M04 - minBptFunction robustness #1795
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ys pegged. (Vault value checker shall be used to mitigate issues with said assumption)
sparrowDom
requested review from
DanielVF,
naddison36 and
shahthepro
as code owners
3 tasks
naddison36
approved these changes
Aug 30, 2023
contracts/contracts/strategies/balancer/BaseBalancerStrategy.sol
Outdated
Show resolved
Hide resolved
…/M04-minBptFunction
DanielVF
reviewed
Aug 30, 2023
contracts/contracts/strategies/balancer/BaseBalancerStrategy.sol
Outdated
Show resolved
Hide resolved
DanielVF
reviewed
Aug 30, 2023
DanielVF
reviewed
Aug 30, 2023
| .mulTruncate(strategyAssetMarketPrice) | ||
| .divPrecisely(bptRate); | ||
| uint256 poolAssetRate = getRateProviderRate(_asset); | ||
| bptExpected = _amount.mulTruncate(poolAssetRate).divPrecisely(bptRate); |
There was a problem hiding this comment.
We don't have to change anything here but,
This:
bptExpected = _amount.mulTruncate(poolAssetRate).divPrecisely(bptRate);is doing this:
bptExpected = ((_amount * poolAssetRate / 1e18) * 1e18 / bptRate);Which is the same as
bptExpected = _amount * poolAssetRate / bptRateThis stable math library we are using is also using the safe math library under the hood, which adds unneeded overhead to the contracts.
Again, no change needed, just something to think about for the future.
There was a problem hiding this comment.
I haven't though of that, good point. The mulTruncate + divPrecisely could cancel the 1e18 multiplication & division out.
We could do that change, though adding a comment would probably make sense, since the though process can easily be forgotten.
|
I think the oracle portion of this comment may be out of date: |
DanielVF
reviewed
Aug 30, 2023
| @@ -214,30 +215,13 @@ contract BalancerMetaPoolStrategy is BaseAuraStrategy { | |||
| ); | |||
|
|
|||
| for (uint256 i = 0; i < _strategyAssets.length; ++i) { | |||
There was a problem hiding this comment.
Fun to think about what would happen if we passed in the same asset multiple times in the _strategyAssets array and _strategyAmounts array.
I don't think there would be an issue. The last one would set the amount used for the withdraw, but after the the the withdraw the strategy would try to transfer all of the amounts out, which should fail, since only the last amount was withdrawn from the strategy.
There was a problem hiding this comment.
Yes that is a great thought. Quickly glancing through the code I would expect this inner loop: https://github.com/OriginProtocol/origin-dollar/blob/sparrowDom/balancer-sfrxETH-stETH-rETH/contracts/contracts/strategies/balancer/BalancerMetaPoolStrategy.sol#L265-L293 to only consider the last entry in the strategyAssets & _strategyAmount of the duplicated assets to be considered. And it would withdraw too little from the balancer pool and pay too much in BPT tokens.
And as you've said the ERC20 transfer out as the final step of the function should fail.
DanielVF
reviewed
Aug 30, 2023
| * | ||
| * Since we only have oracle prices for the unwrapped version of the assets the equation | ||
| * turns into: | ||
| * To mitigate MEV possibilities VaultValueChecker in conjunction with checkBalance will catch |
There was a problem hiding this comment.
This sentence could be "To mitigate MEV possibilities during deposits and withdraws, the VaultValueChecker will use checkBalance before and after the move to ensure the expected changes took place."
