Fix Velo Oracle Review v3#156
Conversation
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 899a4e6c9d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
899a4e6 to
8fb8043
Compare
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8fb804377b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
8fb8043 to
112d81a
Compare
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 112d81a98a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| // Bound the LP price by the current value of the trusted side actually present in the pool. | ||
| if (token0Feed != address(0)) { | ||
| uint256 cap = 2 * FixedPointMathLib.mulDivDownFullPrecision(_reserve0, _price0, _totalSupply); |
There was a problem hiding this comment.
Avoid committing spot-reserve caps into delayed prices
In single-feed pools this cap uses the pool's instantaneous getReserves() balance, so an attacker can swap most of the Chainlink-fed token out for one block, call the delayed oracle update path, and then reverse the swap; the low cap is stored as the next delayed feed and can become the SAFE-facing collateral price after the delay even though the reserve rotation was transient. This reintroduces a spot-manipulation path for the exact single-feed collateral case this oracle supports; consider deriving the cap from the same observation window or otherwise preventing one-block reserve rotations from being committed.
Useful? React with 👍 / 👎.
112d81a to
5db0681
Compare
|
@codex review |
|
Codex Review: Didn't find any major issues. Breezy! Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Harden PessimisticVeloSingleOracle and Velo vault relayers against stale pessimistic pricing, sequencer/TWAP invalidity, vault PPS donation effects, fee-exclusive ERC4626 conversion, reserve overflow, and single-feed pricing precision issues. Fixes: H-01, H-02, H-06, M-02, M-06, M-11, M-12, L-01, L-03, L-05, L-06, L-07, L-08, L-09, L-10, L-11, L-14 Accepted: H-03, M-04 residual formula bias, M-09, L-02
5db0681 to
2fe2df3
Compare
Fixes:
H-06 - Volatile single-feed Velo clamp returns valid stale-high collateral prices
M-06 - Stale pessimistic operator observations can overvalue LP collateral
M-11 - Single-feed volatile LP oracle mixes stale TWAP prices with current reserves
L-14 - Stable-pool peg check ignores cross-feed timestamp skew