Skip to content

Fix Velo Oracle Review v3#156

Merged
piesrtasty merged 1 commit into
devfrom
codex/pessimistic-velo-oracle-audit-fixes
Jun 24, 2026
Merged

Fix Velo Oracle Review v3#156
piesrtasty merged 1 commit into
devfrom
codex/pessimistic-velo-oracle-audit-fixes

Conversation

@piesrtasty

@piesrtasty piesrtasty commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Fixes:

H-06 - Volatile single-feed Velo clamp returns valid stale-high collateral prices

M-06 - Stale pessimistic operator observations can overvalue LP collateral

M-11 - Single-feed volatile LP oracle mixes stale TWAP prices with current reserves

L-14 - Stable-pool peg check ignores cross-feed timestamp skew

@piesrtasty piesrtasty changed the title [codex] fix pessimistic Velo oracle audit findings Fix Velo oracle audit findings Jun 19, 2026
@piesrtasty piesrtasty changed the title Fix Velo oracle audit findings Fix Velo Oracle Review v3 Jun 19, 2026
@piesrtasty piesrtasty marked this pull request as ready for review June 19, 2026 01:02
@piesrtasty

Copy link
Copy Markdown
Contributor Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 899a4e6c9d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/contracts/oracles/PessimisticVeloSingleOracle.sol
@piesrtasty piesrtasty force-pushed the codex/pessimistic-velo-oracle-audit-fixes branch from 899a4e6 to 8fb8043 Compare June 19, 2026 01:14
@piesrtasty

Copy link
Copy Markdown
Contributor Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8fb804377b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/contracts/oracles/PessimisticVeloSingleOracle.sol Outdated
@piesrtasty piesrtasty force-pushed the codex/pessimistic-velo-oracle-audit-fixes branch from 8fb8043 to 112d81a Compare June 19, 2026 01:33
@piesrtasty

Copy link
Copy Markdown
Contributor Author

@codex review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 112d81a98a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".


// Bound the LP price by the current value of the trusted side actually present in the pool.
if (token0Feed != address(0)) {
uint256 cap = 2 * FixedPointMathLib.mulDivDownFullPrecision(_reserve0, _price0, _totalSupply);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Avoid committing spot-reserve caps into delayed prices

In single-feed pools this cap uses the pool's instantaneous getReserves() balance, so an attacker can swap most of the Chainlink-fed token out for one block, call the delayed oracle update path, and then reverse the swap; the low cap is stored as the next delayed feed and can become the SAFE-facing collateral price after the delay even though the reserve rotation was transient. This reintroduces a spot-manipulation path for the exact single-feed collateral case this oracle supports; consider deriving the cap from the same observation window or otherwise preventing one-block reserve rotations from being committed.

Useful? React with 👍 / 👎.

@piesrtasty piesrtasty force-pushed the codex/pessimistic-velo-oracle-audit-fixes branch from 112d81a to 5db0681 Compare June 19, 2026 02:27
@piesrtasty

Copy link
Copy Markdown
Contributor Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Breezy!

Reviewed commit: 5db068110b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Harden PessimisticVeloSingleOracle and Velo vault relayers against stale pessimistic pricing, sequencer/TWAP invalidity, vault PPS donation effects, fee-exclusive ERC4626 conversion, reserve overflow, and single-feed pricing precision issues.

Fixes: H-01, H-02, H-06, M-02, M-06, M-11, M-12, L-01, L-03, L-05, L-06, L-07, L-08, L-09, L-10, L-11, L-14

Accepted: H-03, M-04 residual formula bias, M-09, L-02
@piesrtasty piesrtasty force-pushed the codex/pessimistic-velo-oracle-audit-fixes branch from 5db0681 to 2fe2df3 Compare June 23, 2026 02:28
@piesrtasty piesrtasty merged commit b069712 into dev Jun 24, 2026
1 of 2 checks passed
@piesrtasty piesrtasty deleted the codex/pessimistic-velo-oracle-audit-fixes branch June 24, 2026 01:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant