Avax deployers

[aazhou1]

Summary by CodeRabbit

• New Features
  • Introduced a new GitHub Actions workflow for deploying strategies on the Avalanche network.
  • Added a new GitHub Actions workflow for deploying vaults on the Avalanche network.

[coderabbitai]

Walkthrough

This pull request introduces two new GitHub Actions workflow files for deploying Yearn infrastructure on the Avalanche network. The deploy-avax-strategy.yaml and deploy-avax-vault.yaml workflows enable manual deployment of strategies and vaults respectively. Both workflows use Foundry for building and deploying, leverage GitHub secrets for sensitive information, and provide flexible configuration options through workflow dispatch inputs.

Changes

File	Change Summary
.github/workflows/deploy-avax-strategy.yaml	New workflow for manually deploying a strategy on Avalanche network with configurable parameters and deployment script
.github/workflows/deploy-avax-vault.yaml	New workflow for manually deploying a vault on Avalanche network with comprehensive deployment configuration

Sequence Diagram

sequenceDiagram
    participant User
    participant GitHub Actions
    participant Foundry
    participant Avalanche Network

    User->>GitHub Actions: Trigger workflow_dispatch
    GitHub Actions->>GitHub Actions: Validate input parameters
    GitHub Actions->>Foundry: Install toolchain
    Foundry->>Foundry: Build project
    Foundry->>Avalanche Network: Broadcast deployment transaction
    Avalanche Network-->>Foundry: Deployment confirmation

Loading

Possibly related PRs

• strategy management script #53: Changes in VaultStrategySwitch contract related to strategy management, which aligns with the Avalanche strategy deployment workflow

Poem

🚀 Avalanche Deploy, Oh What a Sight!
Workflows dancing with rabbit delight
Forge scripts ready, secrets tight
Strategies and vaults take their flight
Blockchain magic on a winter's night! 🐰✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.23%. Comparing base (719c53a) to head (18e9659).
Report is 3 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #112   +/-   ##
=======================================
  Coverage   89.23%   89.23%           
=======================================
  Files           5        5           
  Lines         604      604           
  Branches       90       90           
=======================================
  Hits          539      539           
  Misses         54       54           
  Partials       11       11           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (5)

.github/workflows/deploy-avax-vault.yaml (3)

46-48: Update environment URL to point to network explorer

The current URL points to static documentation. Consider updating it to point to the Avalanche C-Chain explorer where the deployed vault can be viewed, using the deployed contract address as a variable.

   environment: 
     name: avalanche
-    url: https://term-finance.github.io/yearn-v3-term-vault/
+    url: https://snowtrace.io/address/${{ env.DEPLOYED_VAULT_ADDRESS }}

🧰 Tools

🪛 yamllint (1.35.1)

[error] 46-46: trailing spaces

(trailing-spaces)

---

42-42: Fix YAML formatting issues

Remove trailing spaces and add newline at end of file.

-    
+
   environment: 
+  environment:
   
-  
+

Also applies to: 46-46, 79-79

🧰 Tools

🪛 yamllint (1.35.1)

[error] 42-42: trailing spaces

(trailing-spaces)

---

44-77: Add security hardening measures

Consider implementing these security improvements:

1. Add permissions field to limit GitHub token scope
2. Implement environment protection rules for the avalanche environment
3. Add timeouts to prevent hanging deployments

Add these configurations:

permissions:
  contents: read

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

timeout-minutes: 10

🧰 Tools

🪛 actionlint (1.7.4)

58-58: shellcheck reported issue in this script: SC2086:info:1:74: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

[error] 46-46: trailing spaces

(trailing-spaces)

---

[warning] 60-60: too many spaces after colon

(colons)

.github/workflows/deploy-avax-strategy.yaml (2)

61-61: Consider making gas price configurable.

The hard-coded gas price of 500000000000 might not be optimal for all market conditions on Avalanche. Consider making this configurable through workflow inputs.

-      - run: forge script script/Strategy.s.sol:DeployStrategy --rpc-url $RPC_URL --broadcast --gas-price  500000000000  --verify --verbosity 4
+      - run: forge script script/Strategy.s.sol:DeployStrategy --rpc-url $RPC_URL --broadcast --gas-price ${{ github.event.inputs.gasPrice || '500000000000' }} --verify --verbosity 4

🧰 Tools

🪛 actionlint (1.7.4)

61-61: shellcheck reported issue in this script: SC2086:info:1:61: Double quote to prevent globbing and word splitting

(shellcheck)

---

1-85: Fix YAML formatting issues.

