Skip to content

Audit fix gross settlement check #270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ZenGround0 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Audit fix gross settlement check #270

ZenGround0 wants to merge 2 commits into from

Conversation

@ZenGround0
Copy link
Contributor

@ZenGround0 ZenGround0 commented Jan 28, 2026

Closes #267

Claude and others added 2 commits January 28, 2026 20:01
@claude
fix(settlement): use requiredLockup in lockup sufficiency check
9883457 
Per audit recommendation, the lockup check now compares against
requiredLockup instead of grossSettledAmount. This is more direct
since requiredLockup is what we actually subtract from lockupCurrent.

The calculation of actualSettledDuration and requiredLockup is moved
before the check to make the comparison possible.

Fixes #267

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Cleanup
9eecda4
@FilOzzy FilOzzy added this to FOC Jan 28, 2026
@github-project-automation github-project-automation bot moved this to 📌 Triage in FOC Jan 28, 2026
wjmelements
wjmelements approved these changes Jan 29, 2026
View reviewed changes
Copy link
Collaborator

@wjmelements wjmelements left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is safe because solidity also does this check on the line

payer.lockupCurrent -= requiredLockup

If we are handling this underflow case with a custom error, we can make that subtraction unchecked.

@github-project-automation github-project-automation bot moved this from 📌 Triage to ✔️ Approved by reviewer in FOC Jan 29, 2026
@BigLep BigLep added this to the M4.5: GA Fast Follows milestone Jan 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wjmelements wjmelements wjmelements approved these changes

Assignees

No one assigned

Labels

None yet

Projects

FOC
Status: ✔️ Approved by reviewer
Payments
Status: No status

Milestone

M4.5: GA Fast Follows

Development

Successfully merging this pull request may close these issues.

Audit Fix 2: More direct safety check in gross settlement

4 participants

@ZenGround0 @wjmelements @BigLep