DanielVF
approved these changes
Aug 30, 2023
4 tasks
|
thanks @DanielVF nice catch regarding the oracle comment. Have corrected that one as well. |
sparrowDom
added a commit
that referenced
this pull request
Sep 21, 2023
* initail commit * intermediary commit * commit research files * balancer booster abi * intermittent commit * add base balancer contract that implements checkBalance functionality * add some additional initial integration * intermittent commit * add deployment file * add fork test fixture * intermittent commit * prettier * add basic withdrawal / deposit functionality * correct the BPT calculation * prettier + lint * simplify the BPT price calculation * add read-only re-entrancy protection * add some missing tests and adjust existing. Deparate deposit and withdrawal slippage * fix check balance implementation * Balancer review changes (#1726) * Generated contract docs * Refactor Balancer storage variables * Small Balancer changes * Natspec updates Added missing licensing getPoolAssets gas optimized * Updated generated Balancer strategy contract diagrams * fix contract linter * Removed restrictions on tests * Small gas improvements Fixed Slither * Change BalancerError version * Updated constant names Addresses to use checksum format * JS lint tasks * Updated Balancer and Aura pool id constants * Removed getRateProviderRate as it wasn't being used Refactored to remove poolAssetsMapped storage variable * Updated OETH Contracts diagrams Generated new Balancer contract diagrams * Fix failing test * Fix merge conflict * Restored getRateProviderRate * Natspec updates Added toPoolAsset override * Removed unused getRateProviderRate * Natspec updates Gas optimization of InitializableAbstractStrategy * Abstract strategy gas improvements (#1719) * Refactor base strategy to use immutables * Fixed strategy deployments in 001_core and fixtures * Generated new strategy diagrams * Deploy rETH instead of the stETH Balancer MetaStable Pool * removed unused Aura config * Balancer fork tests * Added check that BPT amount equals Aura LP amount Added rETH conversion to ETH value * Updated balancer strat fork tests * Updated Balancer fork tests * Added optional deposit with multiple assets to the strategy * Single asset deposit to use multi asset deposit * Added optional checkBalance to Balancer strategy * Added checkBalance() to BaseBalancerStrategy * Fix slither Fix curve HH task * Added multi-asset withdraw to balancer strategy * Fix multi-asset withdraw * Updated Balancer and Vault diagrams * Fix js linter * Fixed checkBalance of rETH asset in Balancer strategy * Only wrap assets if amount > 0 Added depositAll fork test for Balancer strat * Removed Vault changes for multi-asset strategy support * Updated generated docs * Add tests for wstETH/WETH Balancer pool (#1725) * Split deployment and fix fixtures * Deposit tests for wstETH/WETH pool * Add withdraw test * prettier * remove .only in fork tests --------- Co-authored-by: Shahul Hameed <[email protected]> * [ DFD-1 ] Balancer's checkBalance (#1730) * add alternative implementation of Balancer's checkBalance * correct the checkBalance implementation * Balancer fork tests (#1727) * Added large withdraw tests for Balancer strategy * fix test log * Balancer withdraw to handle close to BPT limit * Small change to Balancer withdraw fork test * add some comments * change implementation --------- Co-authored-by: Domen Grabec <[email protected]> * Add read-only reentrancy test (#1731) * Added large withdraw tests for Balancer strategy * fix test log * Balancer withdraw to handle close to BPT limit * Small change to Balancer withdraw fork test * add some comments * Add test for read-only reentrancy * add reentrancy protection to checkBalance functions * add documentation * remove the only --------- Co-authored-by: Nicholas Addison <[email protected]> Co-authored-by: Domen Grabec <[email protected]> * Balancer fixes (#1734) * prettier * adjust how checkBalance is calculated * Balancer withdrawal fix (#1739) * fix balancer withdrawals * lint * prettier * use only 1 safeApprove when applicable * some renames and more correct application of approves * renames, additional requires, move initializer to a better location, slither * bug fix * Generated latest Balancer strategy diagrams * re-deploy BPT tokens sitting in the strategy * fix re-entrancy test * fixture fix * bug fix * prettier * L02 improve naming (#1783) * improve naming * one more rename * buf fix * do a check that supported assets are being withdrawn (#1784) * set uint256 max instead of magic number (#1782) * remove unused files (#1785) * fix renaming bug * correct safe approve all tokens and adjust the documentation (#1776) * prettier * M04 - minBptFunction robustness (#1795) * change bptExpected to ignore Oracle prices and assume assets are always pegged. (Vault value checker shall be used to mitigate issues with said assumption) * fix all the tests * add test for pool manipulation * prettier & lint * minor change * add withdrawal test * update documentation * pick string error length that is smaller than 32 characters * prettier * correct comment * better comments * prettier * M02 withdrawal fuzzing tests (#1801) * add more withdrawal tests * add more withdrawal cases * N02 gas inefficiencies (#1786) * gas optimisation * fix bad merge and prettier * remove todo comments (#1796) * use a more appropriate array initialisation length (#1800) * more consistant function naming (#1797) * fix typo (#1798) * simplify the way we withdrawAll. no need to pass along min amonts (#1777) * M03 - missing or misleading documentation (#1781) * improve documentation * add comma * M01 More comprehensive test suite (#1780) * add tests for approving tokens and harvesting rewards * prettier and lint * fix bad merge + prettier & lint * fix fork tests remove .only * remove only * lint * fix unit tests * add more tests to see how checkBalance behaves * remove console log * improve checkBalance test by testing that checkBalance amount doesn't decrease after the attack comaring to the middle of the attack. * confirm that yield gained by 3rd party tilting the pool can be extracted by withdrawing the funds * rename internal functions by prepending them with underscore * Generated latest Balancer strategy diagrams (#1805) * bug fix * bug fix * Minor Balancer changes from final review (#1819) * Removed unused imports * Generated updated contract diagram --------- Co-authored-by: Nick Addison <[email protected]> Co-authored-by: Shahul Hameed <[email protected]>
sparrowDom
added a commit
that referenced
this pull request
Sep 27, 2023
* initail commit * intermediary commit * commit research files * balancer booster abi * intermittent commit * add base balancer contract that implements checkBalance functionality * add some additional initial integration * intermittent commit * add deployment file * add fork test fixture * intermittent commit * prettier * add basic withdrawal / deposit functionality * correct the BPT calculation * prettier + lint * simplify the BPT price calculation * add read-only re-entrancy protection * add some missing tests and adjust existing. Deparate deposit and withdrawal slippage * fix check balance implementation * Balancer review changes (#1726) * Generated contract docs * Refactor Balancer storage variables * Small Balancer changes * Natspec updates Added missing licensing getPoolAssets gas optimized * Updated generated Balancer strategy contract diagrams * fix contract linter * Removed restrictions on tests * Small gas improvements Fixed Slither * Change BalancerError version * Updated constant names Addresses to use checksum format * JS lint tasks * Updated Balancer and Aura pool id constants * Removed getRateProviderRate as it wasn't being used Refactored to remove poolAssetsMapped storage variable * Updated OETH Contracts diagrams Generated new Balancer contract diagrams * Fix failing test * Fix merge conflict * Restored getRateProviderRate * Natspec updates Added toPoolAsset override * Removed unused getRateProviderRate * Natspec updates Gas optimization of InitializableAbstractStrategy * Abstract strategy gas improvements (#1719) * Refactor base strategy to use immutables * Fixed strategy deployments in 001_core and fixtures * Generated new strategy diagrams * Deploy rETH instead of the stETH Balancer MetaStable Pool * removed unused Aura config * Balancer fork tests * Added check that BPT amount equals Aura LP amount Added rETH conversion to ETH value * Updated balancer strat fork tests * Updated Balancer fork tests * Added optional deposit with multiple assets to the strategy * Single asset deposit to use multi asset deposit * Added optional checkBalance to Balancer strategy * Added checkBalance() to BaseBalancerStrategy * Fix slither Fix curve HH task * Added multi-asset withdraw to balancer strategy * Fix multi-asset withdraw * Updated Balancer and Vault diagrams * Fix js linter * Fixed checkBalance of rETH asset in Balancer strategy * Only wrap assets if amount > 0 Added depositAll fork test for Balancer strat * Removed Vault changes for multi-asset strategy support * Updated generated docs * Add tests for wstETH/WETH Balancer pool (#1725) * Split