.md): This section documents the various use cases that can be implemented with the Credible Layer's cheatcodes. Each mapping demonstrates how specific cheatcodes enable different types of on-chain assertions. - [Read Logs](https://docs.phylax.systems/credible/use-case-mappings/read-logs.md): Capture and verify logs as a signal for changes in the state of the contract. - [Variable State Change Tracking](https://docs.phylax.systems/credible/use-case-mappings/state-changes.md): Track and assert all values assigned to a specific storage variable during a transaction's execution, including intermediate states. - [Storage Lookup](https://docs.phylax.systems/credible/use-case-mappings/storage-lookups.md): Access the value of a storage variable at a specific address. Even if the variable is not publicly accessible and not part of the contract's state. - [Modified Keys](https://docs.phylax.systems/credible/use-case-mappings/unsupported-use-cases/modified-keys.md): Get the modified keys of a mapping - [Tutorial: Write Your First Assertion](https://docs.phylax.systems/credible/write-first-assertion.md): Tutorial: build a complete assertion that blocks unauthorized ownership changes