Release 0.8

[dapp-whisperer]

Release 0.8

Builds on top of release-0.7 incorporating mitigations from the Immunefi Boosted Bounty, some new invariants, and a new (unused) governance role for the switcher between stETH/ETH 1:1 and stETH/ETH Chainlink market rate feeds.

PRs

• https://github.com/ebtc-protocol/ebtc/pull/793 use non-deprecated method for getting roundId() from ETH/USD and BTC/USD feeds. Don't propagate use of deprecated feed.
• https://github.com/ebtc-protocol/ebtc/pull/789 ensure stake is updated properly on failed partial redemption to incorporate changes from rebase accounting. Incorporate POC as unit test and add new properties which would catch issue.
  • see https://github.com/ebtc-protocol/ebtc/pull/791 for isolated invariants addition PR
• https://github.com/ebtc-protocol/ebtc/pull/787 ensure no dust surplus is generated when liquidating CDPs with ICR<=MCR while the system is in recovery mode. In normal mode, there should never be surplus as by definition all CDPs being liquidated are <= MCR. So any dust surplus that is calculated is sent to the liquidator instead. For CDPs <= MCR being liquidated in recovery mode the logic is duplicated.
• https://github.com/ebtc-protocol/ebtc/pull/784 adds new governance role for the switcher between stETH/ETH 1:1 and stETH/ETH Chainlink market rate feeds. Usused.

Mitigations Post-Mortem

While the valid findings were low impact and wouldn't cause issues in practice, they are technically incorrect and/or inconsistent behavior.

The stake issue is due to the complexity of the accounting system and number of pathways that do the same thing. This was inherited from the Liquity codebase and if done again would gut+rewrite this entire logic at the start. Forking did not save time on this project, it cost more time due to the slow addition of new features and the complexities of their interaction.

Mitigation mindset 🦉 It's a pretty clear case of a missing property that should have caught this. Go through every variable and the system and ask:

• how is this variable incorporated into system properties?

The liquidation dust issue was due to parallel paths in liquidation that had very similar, but not quite identical, behavior. Again the right answer was likely a full rewrite due to this architectural issue which was known but not pursued as a change.

The chainlink function use was a DD issue. In practice we seriously doubt they could change the interface of these extremely prominent and deeply integrated feeds but it's technically correct.

Summary by CodeRabbit

• New Features

  • Introduced GitHub Actions workflow for invariant testing on contract updates.
  • Added new contracts and functionalities for handling TWAP (Time-Weighted Average Price), price feeds, and debt calculations.
  • Implemented new logic for handling collateral surplus and liquidation processes.
  • Enhanced oracle integration with Chainlink and fallback mechanisms for price feeds.
  • Updated governance and authority management in contracts.
  • Added new testing contracts and invariants for robust system validation.

• Enhancements

  • Refined debt and collateral management functionalities across various contracts.
  • Improved price feed adaptability and reliability with new interfaces and adapters.
  • Streamlined CDP (Collateralized Debt Position) management and liquidation logic.

• Bug Fixes

  • Addressed issues in stake and surplus calculations during liquidations.
  • Fixed TWAP calculation inaccuracies and integration with external APIs.

• Documentation

  • Enhanced inline documentation for new functionalities and testing scenarios.

[getrecon-bot]

Job ID	af0016ce-d565-406e-917b-92dd8896cd76
Command	yarn && git submodule init && git submodule update && solc-select use 0.8.17 && cd packages/contracts/ && yarn echidna --test-mode assertion --test-limit 300000
Instance ID	i-0193c1c9f86c5b45e
Instance Type	c5.2xlarge
Status	Started
Elapsed

[getrecon-bot]

Job ID	af0016ce-d565-406e-917b-92dd8896cd76
Command	yarn && git submodule init && git submodule update && solc-select use 0.8.17 && cd packages/contracts/ && yarn echidna --test-mode assertion --test-limit 300000
Instance ID	i-0193c1c9f86c5b45e
Instance Type	c5.2xlarge
Status	Running
Elapsed	45 seconds

[getrecon-bot]

Job ID	af0016ce-d565-406e-917b-92dd8896cd76
Command	yarn && git submodule init && git submodule update && solc-select use 0.8.17 && cd packages/contracts/ && yarn echidna --test-mode assertion --test-limit 300000
Instance ID	i-0193c1c9f86c5b45e
Instance Type	c5.2xlarge
Status	Running
Elapsed	45 seconds

[coderabbitai[bot]]

Walkthrough

The recent updates introduce a comprehensive overhaul across various smart contracts, focusing on enhancing functionality, security, and efficiency. Key changes include the integration of TWAP (Time-Weighted Average Price) calculations, improved debt and collateral management, and streamlined contract interactions. Additionally, the system now better handles price feeds and updates, ensuring more robust and reliable financial operations.

Changes

File(s)	Summary
.github/workflows/invariant-test.yml	Introduced a GitHub Actions workflow for invariant testing triggered by specific changes.
packages/contracts/.../.gitignore	Updated to ignore new files related to local deployment and testing.
packages/contracts/contracts/ActivePool.sol, BorrowerOperations.sol	Enhanced contract functionality with TWAP and EbtcMath, improved fee and debt handling.
packages/contracts/contracts/CdpManager.sol, CdpManagerStorage.sol	Refined CDP management, added TWAP debt calculation, and updated redemption logic.
packages/contracts/contracts/ChainlinkAdapter.sol, EbtcFeed.sol	Added contracts for price feed handling and adaptation.
packages/contracts/contracts/Dependencies/..., Interfaces/...	Introduced new dependencies, interfaces, and updated function signatures.
packages/contracts/contracts/TestContracts/...	Expanded testing contracts with new functionalities and invariant checks.

"In the land of code and ether,
Where smart contracts weave and tether.
🐇A rabbit hopped, with changes bold,
Enhancing tales that smart contracts told.
With TWAP's dance and feeds so bright,
Our blockchain world shines with light."
🌟📜🚀

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

---

Tips

### Chat There are 3 ways to chat with CodeRabbit: - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit-tests for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit tests for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit tests.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger a review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - The JSON schema for the configuration file is available [here](https://coderabbit.ai/integrations/coderabbit-overrides.v2.json). - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json` ### CodeRabbit Discord Community Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback.

[getrecon-bot]

Job ID	af0016ce-d565-406e-917b-92dd8896cd76
Command	yarn && git submodule init && git submodule update && solc-select use 0.8.17 && cd packages/contracts/ && yarn echidna --test-mode assertion --test-limit 300000
Instance ID	i-0193c1c9f86c5b45e
Instance Type	c5.2xlarge
Status	Success
Elapsed	19 hours 36 minutes 6 seconds