Closed dapp-whisperer closed 3 months ago
Job ID | af0016ce-d565-406e-917b-92dd8896cd76 |
Command | yarn && git submodule init && git submodule update && solc-select use 0.8.17 && cd packages/contracts/ && yarn echidna --test-mode assertion --test-limit 300000 |
Instance ID | i-0193c1c9f86c5b45e |
Instance Type | c5.2xlarge |
Status | Started |
Elapsed |
Job ID | af0016ce-d565-406e-917b-92dd8896cd76 |
Command | yarn && git submodule init && git submodule update && solc-select use 0.8.17 && cd packages/contracts/ && yarn echidna --test-mode assertion --test-limit 300000 |
Instance ID | i-0193c1c9f86c5b45e |
Instance Type | c5.2xlarge |
Status | Running |
Elapsed | 45 seconds |
Job ID | af0016ce-d565-406e-917b-92dd8896cd76 |
Command | yarn && git submodule init && git submodule update && solc-select use 0.8.17 && cd packages/contracts/ && yarn echidna --test-mode assertion --test-limit 300000 |
Instance ID | i-0193c1c9f86c5b45e |
Instance Type | c5.2xlarge |
Status | Running |
Elapsed | 45 seconds |
The recent updates introduce a comprehensive overhaul across various smart contracts, focusing on enhancing functionality, security, and efficiency. Key changes include the integration of TWAP (Time-Weighted Average Price) calculations, improved debt and collateral management, and streamlined contract interactions. Additionally, the system now better handles price feeds and updates, ensuring more robust and reliable financial operations.
File(s) | Summary |
---|---|
.github/workflows/invariant-test.yml |
Introduced a GitHub Actions workflow for invariant testing triggered by specific changes. |
packages/contracts/.../.gitignore |
Updated to ignore new files related to local deployment and testing. |
packages/contracts/contracts/ActivePool.sol , BorrowerOperations.sol |
Enhanced contract functionality with TWAP and EbtcMath , improved fee and debt handling. |
packages/contracts/contracts/CdpManager.sol , CdpManagerStorage.sol |
Refined CDP management, added TWAP debt calculation, and updated redemption logic. |
packages/contracts/contracts/ChainlinkAdapter.sol , EbtcFeed.sol |
Added contracts for price feed handling and adaptation. |
packages/contracts/contracts/Dependencies/... , Interfaces/... |
Introduced new dependencies, interfaces, and updated function signatures. |
packages/contracts/contracts/TestContracts/... |
Expanded testing contracts with new functionalities and invariant checks. |
"In the land of code and ether,
Where smart contracts weave and tether.
🐇A rabbit hopped, with changes bold,
Enhancing tales that smart contracts told.
With TWAP's dance and feeds so bright,
Our blockchain world shines with light."
🌟📜🚀
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Job ID | af0016ce-d565-406e-917b-92dd8896cd76 |
Command | yarn && git submodule init && git submodule update && solc-select use 0.8.17 && cd packages/contracts/ && yarn echidna --test-mode assertion --test-limit 300000 |
Instance ID | i-0193c1c9f86c5b45e |
Instance Type | c5.2xlarge |
Status | Success |
Elapsed | 19 hours 36 minutes 6 seconds |
Release 0.8
Builds on top of release-0.7 incorporating mitigations from the Immunefi Boosted Bounty, some new invariants, and a new (unused) governance role for the switcher between stETH/ETH 1:1 and stETH/ETH Chainlink market rate feeds.
PRs
Mitigations Post-Mortem
While the valid findings were low impact and wouldn't cause issues in practice, they are technically incorrect and/or inconsistent behavior.
The stake issue is due to the complexity of the accounting system and number of pathways that do the same thing. This was inherited from the Liquity codebase and if done again would gut+rewrite this entire logic at the start. Forking did not save time on this project, it cost more time due to the slow addition of new features and the complexities of their interaction.
Mitigation mindset 🦉 It's a pretty clear case of a missing property that should have caught this. Go through every variable and the system and ask:
The liquidation dust issue was due to parallel paths in liquidation that had very similar, but not quite identical, behavior. Again the right answer was likely a full rewrite due to this architectural issue which was known but not pursued as a change.
The chainlink function use was a DD issue. In practice we seriously doubt they could change the interface of these extremely prominent and deeply integrated feeds but it's technically correct.
Summary by CodeRabbit
New Features
Enhancements
Bug Fixes
Documentation