Conversation
Phase 1 security fixes from v2 audit (2026-03-10): pyth-adapter-v1: - Reject zero/negative prices before to-uint conversion (H-1, H-9, M-15) - Bound exponent to [-18, 18] to prevent pow overflow (M-3) - Cap future timestamps to 60s tolerance (M-2) - Enforce time-delta range [60s, 7200s] (M-1) - Remove dead zero-price branch in check-confidence - Add named constants MAXIMUM_TIME_DELTA, FUTURE_TIMESTAMP_TOLERANCE linear-kinked-ir-v1: - Guard utilization-calc division by zero on total-assets (H-2) - Guard elapsed-block-time underflow with saturation to u0 (H-10) linear-kinked-ir-utility: - Same division-by-zero and elapsed-time underflow guards (L-32) liquidator-v1: - Unconditionally reject zero repay amount (H-1 defense-in-depth) tests: - Add pyth-adapter oracle hardening tests (price, exponent, timestamp, time-delta) - Add utilization zero-total-assets test - Fix pyth test helpers to use simnet-aligned timestamps - Update all test files for time-delta max of 7200 - Add price refreshes for long-running test scenarios 207/207 tests pass. No state-v1 modifications.
…H-4, H-5) H-3: Move accrue-interest before convert-to-staked-lp-tokens in stake() so new stakers use a fresh exchange rate. H-4: Move accrue-interest before convert-to-lp-tokens in initiate-unstake() so unstakers get the correct LP token amount. H-5: Remove check-staking-enabled from finalize-unstake() so users with pending withdrawals can finalize even when staking is disabled or wiped out. Add staking-wiped-out guard to skip unfinalized-withdrawals subtraction when the slash has already zeroed the counters (prevents arithmetic underflow).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
stake()— movedaccrue-interestbeforeconvert-to-staked-lp-tokensso new stakers use a fresh exchange rate instead of a stale one.initiate-unstake()— movedaccrue-interestbeforeconvert-to-lp-tokens/convert-to-withdrawal-sharesso unstakers get the correct LP token amount.finalize-unstake()— removedcheck-staking-enabledgate so users with pending withdrawals can always finalize, even when staking is disabled or wiped out. Addedstaking-wiped-outguard to skipunfinalized-withdrawalssubtraction when the slash has already zeroed the counters (prevents arithmetic underflow)