fix: fixes after ChainSec and ABDK audits #152
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Now collateral check ensures that number of enabled _non-underlying_ tokens doesn't exceed the limit
Some additional `tokensToTransfer` validation is needed. Besides, USDT credit manager doesn't fit into max contract size.
* use mapping instead of fixed-length array to store queued accounts in `AccountFactoryV3` * ensure successor compatibility in `GearStakingV3` * add collateral hints validation * fix `creditAccounts(uint256 offset, uint256 limit)` * `getLTRampParamsHash` returns `bytes32` instead of `uint256` * tiny performance improvements * add some missing events and comments
lekhovitsky
force-pushed
the
audits-fixes
branch
from
bf83294 to
248c6ef
Compare
* refactor liquidation * fix credit logic library (namely, interest accrual functions when debt is 0) * fix tests related to account closure
…-remaining-funds-fix
`liquidateCreditAccount` ensures that remaining tokens balances don't increase during the multicall `BalancesLogic` library is reworked a bit: * it no longer mentions forbidden tokens (this is handled in the credit facade) * `compareBalances` functions received a `greater` parameter that dictates the direction
Bot's forbidden status is now global instead of per-manager. Due to this, it was more convenient to merge multiple mappings into a single `BotInfo` struct. There are also minor performance improvements and bug fixes (see older version of `setBotDAOFee`). Other changes are mostly refactoring, renaming and cosmetics.
…funds-fix' into audits-fixes
lekhovitsky
force-pushed
the
audits-fixes
branch
from
0c7f66a to
ab09db6
Compare
0xmikko
approved these changes
Nov 4, 2023
|
🎉 This PR is included in version 1.44.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In this PR:
CreditManagerV3,CreditFacadeV3:withdrawCollateralin multicallcloseCreditAccountnow requires account owner to repay debt viadecreaseDebtand withdraw remaining funds viawithdrawCollateral, the function exists primarily to return account to the factoryliquidateCreditAccountis reworked:addCollateralandwithdrawCollateralexternalCallandapproveToken(currently without entry-points in the facade)collateralHintsvalidation infullCollateralCheckBotListV3:withdrawCollateralforbiddenstatus is now global instead of per-managerPriceOracleV3:safeConvertToUSDthat for untrusted feeds uses minimum price of main and reserve feedsWithdrawalManagerV3:withdrawCollateral