Foundry¶
Status¶
Evidence required. No Foundry project, foundry.toml, invariant suite, or forge test output was found in the current handbook repository or inspected Solidity snapshot.
Required Coverage Before Claiming Pass¶
- Deposit custody invariants and intent replay protection.
- Governor lifecycle invariants for propose, queue, execute, cancel, and final freeze.
- Controller receipt/source idempotency.
- Claim cap, executor grant, and pending-claim transitions.
- Settlement principal-first ordering.
- Vault exit and transfer authorization.
Production Evidence To Archive¶
Commit hash, foundry.toml, test list, invariant configuration, fuzz seeds, command output, gas/report artifacts if used, and failing-case reproduction for any fixed issue.
Evidence Model¶
| Field | Requirement |
|---|---|
| Purpose | Solidity unit, integration, invariant, and fork-adjacent tests. |
| Expected location | source test tree or reproducibility package. |
| Current local evidence status | Evidence required unless the named artifact is present in this repository or the Solidity source snapshot and has been inspected in the current run. |
| What it proves | contract-level behavior and revert conditions. |
| What it does not prove | deployed multisig custody, offchain oracle correctness, or production address wiring. |
| How to regenerate | Run the documented tool from a clean environment, archive command, commit/source hash, config, stdout/stderr, and result files. |
| Production requirement | Results must be tied to the exact source manifest lock, compiler version, dependency lock, and deployment artifact under review. |
| Owner responsible | Protocol engineering owns source/test correctness; security review owns independent challenge; governance owns accepting residual risk. |
| Failure meaning | A failure blocks release, launch, upgrade, or operation until root cause is fixed or explicitly accepted with documented risk. |
Review Notes¶
Do not write “pass” for Foundry without current evidence. If evidence is missing, stale, or tied to a different source snapshot, write Evidence required and keep the gap visible in the release or operations checklist.