There are several formatting issues in the file:

• Trailing spaces on lines 45, 49, and 85
• Missing newline at end of file
• Extra spaces after colons

🧰 Tools

🪛 actionlint (1.7.4)

61-61: shellcheck reported issue in this script: SC2086:info:1:61: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 49-49: trailing spaces

(trailing-spaces)

---

[warning] 63-63: too many spaces after colon

(colons)

---

[error] 85-85: no new line character at the end of file

(new-line-at-end-of-file)

---

[error] 85-85: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 719c53a and 18e9659.

📒 Files selected for processing (2)

• .github/workflows/deploy-avax-strategy.yaml (1 hunks)
• .github/workflows/deploy-avax-vault.yaml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/deploy-avax-strategy.yaml

61-61: shellcheck reported issue in this script: SC2086:info:1:61: Double quote to prevent globbing and word splitting

(shellcheck)

.github/workflows/deploy-avax-vault.yaml

58-58: shellcheck reported issue in this script: SC2086:info:1:74: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

.github/workflows/deploy-avax-strategy.yaml

[error] 45-45: trailing spaces

(trailing-spaces)

---

[error] 49-49: trailing spaces

(trailing-spaces)

---

[warning] 63-63: too many spaces after colon

(colons)

---

[error] 85-85: no new line character at the end of file

(new-line-at-end-of-file)

---

[error] 85-85: trailing spaces

(trailing-spaces)

.github/workflows/deploy-avax-vault.yaml

[error] 42-42: trailing spaces

(trailing-spaces)

---

[error] 46-46: trailing spaces

(trailing-spaces)

---

[warning] 60-60: too many spaces after colon

(colons)

---

[error] 79-79: no new line character at the end of file

(new-line-at-end-of-file)

---

[error] 79-79: trailing spaces

(trailing-spaces)

🔇 Additional comments (2)

.github/workflows/deploy-avax-strategy.yaml (2)

1-3: LGTM! Well-structured workflow configuration.

The workflow is appropriately named and configured for manual triggering, which is suitable for deployment operations.

---

4-44: Verify input parameter validation in deployment script.

While the workflow parameters are well-documented, there are potential concerns:

1. Default '0x' for addresses could lead to deployment failures if not properly validated
2. Decimal values (e.g., discountRateMarkup, requiredReserveRatio) need proper validation

Let's verify the validation logic in the deployment script:

✅ Verification successful

Input parameters are properly validated in the deployment script

The deployment script includes comprehensive validation:

1. Address validation:
   • Proper length and hex format checking in parseAddress
   • Underlying vault asset verification in checkUnderlyingVaultAsset
2. Numeric validation:
   • Proper digit validation in parseUint
   • Array parsing validation for collateral tokens and ratios
3. Environment variables are used instead of workflow defaults, ensuring proper validation at runtime

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for input parameter validation in the Strategy.s.sol script
ast-grep --pattern 'function run() $_ {
  $$$
  require($_);
  $$$
}'

Length of output: 71

---

Script:

#!/bin/bash
# Let's first find the deployment script
fd "Strategy.s.sol|deploy.*strategy.*\.s\.sol" --type f

# Then let's look for any validation logic in deployment-related files
rg -i "require|assert|revert" -A 3 -B 3 --type sol

# Also search for parameter handling
rg -i "constructor|function.*deploy" -A 5 -B 2 --type sol

Length of output: 248

---

Script:

#!/bin/bash
# Found the script file, let's examine its contents
cat script/Strategy.s.sol

# Also look for any validation patterns without file type restriction
rg -i "require|assert|revert" script/Strategy.s.sol

# And check parameter handling
rg -i "constructor|function.*deploy" script/Strategy.s.sol

Length of output: 10196

[coderabbitai]

🛠️ Refactor suggestion

Add environment variable verification and post-deployment checks

1. Add verification step for required environment variables
2. Capture and verify the deployed vault address
3. Add post-deployment verification steps

Add these steps after the deployment:

      - name: Verify environment variables
        run: |
          required_vars=("RPC_URL" "PRIVATE_KEY" "ETHERSCAN_API_KEY" "VAULT_FACTORY" "ACCOUNTANT_FACTORY")
          for var in "${required_vars[@]}"; do
            if [ -z "${!var}" ]; then
              echo "Error: Required environment variable $var is not set"
              exit 1
            fi
          done

      - name: Verify deployment
        run: |
          # Add verification of the deployed vault
          # Example: Check if the vault contract is verified on Snowtrace
          # Check if the vault parameters match the inputs

🧰 Tools

🪛 yamllint (1.35.1)

[warning] 60-60: too many spaces after colon

(colons)

[coderabbitai]

⚠️ Potential issue

Fix script command quoting

The forge script command should have quotes around the script path and arguments to prevent issues with special characters.

