Multi-asset synchronous vault (ERC-7575 settlement layer).
mini-7575-vault is a Foundry portfolio project for a reduced ERC-7575 design:
multiple asset vaults share one 18-decimal share token, with synchronous deposit/redeem.
- Build a practical bridge between ERC-4626 basics and full ERC-7575 production stacks
- Focus on settlement correctness, decimal normalization, and test-first development
- Keep scope intentionally reduced (no full KYC/permit/off-chain orchestration)
- Milestones and acceptance criteria: MILESTONES.md
- Internal day-by-day execution plan is maintained in the companion repo:
smart-contract-security-roadmap/mini-7575-vault-internal-roadmap.md
- Foundry installed (
forge,anvil,cast) - Git submodules available (
lib/forge-std,lib/openzeppelin-contracts)
forge installforge buildforge test -vvforge coverage --report summaryLatest baseline (Week 1, src/ only):
| Contract | Lines | Statements | Branches | Functions |
|---|---|---|---|---|
Vault.sol |
95.08% | 96.97% | 92.86% | 86.67% |
SafeTokenTransfers.sol |
100% | 100% | 100% | 100% |
Security notes: SECURITY.md
Slither is integrated in CI (.github/workflows/test.yml) with a dedicated slither job.
Recommended local setup:
- Python
3.12(recommended for compatibility) slither-analyzer
python -m pip install --upgrade pip slither-analyzer
slither . --exclude-low --exclude-informational --exclude-optimization --filter-paths "lib|test|script|out|cache|broadcast|.deps|artifacts"Windows workaround (when slither . cannot invoke forge from Python):
powershell -ExecutionPolicy Bypass -File .\script\run-slither.ps1Scan all contracts under src/:
powershell -ExecutionPolicy Bypass -File .\script\run-slither.ps1 -AllSourceanvilThere is no dedicated deployment script yet. Use forge create directly for now.
forge create src/mocks/MockERC20.sol:MockERC20 \
--rpc-url http://127.0.0.1:8545 \
--private-key <ANVIL_PRIVATE_KEY> \
--constructor-args "Mock USDC" "mUSDC" 18forge create src/Vault.sol:Vault \
--rpc-url http://127.0.0.1:8545 \
--private-key <ANVIL_PRIVATE_KEY> \
--constructor-args <MOCK_ERC20_ADDRESS>cast call <VAULT_ADDRESS> "asset()(address)" --rpc-url http://127.0.0.1:8545
cast call <VAULT_ADDRESS> "previewDeposit(uint256)(uint256)" 1000000000000000000 --rpc-url http://127.0.0.1:8545flowchart TB
U[User]
subgraph SL[ERC-7575 Settlement Layer]
direction TB
subgraph vaults[Asset Vaults]
direction TB
V1[USDC Vault]
V2[DAI Vault]
end
S[ShareToken · 18 decimals]
subgraph infra[Shared]
direction LR
R[Registry]
T[SafeTokenTransfers]
end
end
U -->|deposit| vaults
vaults -->|mint| S
vaults --> T
S -.->|lookup| R
U -->|redeem| S
S -->|burn| vaults
vaults -->|payout| U
Week 1 baseline — complete. Next up: Milestone B (ShareToken core).
- Scope and milestones are defined
- Minimal runnable
deposit/redeembaseline is implemented - Safe transfer hardening (
SafeTokenTransfers) wired into deposit/redeem - Vault active flag, pause/unpause, and
supportsInterface(IERC7575) -
test/EdgeCases.t.sol— boundary reverts and rounding edges - Fuzz tests for preview/deposit and preview/redeem parity (3 fuzz, 256 runs each)
- SECURITY.md — settlement-layer threat notes
- Coverage report captured in README (see above)
Tests: 41 passing across Vault.t.sol, EdgeCases.t.sol, VaultControls.t.sol, SafeTokenTransfers.t.sol
Week 2 entry: ShareToken, unregisterVault, getTotalNormalizedAssets, VaultFactory (see MILESTONES.md)
smart-contract-security-lab — vulnerability PoCs and audit-style reports