blockchain-web3-corelisted

# Blockchain / Web3 Core Shared model for the `blockchain-web3` cluster. On-chain code is **immutable, public, and adversarial** — once deployed, anyone can call it, read its state, and reorder/observe its transactions. That single fact drives every rule below. ## 1. The adversarial model (decide everything from here) - **Anyone can call any external function** in any order, any number of times. Never assume a caller, a sequence, or a single invocation. - **Everything on-chain is public** — "private" variables are readable; no secrets in contract state. - **Transactions are front-runnable / reorderable (MEV)** — the mempool is visible; assume an adversary can sandwich, front-run, or back-run any state-changing call. - **Deployed code is immutable** (absent an upgrade proxy) — a bug is permanent and exploitable for the contract's full TVL. There is no "ship and patch." ## 2. Non-negotiable contract-safety rules - **Checks-Effects-Interactions (CEI):** validate → update state → *then* make external calls. The canonical defense against **reentrancy** (+ a `nonReentrant` guard for value transfers). → `defi-amm-security` - **Access control:** explicit, least-privilege roles; prefer two-step ownership transfer (`Ownable2Step`); never leave an unguarded `selfdestruct`/`delegatecall`. - **Oracle manipulation:** never price off a spot AMM reserve an attacker can move in one block; use TWAP / multiple sources / circuit breakers. → `prediction-market-oracle-research` -