-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
evm-contracts/deployment-audit-xhack #472
base: master
Are you sure you want to change the base?
Conversation
…ployment * audit: add missing whenNotPaused modifier * audit: fix amp factor logic in Pool * audit: emit additional events in Routing and Pool * fix: throw in propellerComplete() when not a Propeller transaction * fix: cap remunerated gas price by tx.gasprice * feat: make remunerated Propeller gas price depend on specific chain * feat: implement Decimal interface for fixedSwimUsdPerGasToken * feat: expose Wormhole nonce in function signatures for upcoming BatchVAAs * feat: catch Panic thrown by failed Wormhole interactions * feat: compile contracts using viaIR optimization * chore: improve gas estimation for Propeller gas fee remuneration * chore: have registerToken() clean up old registrations and check inputs * chore: clean-up and relocate contract structs, enums, events, and constants * chore: update constants after deployment
* feat: use token-projects package to determine token numbers * feat: use pool-math package for testing to replace hardcoded values * feat: include attestation of SwimUSD in deployment process when possible * feat: implement MOCK for Routing contract itself to isolate pool tests * refactor: replace BigNumber with more suited Decimal in test code * refactor: further improve test code and Wrapper classes
Deploying with Cloudflare Pages
|
✨ Deployment complete! Take a peek over at https://da62a50d.ui-storybook.pages.dev |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Didn't go into details on many functions because I'm lacking context. If you'd consider them security-critical, probably worth doing a follow-up audit soon.
print("---------------------") | ||
return [fr_profit, user_output] | ||
|
||
def profitability_threshold(swap_amount, debug=False): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love this whole setup
@@ -0,0 +1,3 @@ | |||
MNEMONIC=test test test test test test test test test test test junk | |||
FACTORY_MNEMONIC=try exercise column boring supreme corn fabric idea federal today hood equip |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"try exercise" :D
uint64 serviceFee; //specified in swimUSD | ||
//service fee specified in swimUSD | ||
uint64 serviceFee; | ||
//specified in atomic with 18 decimals, i.e. how many atomic swimUSD per 1 wei? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd have put a new line above, just to make sure it's not accidentally read as relating to serviceFee
@@ -393,12 +485,16 @@ contract Routing is | |||
toTokenInfo = tokenNumberMapping[swimPayload.toTokenNumber]; | |||
if (toTokenInfo.tokenNumber != 0) { | |||
//if toTokenNumber in swimPayload was invalid for whatever reason then just return | |||
//swimUsd to prevent propeller transaction from getting stuck | |||
// swimUsd to prevent propeller transaction from getting stuck |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious about the added space? I prefer this but most other comments don't have a leading space
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I use the indentation to signify "same paragraph" or even more generally to indicate that the line break is only a "line wrap".
} | ||
|
||
function setup(address[] calldata tokens_, uint[] calldata amounts_) external { | ||
require(msg.sender == _owner, "computer says no"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😂
@@ -12,10 +12,11 @@ import { task } from "hardhat/config"; | |||
import type { HardhatUserConfig, HttpNetworkUserConfig } from "hardhat/types"; | |||
|
|||
dotenv.config(); | |||
//update .env.examples if you add additional environment variables! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.env.example
@@ -38,6 +39,7 @@ task( | |||
async ({ proxy, logic, owner }, hre) => { | |||
const { ethers } = hre; | |||
const _owner = owner ? await ethers.getSigner(owner as string) : (await ethers.getSigners())[0]; | |||
//TODO check that proxy and logic exist |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct to still be a todo?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not anymore in a second
? 0 | ||
: Object.values(TokenProjectId) | ||
.map((id) => TOKEN_PROJECTS_BY_ID[id]) | ||
//TODO we're using includes() and lenght checking here instead of === here because e.g. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
*length
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
impressive catch
fixed version of #463 which accidentally included changes to pool-math package
see individual commit messages for an overview of the introduced changes
Checklist