Root docs
Repository viewer
Legacy docs parity surface
Back to repository viewer
Repository document
Attack Simulation Log
attack-simulation-log.md
Boundary
This route preserves legacy markdown access inside the Next.js surface. The raw repository file remains authoritative.
Open raw fileAttack Simulation Log
This file records reviewer-relevant misuse attempts and the expected safe outcome.
Attempt: Execute Twice
- Expected: Reject
- Result: Rejected
- Evidence:
AlreadyExecutedpath - Test:
tests/full-flow-test.ts
Attempt: Reveal Before Commit
- Expected: Reject
- Result: Rejected
- Evidence:
NotCommittedor phase rejection path - Test:
tests/full-flow-test.ts
Attempt: Reveal With Invalid Salt
- Expected: Reject
- Result: Rejected
- Evidence:
CommitmentMismatch - Test:
tests/private-dao.ts
Attempt: Reveal With Mismatched Vote Payload
- Expected: Reject
- Result: Rejected
- Evidence:
CommitmentMismatch - Test:
tests/private-dao.ts
Attempt: Reveal By Wrong Signer
- Expected: Reject
- Result: Rejected
- Evidence:
NotAuthorizedToReveal - Test:
tests/private-dao.ts
Attempt: Commit From Zero-Balance Governance Account
- Expected: Reject
- Result: Rejected
- Evidence:
InsufficientTokens - Test:
tests/private-dao.ts
Attempt: Double Commit
- Expected: Reject
- Result: Rejected
- Evidence:
AlreadyCommitted - Test:
tests/private-dao.ts
Attempt: Finalize Before Reveal End
- Expected: Reject
- Result: Rejected
- Evidence:
RevealStillOpen - Test:
tests/full-flow-test.ts
Attempt: Finalize With Wrong DAO Context
- Expected: Reject
- Result: Rejected
- Evidence: seed /
has_oneconstraint failure - Test:
tests/full-flow-test.ts
Attempt: Execute Before Finalize
- Expected: Reject
- Result: Rejected
- Evidence:
ProposalNotPassed - Test:
tests/full-flow-test.ts
Attempt: Execute Before Timelock Unlock
- Expected: Reject
- Result: Rejected
- Evidence:
ExecutionTimelockActive - Test:
tests/full-flow-test.ts
Attempt: Execute With Treasury PDA From Another DAO
- Expected: Reject
- Result: Rejected
- Evidence: treasury seed binding failure
- Test:
tests/full-flow-test.ts
Attempt: Execute With Wrong Recipient Token Owner
- Expected: Reject
- Result: Rejected
- Evidence:
RecipientOwnerMismatch - Test:
tests/full-flow-test.ts
Attempt: Execute With Wrong Token Mint
- Expected: Reject
- Result: Rejected
- Evidence:
InvalidTokenMint - Test:
tests/full-flow-test.ts
Attempt: Execute With Non-Treasury Token Source
- Expected: Reject
- Result: Rejected
- Evidence:
InvalidTreasuryTokenAuthority - Test:
tests/full-flow-test.ts
Attempt: Reuse Voter Record Across Proposals
- Expected: Reject
- Result: Rejected
- Evidence: vote PDA seed mismatch
- Test:
tests/private-dao.ts
Attempt: Commit Delegated Vote As Non-Delegatee
- Expected: Reject
- Result: Rejected
- Evidence:
NotDelegatee - Test:
tests/private-dao.ts
Attempt: Reuse Delegation From Another Proposal
- Expected: Reject
- Result: Rejected
- Evidence: delegation proposal-binding mismatch
- Test:
tests/private-dao.ts
Attempt: Force Partial State Mutation Through Failed Execute
- Expected: No mutation
- Result: Preserved
- Evidence:
isExecutedremains false; balances and status remain stable on failed paths - Test:
tests/full-flow-test.ts
Attempt: Force Partial State Mutation Through Failed Finalize
- Expected: No mutation
- Result: Preserved
- Evidence: status, reveal count, commit count, and unlock fields remain unchanged
- Test:
tests/full-flow-test.ts
Reviewer Note
This log is not a substitute for reading the formal security documents.
It is a compact attack-simulation index that helps an auditor jump quickly from:
- attack idea
- to expected safety property
- to repository evidence