deployment and fix fixtures * Deposit tests for wstETH/WETH pool * Add withdraw test * prettier * remove .only in fork tests --------- Co-authored-by: Shahul Hameed <[email protected]> * [ DFD-1 ] Balancer's checkBalance (#1730) * add alternative implementation of Balancer's checkBalance * correct the checkBalance implementation * Balancer fork tests (#1727) * Added large withdraw tests for Balancer strategy * fix test log * Balancer withdraw to handle close to BPT limit * Small change to Balancer withdraw fork test * add some comments * change implementation --------- Co-authored-by: Domen Grabec <[email protected]> * Add read-only reentrancy test (#1731) * Added large withdraw tests for Balancer strategy * fix test log * Balancer withdraw to handle close to BPT limit * Small change to Balancer withdraw fork test * add some comments * Add test for read-only reentrancy * add reentrancy protection to checkBalance functions * add documentation * remove the only --------- Co-authored-by: Nicholas Addison <[email protected]> Co-authored-by: Domen Grabec <[email protected]> * Balancer fixes (#1734) * prettier * adjust how checkBalance is calculated * Balancer withdrawal fix (#1739) * fix balancer withdrawals * lint * prettier * use only 1 safeApprove when applicable * some renames and more correct application of approves * renames, additional requires, move initializer to a better location, slither * bug fix * Generated latest Balancer strategy diagrams * re-deploy BPT tokens sitting in the strategy * fix re-entrancy test * fixture fix * bug fix * prettier * L02 improve naming (#1783) * improve naming * one more rename * buf fix * do a check that supported assets are being withdrawn (#1784) * set uint256 max instead of magic number (#1782) * remove unused files (#1785) * fix renaming bug * correct safe approve all tokens and adjust the documentation (#1776) * prettier * M04 - minBptFunction robustness (#1795) * change bptExpected to ignore Oracle prices and assume assets are always pegged. (Vault value checker shall be used to mitigate issues with said assumption) * fix all the tests * add test for pool manipulation * prettier & lint * minor change * add withdrawal test * update documentation * pick string error length that is smaller than 32 characters * prettier * correct comment * better comments * prettier * M02 withdrawal fuzzing tests (#1801) * add more withdrawal tests * add more withdrawal cases * N02 gas inefficiencies (#1786) * gas optimisation * fix bad merge and prettier * remove todo comments (#1796) * use a more appropriate array initialisation length (#1800) * more consistant function naming (#1797) * fix typo (#1798) * simplify the way we withdrawAll. no need to pass along min amonts (#1777) * M03 - missing or misleading documentation (#1781) * improve documentation * add comma * M01 More comprehensive test suite (#1780) * add tests for approving tokens and harvesting rewards * prettier and lint * fix bad merge + prettier & lint * fix fork tests remove .only * remove only * lint * fix unit tests * add more tests to see how checkBalance behaves * remove console log * improve checkBalance test by testing that checkBalance amount doesn't decrease after the attack comaring to the middle of the attack. * confirm that yield gained by 3rd party tilting the pool can be extracted by withdrawing the funds * rename internal functions by prepending them with underscore * Generated latest Balancer strategy diagrams (#1805) * bug fix * bug fix * Minor Balancer changes from final review (#1819) * Removed unused imports * Generated updated contract diagram * Deploy Balancer Meta stable pool RETH strategy * update deploy description * fix typo * add proposal Id to deploy script * prettier --------- Co-authored-by: Nick Addison <[email protected]> Co-authored-by: Shahul Hameed <[email protected]>
sparrowDom
added a commit
that referenced
this pull request
Sep 27, 2023
