Market Reserve Automation #456
Conversation
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
…nto feat/market-reserve-automation
Signed-off-by: Elliot <[email protected]>
Market Reserve Automation
🚨 Report Summary
For more details view the full report in OpenZeppelin Code Inspector |
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
…om deployment scripts Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
…ng and sale periods
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
… cycles and making purchases in each Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
…nto feat/market-reserve-automation
Signed-off-by: Elliot <[email protected]>
Signed-off-by: Elliot <[email protected]>
| .InitParams({ | ||
| recipientAddress: holdingDeposit, | ||
| wellToken: xWellProxy, | ||
| reserveAsset: _addresses.getAddress(underlyingName), |
There was a problem hiding this comment.
This can be replaced with mToken.getUnderlying(), making the file more generic so we can reuse it for future deployments to other chains
There was a problem hiding this comment.
sure those changes can be made, but Halborn won't be auditing the deployment script anyway so it's fine to leave as is for the Base deployment.
There was a problem hiding this comment.
based on the current repo folder structure I believe it's makes more sense to keep this file inside /script and rename to DeployReserveAutomation
There was a problem hiding this comment.
chainink oracle, market and underlying address names could be placed in a json config file so we could easily deploy the reserve automation to any chain
|
|
||
| /// @notice array of mToken names to deploy automation for | ||
| function _getMTokens() internal pure returns (string[] memory) { | ||
| string[] memory tokens = new string[](12); |
There was a problem hiding this comment.
I would prefer to make the token list an argument for the deploy and validate functions, so we can reuse it to deploy on other chains
There was a problem hiding this comment.
we should differentiate between what is a nice to have vs what is a must have for this audit. since they won't be reviewing deployment scripts this should be non blocking.
Signed-off-by: Elliot <[email protected]>
| } | ||
|
|
||
| /// normalize decimals up to 18 if reserve asset has less than 18 decimals | ||
| if (reserveAssetDecimals != 18) { |
There was a problem hiding this comment.
as we have checks to make sure this is never > 18 we could do < instead
| if (reserveAssetDecimals != 18) { | |
| if (reserveAssetDecimals < 18) { |
There was a problem hiding this comment.
are you going to remediate this?
|
|
||
| /// if the reserve asset has non 18 decimals, shrink down the amount of | ||
| /// reserve asset received to the actual amount | ||
| if (reserveAssetDecimals != 18) { |
There was a problem hiding this comment.
as we have checks to make sure this is never > 18 we could do < instead
| if (reserveAssetDecimals != 18) { | |
| if (reserveAssetDecimals < 18) { |
There was a problem hiding this comment.
are you going to remediate this?
src/market/ReserveAutomation.sol
Outdated
| , | ||
| uint80 answeredInRound | ||
| ) = AggregatorV3Interface(oracleAddress).latestRoundData(); | ||
| bool valid = price > 0 && answeredInRound >= roundId; |
There was a problem hiding this comment.
maybe also checks that updatedAt != 0
There was a problem hiding this comment.
I think Gautlet is going to report this if we don't add the check
src/market/ReserveAutomation.sol
Outdated
| if ( | ||
| startPeriodTimestampCachedChainlinkPrice[startTime].wellPrice == 0 | ||
| ) { | ||
| (int256 wellPrice, ) = getPriceAndDecimals(wellChainlinkFeed); | ||
| startPeriodTimestampCachedChainlinkPrice[startTime] | ||
| .wellPrice = wellPrice; | ||
|
|
||
| (int256 reservePrice, ) = getPriceAndDecimals(reserveChainlinkFeed); | ||
| startPeriodTimestampCachedChainlinkPrice[startTime] | ||
| .reservePrice = reservePrice; | ||
| } | ||
|
|
There was a problem hiding this comment.
if we move this above line 534 amountOut = getAmountReservesOut(amountWellIn); we don't need to call (int256 price, uint8 decimals) = getPriceAndDecimals(oracleAddress); in the getNormalizedFunction as we will be sure there is a cached price
There was a problem hiding this comment.
nice optimization
add MWethDelegatorOwner
Signed-off-by: Elliot <[email protected]>
|
| address oracleAddress, | ||
| int256 cachedPrice | ||
| ) internal view returns (uint256 normalizedPrice) { | ||
| (int256 price, uint8 decimals) = getPriceAndDecimals(oracleAddress); |
There was a problem hiding this comment.
| (int256 price, uint8 decimals) = getPriceAndDecimals(oracleAddress); |
| } | ||
|
|
||
| /// normalize decimals up to 18 if reserve asset has less than 18 decimals | ||
| if (reserveAssetDecimals != 18) { |
There was a problem hiding this comment.
are you going to remediate this?
|
|
||
| /// if the reserve asset has non 18 decimals, shrink down the amount of | ||
| /// reserve asset received to the actual amount | ||
| if (reserveAssetDecimals != 18) { |
There was a problem hiding this comment.
are you going to remediate this?
No description provided.