Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Eth instant withdraw #347

Open
wants to merge 28 commits into
base: main
Choose a base branch
from
Open

Eth instant withdraw #347

wants to merge 28 commits into from

Conversation

zhoujia6139
Copy link
Contributor

Security Checklist

  • 1. Re-Entrancy
  • 2. Arithmetic Over/Under Flows
  • 3. Unexpected Ether
  • 4. Delegatecall
  • 5. Default Visibilities
  • 6. Entropy Illusion
  • 7. External Contract Referencing
  • 8. Short Address/Parameter Attack (off chain)
  • 9. Unchecked CALL Return Values
  • 10. Race Conditions / Front Running
  • 11. Denial Of Service (DOS)
  • 12. Block Timestamp Manipulation
  • 13. Constructors with Care
  • 14. Uninitialized Storage Pointers
  • 15. Floating Points and Precision
  • 16. Tx.Origin Authentication
  • 17. Address.isContract Re-Entrancy via Constructor

⚠️ NOTES ⚠️

Make sure to think about each of these exploits in this PR.

@zhoujia6139 zhoujia6139 requested a review from a team as a code owner March 11, 2023 03:59
GopherJ
GopherJ reviewed Mar 13, 2023
View reviewed changes
contracts/protocol/libraries/types/DataTypes.sol
@@ -386,6 +448,20 @@ library DataTypes {
uint16 _apeCompoundFee;
// Map of user's ape compound strategies
mapping(address => ApeCompoundStrategy) _apeCompoundStrategies;
// Reserve storage for ape staking
uint256[20] __apeStakingReserve;
Copy link
Contributor

@GopherJ GopherJ Mar 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shall we rename it to be __apeStakingGap

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reserve 有预留的意思,感觉比gap好点吧

GopherJ
GopherJ reviewed Mar 13, 2023
View reviewed changes
contracts/protocol/libraries/logic/ValidationLogic.sol Outdated
);
uint256 availableLiquidityPlusDebt = availableLiquidity + totalDebt;
uint256 usageRatio = totalDebt.rayDiv(availableLiquidityPlusDebt);
require(usageRatio <= 0.8e27, Errors.USAGE_RATIO_TOO_HIGH);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we make this a constant?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这个主要是不确定需求上是不是个constant

GopherJ
GopherJ reviewed Mar 13, 2023
View reviewed changes
contracts/protocol/pool/PoolInstantWithdraw.sol
VAULT_CONTRACT,
VAULT_CONTRACT,
borrowAmount,
discountRate
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why it's not reserve.currentStableBorrowRate?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current requirement is using discountRate as borrow rate.

GopherJ
GopherJ reviewed Mar 13, 2023
View reviewed changes
contracts/protocol/pool/PoolInstantWithdraw.sol
);

uint256 presentValue = IInstantNFTOracle(WITHDRAW_ORACLE)
.getPresentValueByDiscountRate(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will return static value but the loan collateral's present value should be dynamic right.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Walid 实现不对吧。presentValue肯定与Duration有关,不能只与discountRate有关。

jfzhou5
jfzhou5 reviewed Mar 14, 2023
View reviewed changes
contracts/protocol/pool/PoolInstantWithdraw.sol
borrower: msg.sender,
collateralAsset: collateralAsset,
collateralTokenId: collateralTokenId.toUint64(),
collateralAmount: collateralAmount.toUint64(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

collateralAmount 使用 uint64不太够吧,NFT合约那边 这个amount 有可能是 32e18 这种数据

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这个不同于erc20的amount,不会很大,之前讨论的是1万 或是 100万

@zhoujia6139 zhoujia6139 force-pushed the eth_instant_withdraw branch from 5a4499c to 6994559 Compare March 15, 2023 00:11
@zhoujia6139 zhoujia6139 force-pushed the eth_instant_withdraw branch from 6994559 to 3bb1016 Compare March 15, 2023 01:51
zhoujia6139 and others added 13 commits March 15, 2023 14:32
@zhoujia6139
chore: add multicall to support complex operation
aab411f
@zhoujia6139
chore: fix deploy
83ba1ae
@zhoujia6139
chore: deploy stable debt token address for all asset
ecfdee6
@GopherJ
chore: protect goerli paraproxyinterfaces
8bf3282 
Signed-off-by: GopherJ <[email protected]>
@GopherJ
chore: support mnemonic in anvil fork
3cf9d61 
Signed-off-by: GopherJ <[email protected]>
@GopherJ
fix: warning
cc06130 
Signed-off-by: GopherJ <[email protected]>
@GopherJ
chore: bump hardhat
15722c3 
Signed-off-by: GopherJ <[email protected]>
@GopherJ
chore: bump version
d90d8ea 
Signed-off-by: GopherJ <[email protected]>
@GopherJ
Merge remote-tracking branch 'origin/main' into eth_instant_withdraw
af0e157
@GopherJ
fix: add missing stableBorrowing flag
8f033e7 
Signed-off-by: GopherJ <[email protected]>
@zhoujia6139
Merge branch 'main' into eth_instant_withdraw
f9c90cf
@zhoujia6139
chore: fix lint
47d85f4
@zhoujia6139
chore: fix and extract total debt calculation logic
11526ee
zhoujia6139 and others added 7 commits March 28, 2023 16:08
@zhoujia6139
chore: add event
393306a
@GopherJ @WalidOfNow
feat: initiate eth withdrawal (#339)
847be59 
* chore: validator launch