* initail commit * intermediary commit * commit research files * balancer booster abi * intermittent commit * add base balancer contract that implements checkBalance functionality * add some additional initial integration * intermittent commit * add deployment file * add fork test fixture * intermittent commit * prettier * add basic withdrawal / deposit functionality * correct the BPT calculation * prettier + lint * simplify the BPT price calculation * add read-only re-entrancy protection * add some missing tests and adjust existing. Deparate deposit and withdrawal slippage * fix check balance implementation * Balancer review changes (#1726) * Generated contract docs * Refactor Balancer storage variables * Small Balancer changes * Natspec updates Added missing licensing getPoolAssets gas optimized * Updated generated Balancer strategy contract diagrams * fix contract linter * Removed restrictions on tests * Small gas improvements Fixed Slither * Change BalancerError version * Updated constant names Addresses to use checksum format * JS lint tasks * Updated Balancer and Aura pool id constants * Removed getRateProviderRate as it wasn't being used Refactored to remove poolAssetsMapped storage variable * Updated OETH Contracts diagrams Generated new Balancer contract diagrams * Fix failing test * Fix merge conflict * Restored getRateProviderRate * Natspec updates Added toPoolAsset override * Removed unused getRateProviderRate * Natspec updates Gas optimization of InitializableAbstractStrategy * Abstract strategy gas improvements (#1719) * Refactor base strategy to use immutables * Fixed strategy deployments in 001_core and fixtures * Generated new strategy diagrams * Deploy rETH instead of the stETH Balancer MetaStable Pool * removed unused Aura config * Balancer fork tests * Added check that BPT amount equals Aura LP amount Added rETH conversion to ETH value * Updated balancer strat fork tests * Updated Balancer fork tests * Added optional deposit with multiple assets to the strategy * Single asset deposit to use multi asset deposit * Added optional checkBalance to Balancer strategy * Added checkBalance() to BaseBalancerStrategy * Fix slither Fix curve HH task * Added multi-asset withdraw to balancer strategy * Fix multi-asset withdraw * Updated Balancer and Vault diagrams * Fix js linter * Fixed checkBalance of rETH asset in Balancer strategy * Only wrap assets if amount > 0 Added depositAll fork test for Balancer strat * Removed Vault changes for multi-asset strategy support * Updated generated docs * Add tests for wstETH/WETH Balancer pool (#1725) * Split deployment and fix fixtures * Deposit tests for wstETH/WETH pool * Add withdraw test * prettier * remove .only in fork tests --------- Co-authored-by: Shahul Hameed <[email protected]> * [ DFD-1 ] Balancer's checkBalance (#1730) * add alternative implementation of Balancer's checkBalance * correct the checkBalance implementation * Balancer fork tests (#1727) * Added large withdraw tests for Balancer strategy * fix test log * Balancer withdraw to handle close to BPT limit * Small change to Balancer withdraw fork test * add some comments * change implementation --------- Co-authored-by: Domen Grabec <[email protected]> * Add read-only reentrancy test (#1731) * Added large withdraw tests for Balancer strategy * fix test log * Balancer withdraw to handle close to BPT limit * Small change to Balancer withdraw fork test * add some comments * Add test for read-only reentrancy * add reentrancy protection to checkBalance functions * add documentation * remove the only --------- Co-authored-by: Nicholas Addison <[email protected]> Co-authored-by: Domen Grabec <[email protected]> * Balancer fixes (#1734) * prettier * adjust how checkBalance is calculated * Balancer withdrawal fix (#1739) * fix balancer withdrawals * lint * prettier * use only 1 safeApprove when applicable * some renames and more correct application of approves * renames, additional requires, move initializer to a better location, slither * bug fix * Generated latest Balancer strategy diagrams * re-deploy BPT tokens sitting in the strategy * fix re-entrancy test * fixture fix * bug fix * prettier * L02 improve naming (#1783) * improve naming * one more rename * buf fix * do a check that supported assets are being withdrawn (#1784) * set uint256 max instead of magic number (#1782) * remove unused files (#1785) * fix renaming bug * correct safe approve all tokens and adjust the documentation (#1776) * prettier * M04 - minBptFunction robustness (#1795) * change bptExpected to ignore Oracle prices and assume assets are always pegged. (Vault value checker shall be used to mitigate issues with said assumption) * fix all the tests * add test for pool manipulation * prettier & lint * minor change * add withdrawal test * update documentation * pick string error length that is smaller than 32 characters * prettier * correct comment * better comments * prettier * M02 withdrawal fuzzing tests (#1801) * add more withdrawal tests * add more withdrawal cases * N02 gas inefficiencies (#1786) * gas optimisation * fix bad merge and prettier * remove todo comments (#1796) * use a more appropriate array initialisation length (#1800) * more consistant function naming (#1797) * fix typo (#1798) * simplify the