Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add order deletion #7

Merged
merged 6 commits into from
Aug 31, 2022
Merged

Add order deletion #7

merged 6 commits into from
Aug 31, 2022

Conversation

fedgiac
Copy link
Contributor

@fedgiac fedgiac commented Aug 25, 2022

Adds a function for users to get back their ETH if the order wasn't executed.

For now we send ETH back to the user using transfers. This avoids reentrancy but adds a risk of users losing funds as they might not be able to cancel an order anymore.

Note that the conversion of ETH to WETH and vice-versa will be handled in a follow-up PR.

Another unfortunate observation is that Foundry doesn't support mocking a revert from a contract.

Test plan

New unit tests.

@fedgiac fedgiac requested a review from a team August 25, 2022 14:17
Copy link
Contributor

@josojo josojo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Super nice!

src/CoWSwapEthFlow.sol Outdated Show resolved Hide resolved
@@ -47,6 +47,10 @@ library EthFlowOrder {
/// @dev An order that is owned by this address is an order that has not yet been assigned.
address public constant NO_OWNER = address(0);

/// @dev An order that is owned by this address is an order that has been invalidated. Note that this address cannot
/// be directly used to create orders.
address public constant INVALIDATED_OWNER = address(type(uint160).max);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why don't you set it to NO_OWNER?

Is it because the order is still existing in the settlement contract and hence a new order placement would fail? Probably deleting the old order is too expensive?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The worse that could happen is that the order was partially filled, the user cancels it, and then another completely different user creates an order with the same parameters. Then they would "inherit" the state of filledAmount, which would mean that (part of) their ETH is lost forever. (The same would happen for a fill-or-kill order that was cancelled, which is currently possible and returns 0 ETH.)
It's not possible to just clear the state of filledAmount, so I don't see a way around this. The most similar function is invalidateOrder in the settlement contract, but this just sets filledAmount to maxUint256.

test/CoWSwapEthFlow.t.sol Show resolved Hide resolved
test/CoWSwapEthFlow.t.sol Outdated Show resolved Hide resolved
test/CoWSwapEthFlow.t.sol Show resolved Hide resolved
Copy link

@bh2smith bh2smith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All looks good, but I noticed several conditions that could cause order deletion to fail and only one of those conditions appears to be tested... is there a plan to test the other branches of this condition. Like owner is no owner or invalid owner.

src/CoWSwapEthFlow.sol Show resolved Hide resolved
test/CoWSwapEthFlow.t.sol Outdated Show resolved Hide resolved
@fedgiac
Copy link
Contributor Author

fedgiac commented Aug 26, 2022

The revert conditions that are tested are:

  • not an owner and not expired (testCannotDeleteValidOrdersIfNotOwner)
  • deleting order with no owner (testOrderDeletionRevertsIfDeletingUninitializedOrder)
  • deleting invalidated order (testOrderDeletionRevertsIfDeletingOrderTwice)
  • sending eth fails (testOrderDeletionRevertsIfSendingEthFails)

These cases are the negation of each proposition that is currently joined by || that leads to a revert statement. Something that could be missing is testing all subpropositions separately, so for example all of:

  • no owner + not expired + not owner
  • no owner + expired + not owner
  • no owner + not expired + owner
  • no owner + expired + owner
  • invalidated + not expired + not owner
  • invalidated + expired + not owner
  • invalidated + not expired + owner
  • invalidated + expired + owner

This is useful to test that the logic of the revert condition was written correctly, on the other hand it seems that it might be too much and could clutter the tests.

src/CoWSwapEthFlow.sol Outdated Show resolved Hide resolved
Copy link
Contributor

@nlordell nlordell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@fedgiac fedgiac merged commit b51eb3a into main Aug 31, 2022
@fedgiac fedgiac deleted the order-cancellation branch August 31, 2022 10:23
@fedgiac fedgiac mentioned this pull request Aug 31, 2022
@fedgiac fedgiac mentioned this pull request Sep 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants