Skip to content

fix: break critical cross-contract cascade chain (C-1)#48

Merged
hackercf merged 1 commit intomasterfrom
v1.5
Mar 10, 2026
Merged

fix: break critical cross-contract cascade chain (C-1)#48
hackercf merged 1 commit intomasterfrom
v1.5

Conversation

@hackercf
Copy link
Contributor

@hackercf hackercf commented Mar 10, 2026

Summary

  • Reject zero/negative oracle prices at pyth-adapter before downstream propagation (H-1, H-9, M-15)
  • Bound exponent [-18, 18] and future timestamps to 60s tolerance (M-3, M-2)
  • Enforce time-delta range [60s, 7200s] (M-1)
  • Guard division-by-zero in utilization-calc and elapsed-time underflow in accrue-interest (H-2, H-10, L-32)
  • Unconditionally reject zero repay amount in liquidator (H-1 defense-in-depth)

Test plan

  • 207/207 tests pass
  • clarinet check — 36 contracts pass
  • No state-v1 modifications
  • New pyth-adapter oracle hardening tests (price, exponent, timestamp, time-delta bounds)
  • New utilization zero-total-assets test
  • All existing test suites updated for simnet-aligned timestamps

@hackercf
fix: break critical cross-contract cascade chain (C-1)
c8ca3e0 
Phase 1 security fixes from v2 audit (2026-03-10):

pyth-adapter-v1:
- Reject zero/negative prices before to-uint conversion (H-1, H-9, M-15)
- Bound exponent to [-18, 18] to prevent pow overflow (M-3)
- Cap future timestamps to 60s tolerance (M-2)
- Enforce time-delta range [60s, 7200s] (M-1)
- Remove dead zero-price branch in check-confidence
- Add named constants MAXIMUM_TIME_DELTA, FUTURE_TIMESTAMP_TOLERANCE

linear-kinked-ir-v1:
- Guard utilization-calc division by zero on total-assets (H-2)
- Guard elapsed-block-time underflow with saturation to u0 (H-10)

linear-kinked-ir-utility:
- Same division-by-zero and elapsed-time underflow guards (L-32)

liquidator-v1:
- Unconditionally reject zero repay amount (H-1 defense-in-depth)

tests:
- Add pyth-adapter oracle hardening tests (price, exponent, timestamp, time-delta)
- Add utilization zero-total-assets test
- Fix pyth test helpers to use simnet-aligned timestamps
- Update all test files for time-delta max of 7200
- Add price refreshes for long-running test scenarios

207/207 tests pass. No state-v1 modifications.
hackercf
hackercf commented Mar 10, 2026
View reviewed changes
@hackercf hackercf merged commit 6e71adf into master Mar 10, 2026
4 checks passed
@hackercf hackercf deleted the v1.5 branch March 10, 2026 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hackercf