way we withdrawAll. no need to pass along min amonts (#1777) * M03 - missing or misleading documentation (#1781) * improve documentation * add comma * M01 More comprehensive test suite (#1780) * add tests for approving tokens and harvesting rewards * prettier and lint * fix bad merge + prettier & lint * fix fork tests remove .only * remove only * lint * fix unit tests * add more tests to see how checkBalance behaves * remove console log * improve checkBalance test by testing that checkBalance amount doesn't decrease after the attack comaring to the middle of the attack. * confirm that yield gained by 3rd party tilting the pool can be extracted by withdrawing the funds * rename internal functions by prepending them with underscore * Generated latest Balancer strategy diagrams (#1805) * bug fix * bug fix * Minor Balancer changes from final review (#1819) * Removed unused imports * Generated updated contract diagram * Deploy Balancer Meta stable pool RETH strategy * update deploy description * fix typo * add proposal Id to deploy script * prettier * create a deploy file * file rename * improve wording * fix name redundancy --------- Co-authored-by: Nick Addison <[email protected]> Co-authored-by: Shahul Hameed <[email protected]>
sparrowDom
added a commit
that referenced
this pull request
Oct 3, 2023
* initail commit * intermediary commit * commit research files * balancer booster abi * intermittent commit * add base balancer contract that implements checkBalance functionality * add some additional initial integration * intermittent commit * add deployment file * add fork test fixture * intermittent commit * prettier * add basic withdrawal / deposit functionality * correct the BPT calculation * prettier + lint * simplify the BPT price calculation * add read-only re-entrancy protection * add some missing tests and adjust existing. Deparate deposit and withdrawal slippage * fix check balance implementation * Balancer review changes (#1726) * Generated contract docs * Refactor Balancer storage variables * Small Balancer changes * Natspec updates Added missing licensing getPoolAssets gas optimized * Updated generated Balancer strategy contract diagrams * fix contract linter * Removed restrictions on tests * Small gas improvements Fixed Slither * Change BalancerError version * Updated constant names Addresses to use checksum format * JS lint tasks * Updated Balancer and Aura pool id constants * Removed getRateProviderRate as it wasn't being used Refactored to remove poolAssetsMapped storage variable * Updated OETH Contracts diagrams Generated new Balancer contract diagrams * Fix failing test * Fix merge conflict * Restored getRateProviderRate * Natspec updates Added toPoolAsset override * Removed unused getRateProviderRate * Natspec updates Gas optimization of InitializableAbstractStrategy * Abstract strategy gas improvements (#1719) * Refactor base strategy to use immutables * Fixed strategy deployments in 001_core and fixtures * Generated new strategy diagrams * Deploy rETH instead of the stETH Balancer MetaStable Pool * removed unused Aura config * Balancer fork tests * Added check that BPT amount equals Aura LP amount Added rETH conversion to ETH value * Updated balancer strat fork tests * Updated Balancer fork tests * Added optional deposit with multiple assets to the strategy * Single asset deposit to use multi asset deposit * Added optional checkBalance to Balancer strategy * Added checkBalance() to BaseBalancerStrategy * Fix slither Fix curve HH task * Added multi-asset withdraw to balancer strategy * Fix multi-asset withdraw * Updated Balancer and Vault diagrams * Fix js linter * Fixed checkBalance of rETH asset in Balancer strategy * Only wrap assets if amount > 0 Added depositAll fork test for Balancer strat * Removed Vault changes for multi-asset strategy support * Updated generated docs * Add tests for wstETH/WETH Balancer pool (#1725) * Split deployment and fix fixtures * Deposit tests for wstETH/WETH pool * Add withdraw test * prettier * remove .only in fork tests --------- Co-authored-by: Shahul Hameed <[email protected]> * [ DFD-1 ] Balancer's checkBalance (#1730) * add alternative implementation of Balancer's checkBalance * correct the checkBalance implementation * Balancer fork tests (#1727) * Added large withdraw tests for Balancer strategy * fix test log * Balancer withdraw to handle close to BPT limit * Small change to Balancer withdraw fork test * add some comments * change implementation --------- Co-authored-by: Domen Grabec <[email protected]> * Add read-only reentrancy test (#1731) * Added large withdraw tests