Skip to content

Variable rate AuditFixes #547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
iamsahu wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Variable rate AuditFixes #547

iamsahu wants to merge 15 commits into from

Conversation

@iamsahu
Copy link
Contributor

@iamsahu iamsahu commented May 3, 2023
edited
Loading

This PR contains the fixes based on the reports the auditors submitted. The fixes were first implemented in the auditor-specific repos and then after their approval were aggregated and implemented in this repo. You can find the reports and PRs here:

  1. https://github.com/yieldprotocol/variable-rate-audit-DecorativePineapple
  2. https://github.com/yieldprotocol/variable-rate-audit-gogoauditor
  3. https://github.com/yieldprotocol/variable-rate-audit-parth-15
  4. https://github.com/yieldprotocol/variable-rate-audit-obheda12

We need to review if all the accepted changes in the above reports were implemented in this one.

@iamsahu iamsahu marked this pull request as ready for review May 4, 2023 13:57
@iamsahu iamsahu requested review from Sabnock01 and alcueca May 4, 2023 13:57
Sabnock01
Sabnock01 suggested changes May 9, 2023
View reviewed changes
remappings.txt
erc3156/=lib/ERC3156/
dss-interfaces/=lib/dss-interfaces/
openzeppelin/=lib/openzeppelin-contracts/
@openzeppelin/=lib/openzeppelin-contracts/
Copy link
Contributor

@Sabnock01 Sabnock01 May 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need node convention here?

src/variable/VRLadle.sol
IJoin baseJoin = getJoin(vault.baseId);
if (base < 0) baseJoin.join(vault.owner, uint128(-base));
if (base > 0) baseJoin.exit(to, uint128(base));
else baseJoin.exit(to, uint128(base));
Copy link
Contributor

@Sabnock01 Sabnock01 May 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if base is 0? That wasn't being checked before but is now?

Copy link
Contributor Author

@iamsahu iamsahu May 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On 325 we are checking that base != 0

src/variable/VRLadle.sol
// ---- Asset and debt management ----

/// @dev Move collateral and debt between vaults.
function stir(
Copy link
Contributor

@Sabnock01 Sabnock01 May 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why was stir moved exactly?

Copy link
Contributor

@alcueca alcueca May 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't update the global debt counters when ilkId != baseId. It could be fixed, but at the same time we haven't ever used it, so better to just reduce the attack surface.

src/test/variable/VYToken.t.sol
}
}

contract FlashLoanEnabledStateTests is FlashLoanEnabledState {
Copy link
Contributor

@Sabnock01 Sabnock01 May 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove all these tests exactly?

Copy link
Contributor Author

@iamsahu iamsahu May 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since, flash loan was removed the tests are removed as well.

src/test/variable/VRLadle.t.sol
ladle.give(vaultId, admin);
}

function testOnlyOwnerCouldMove() public {
Copy link
Contributor

@Sabnock01 Sabnock01 May 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove so many tests from this file? Is it because they're already tested elsewhere?

Copy link
Contributor Author

@iamsahu iamsahu May 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tests related to stir were removed.

alcueca
alcueca reviewed May 18, 2023
View reviewed changes
alcueca
alcueca reviewed May 18, 2023
View reviewed changes
alcueca
alcueca reviewed May 18, 2023
View reviewed changes
alcueca
alcueca reviewed May 18, 2023
View reviewed changes
alcueca
alcueca approved these changes May 18, 2023
View reviewed changes
Copy link
Contributor

@alcueca alcueca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just cosmetic changes required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@Sabnock01 Sabnock01 Sabnock01 requested changes

@alcueca alcueca alcueca approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@iamsahu @Sabnock01 @alcueca