Signed-off-by: GopherJ <[email protected]>

* fix: typo

Signed-off-by: GopherJ <[email protected]>

* fix: wrong url

Signed-off-by: GopherJ <[email protected]>

* fix: typo

Signed-off-by: GopherJ <[email protected]>

* fix: invalidToken

Signed-off-by: GopherJ <[email protected]>

* fix: chainId

Signed-off-by: GopherJ <[email protected]>

* fix: validator

Signed-off-by: GopherJ <[email protected]>

* chore: add setup/shutdown-validators command

Signed-off-by: GopherJ <[email protected]>

* fix: geth syncing

Signed-off-by: GopherJ <[email protected]>

* chore: generate deposit data

Signed-off-by: GopherJ <[email protected]>

* chore: rename to launch-validators

Signed-off-by: GopherJ <[email protected]>

* feat: add depositContract & register-validators

Signed-off-by: GopherJ <[email protected]>

* chore: rename

Signed-off-by: GopherJ <[email protected]>

* feat: initiate eth withdrawal

Signed-off-by: GopherJ <[email protected]>

* fix: typo

Signed-off-by: GopherJ <[email protected]>

* fix: lint

Signed-off-by: GopherJ <[email protected]>

* fix: address comparison

Signed-off-by: GopherJ <[email protected]>

* feat: use erc1155 instead

Signed-off-by: GopherJ <[email protected]>

* feat: e2e

Signed-off-by: GopherJ <[email protected]>

* chore: adds the present value oracle logic

* fix: build

Signed-off-by: GopherJ <[email protected]>

* fix: use old formula until the new one is fully ready

Signed-off-by: GopherJ <[email protected]>

* chore: temporary fix

Signed-off-by: GopherJ <[email protected]>

* chore: support both goerli & zhejiang

Signed-off-by: GopherJ <[email protected]>

* chore: switch to task

Signed-off-by: GopherJ <[email protected]>

* fix: zhejiang launch

Signed-off-by: GopherJ <[email protected]>

* chore: add getter

Signed-off-by: GopherJ <[email protected]>

* chore: updates the present value formula

* fix: typo

Signed-off-by: GopherJ <[email protected]>

* chore: adds test function helpers for calculating present value

* chore: use shares

Signed-off-by: GopherJ <[email protected]>

* chore: typo fix

* chore: typo fix

* chore: typo fix

* chore: adds more test cases for present value logic

* chore: removes unused vars

* chore: fixes tests numbers

* fix: use shares instead

Signed-off-by: GopherJ <[email protected]>

* chore: fix invalid command & make goerli the default

Signed-off-by: GopherJ <[email protected]>

* chore: add missing restart always

Signed-off-by: GopherJ <[email protected]>

* chore: add dummy svg

Signed-off-by: GopherJ <[email protected]>

* feat: add basic svg token uri

Signed-off-by: GopherJ <[email protected]>

---------

Signed-off-by: GopherJ <[email protected]>
Co-authored-by: 0xwalid <[email protected]>
@GopherJ
fix: build
fd70146 
Signed-off-by: GopherJ <[email protected]>
@GopherJ
fix: size
1062dfa 
Signed-off-by: GopherJ <[email protected]>
@GopherJ
chore: remove unused exitEpoch,withdrawableEpoch
c409605 
Signed-off-by: GopherJ <[email protected]>
@GopherJ
chore: rename
cbf1703 
Signed-off-by: GopherJ <[email protected]>
@GopherJ
chore: use dynamic uri
896d988 
Signed-off-by: GopherJ <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jfzhou5 jfzhou5 jfzhou5 left review comments

@GopherJ GopherJ GopherJ left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zhoujia6139 @GopherJ @jfzhou5