for Balancer strategy * fix test log * Balancer withdraw to handle close to BPT limit * Small change to Balancer withdraw fork test * add some comments * Add test for read-only reentrancy * add reentrancy protection to checkBalance functions * add documentation * remove the only --------- Co-authored-by: Nicholas Addison <[email protected]> Co-authored-by: Domen Grabec <[email protected]> * Balancer fixes (#1734) * prettier * adjust how checkBalance is calculated * Balancer withdrawal fix (#1739) * fix balancer withdrawals * lint * prettier * use only 1 safeApprove when applicable * some renames and more correct application of approves * renames, additional requires, move initializer to a better location, slither * bug fix * Generated latest Balancer strategy diagrams * re-deploy BPT tokens sitting in the strategy * fix re-entrancy test * fixture fix * bug fix * prettier * L02 improve naming (#1783) * improve naming * one more rename * buf fix * do a check that supported assets are being withdrawn (#1784) * set uint256 max instead of magic number (#1782) * remove unused files (#1785) * fix renaming bug * correct safe approve all tokens and adjust the documentation (#1776) * prettier * M04 - minBptFunction robustness (#1795) * change bptExpected to ignore Oracle prices and assume assets are always pegged. (Vault value checker shall be used to mitigate issues with said assumption) * fix all the tests * add test for pool manipulation * prettier & lint * minor change * add withdrawal test * update documentation * pick string error length that is smaller than 32 characters * prettier * correct comment * better comments * prettier * M02 withdrawal fuzzing tests (#1801) * add more withdrawal tests * add more withdrawal cases * N02 gas inefficiencies (#1786) * gas optimisation * fix bad merge and prettier * remove todo comments (#1796) * use a more appropriate array initialisation length (#1800) * more consistant function naming (#1797) * fix typo (#1798) * simplify the way we withdrawAll. no need to pass along min amonts (#1777) * M03 - missing or misleading documentation (#1781) * improve documentation * add comma * M01 More comprehensive test suite (#1780) * add tests for approving tokens and harvesting rewards * prettier and lint * fix bad merge + prettier & lint * fix fork tests remove .only * remove only * lint * fix unit tests * add more tests to see how checkBalance behaves * remove console log * improve checkBalance test by testing that checkBalance amount doesn't decrease after the attack comaring to the middle of the attack. * confirm that yield gained by 3rd party tilting the pool can be extracted by withdrawing the funds * rename internal functions by prepending them with underscore * Generated latest Balancer strategy diagrams (#1805) * bug fix * bug fix * Minor Balancer changes from final review (#1819) * Removed unused imports * Generated updated contract diagram * Deploy Balancer Meta stable pool RETH strategy * update deploy description * fix typo * add proposal Id to deploy script * prettier * create a deploy file * file rename * improve wording * fix name redundancy * re-deploy Balancer rETH/WETH strategy * add proposal id * improve deploy proposal wording * update proposal id * Prettify --------- Co-authored-by: Nick Addison <[email protected]> Co-authored-by: Shahul Hameed <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Things in this PR:
minBptExpectedfunction ignores oracle prices and considers only rate of rateProviders. Meaning that strategy is assuming that assets are peggedFrom audit report:
The getBPTExpected functions are used to calculate the minimum amount of BPTs to
receive when depositing liquidity, or the maximum amount of BPTs to provide when
withdrawing liquidity. They calculate the underlying ETH value of the assets to deposit/
withdraw, and divide it by the price of a BPT in terms of the pool's underlying base asset.
There are two issues with this:
Based on which oracles are being used, the strategy's asset price might be stale, which
will result in an over/underestimation of the correct number of BPTs.
The calculation assumes normal market conditions, namely that the pool's underlying
base asset is trading at 1-1 parity with ETH. stETH or frxETH depegging from ETH
would make this untrue, resulting in an overestimation of the amount of BPTs.
Overestimating the BPT amount can result in reverts during deposits while underestimating
them can result in reverts during withdrawals. Consider accurately calculating the exact
number of BPTs required for these operations using Balancer's StableMath.