-      - run: forge script script/VaultManagement.s.sol:SetupVaultManagement --rpc-url $RPC_URL --broadcast --verify --verbosity 4
+      - run: forge script "script/VaultManagement.s.sol:SetupVaultManagement" --rpc-url "$RPC_URL" --broadcast --verify --verbosity 4

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- run: forge script script/VaultManagement.s.sol:SetupVaultManagement --rpc-url $RPC_URL --broadcast --verify --verbosity 4
	- run: forge script "script/VaultManagement.s.sol:SetupVaultManagement" --rpc-url "$RPC_URL" --broadcast --verify --verbosity 4

🧰 Tools

🪛 actionlint (1.7.4)

58-58: shellcheck reported issue in this script: SC2086:info:1:74: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

⚠️ Potential issue

Add input validation and improve default values

Several improvements needed for the workflow inputs:

1. The default value '0x' for addresses is invalid. Consider removing default values for required addresses.
2. Add input validation for Ethereum addresses using a pattern constraint.
3. Document the expected units for numerical inputs (e.g., profitMaxUnlockTime in seconds? depositLimit in wei?).

Example fix for the asset input:

   asset:
     description: 'Asset address'
     required: true
-    default: '0x'
+    pattern: '^0x[a-fA-F0-9]{40}$'

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

⚠️ Potential issue

Remove or justify IS_TEST=true in production deployment.

Setting IS_TEST=true in a production deployment workflow is concerning. This might bypass important safety checks.

Please either:

1. Remove this environment variable for production deployments
2. Document why it's necessary to have it set to true

[coderabbitai]

🛠️ Refactor suggestion

Add post-deployment verification steps.

The workflow would benefit from additional steps to verify the deployment success:

1. Verify the deployed contract is operational
2. Check if the strategy is properly initialized
3. Validate key parameters

Would you like me to provide an example of post-deployment verification steps?

🧰 Tools

🪛 actionlint (1.7.4)

61-61: shellcheck reported issue in this script: SC2086:info:1:61: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 yamllint (1.35.1)

[warning] 63-63: too many spaces after colon

(colons)

[coderabbitai]

💡 Codebase verification

Documentation URL is not accessible

The environment URL https://term-finance.github.io/yearn-v3-term-vault/ returns a 404 error, indicating that the GitHub Pages documentation site is either not published or incorrectly configured. Please ensure that:

• The GitHub Pages site is properly set up for the repository
• The documentation is published to the correct branch
• The URL path is accurate

🔗 Analysis chain

Verify the documentation URL accessibility.

The environment URL points to a GitHub Pages documentation site. Please ensure this documentation is publicly accessible and contains relevant deployment information.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if the documentation URL is accessible
curl -I https://term-finance.github.io/yearn-v3-term-vault/

Length of output: 1063

🧰 Tools

🪛 yamllint (1.35.1)

[error] 49-49: trailing spaces

(trailing-spaces)

[coderabbitai]

⚠️ Potential issue

Fix shell script quoting for security.

The forge script command should have its arguments properly quoted to prevent word splitting and potential injection issues.

-      - run: forge script script/Strategy.s.sol:DeployStrategy --rpc-url $RPC_URL --broadcast --gas-price  500000000000  --verify --verbosity 4
+      - run: forge script "script/Strategy.s.sol:DeployStrategy" --rpc-url "$RPC_URL" --broadcast --gas-price "500000000000" --verify --verbosity 4

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- run: forge script script/Strategy.s.sol:DeployStrategy --rpc-url $RPC_URL --broadcast --gas-price 500000000000 --verify --verbosity 4
	- run: forge script "script/Strategy.s.sol:DeployStrategy" --rpc-url "$RPC_URL" --broadcast --gas-price "500000000000" --verify --verbosity 4

🧰 Tools

🪛 actionlint (1.7.4)

61-61: shellcheck reported issue in this script: SC2086:info:1:61: Double quote to prevent globbing and word splitting

(shellcheck)