Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit: 3.2. Pool Ratio Adjustment #115

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Audit: 3.2. Pool Ratio Adjustment #115

wants to merge 1 commit into from

Conversation

auroter
Copy link
Member

@auroter auroter commented Feb 18, 2025

This PR addresses issues with the pool ratio adjustment. The problem was:
1- Pool ratio adjustment is not truly accurate for non-pro-rata curves.
2- Pool ratio adjustment is always 1:1 for non-pro-rata curves.
3- Pro rata curve does not use bonding curve methods anyway

The Pool Ratio Adjustment logic has simply been removed for these reasons, and comments have been updated accordingly.

@github-actions GitHub Actions
Copy link

Summary of Test Results if Merged To Main:

  • Full logs & artifacts are available in the Actions tab
  • This comment will update automatically with new CI runs

✅ All 107 tests passed! (0 skipped, Total: 107)

Test Results for Merge

Test Suite Status Coverage Time
test/unit/EthMultiVault/EmergencyReedemAtom.t.sol 100% (4/4) 0.003s
test/unit/EthMultiVault/RedeemAtom.t.sol 100% (4/4) 0.003s
test/unit/EthMultiVault/RedeemAtomCurve.t.sol 100% (4/4) 0.003s
test/unit/EthMultiVault/AdminMultiVault.t.sol 100% (16/16) 0.009s
test/unit/EthMultiVault/Approvals.t.sol 100% (2/2) 0.001s
test/unit/EthMultiVault/CreateTriple.t.sol 100% (6/6) 0.011s
test/BaseTest.sol 100% (2/2) 0.004s
test/unit/EthMultiVault/RedeemTriple.t.sol 100% (5/5) 0.008s
test/unit/EthMultiVault/BatchCreateAtom.t.sol 100% (2/2) 0.002s
test/unit/EthMultiVault/DepositAtom.t.sol 100% (4/4) 0.006s
test/unit/EthMultiVault/RedeemTripleCurve.t.sol 100% (5/5) 0.008s
test/unit/EthMultiVault/DepositAtomCurve.t.sol 100% (4/4) 0.010s
test/unit/EthMultiVault/BatchCreateTriple.t.sol 100% (4/4) 0.015s
test/unit/EthMultiVault/CreateAtom.t.sol 100% (6/6) 0.003s
test/unit/EthMultiVault/DepositTriple.t.sol 100% (4/4) 0.011s
test/unit/EthMultiVault/DepositTripleCurve.t.sol 100% (4/4) 0.007s
test/unit/EthMultiVault/UseCases.t.sol 100% (6/6) 0.041s
test/unit/EthMultiVault/Helpers.t.sol 100% (4/4) 0.004s
test/unit/EthMultiVault/Profit.t.sol 100% (11/11) 0.022s
test/unit/EthMultiVault/EmergencyRedeemTriple.t.sol 100% (5/5) 0.061s

🔒 Security Analysis

⚠️ Found 1 High and 1 Medium severity issues

High Severity Issues

arbitrary-send-eth

Impact: AtomWallet._call(address,uint256,bytes) (src/AtomWallet.sol#214-221) sends eth to arbitrary user Dangerous calls: - (success,result) = target.call{value: value}(data) (src/AtomWallet.sol#215)

Affected Files:

  • src/AtomWallet.sol
View Detailed Findings
  • src/AtomWallet.sol:214 in _call

Medium Severity Issues

View Medium Severity Issues ##### incorrect-equality **Impact**: EthMultiVault._validateTimelock(bytes32) (src/EthMultiVault.sol#2161-2173) uses a dangerous strict equality: - timelock.readyTime == 0 (src/EthMultiVault.sol#2164)

Affected Files:

  • src/EthMultiVault.sol

  • src/EthMultiVault.sol:2161 in _validateTimelock

Recommended Actions

  1. Review and fix all high severity issues before deployment
  2. Implement thorough testing for affected components
  3. Consider additional security measures:
    • Access controls
    • Input validation
    • Invariant checks

⛽ Gas Analysis

📊 First gas snapshot created

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mihailo-maksa mihailo-maksa mihailo-maksa approved these changes

@mcclurejt mcclurejt Awaiting requested review from mcclurejt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@auroter @mihailo-maksa