Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: fix core contracts storage check #973

Closed
wants to merge 79 commits into from
Closed

feat: fix core contracts storage check #973

wants to merge 79 commits into from

Conversation

zugdev
Copy link
Contributor

@zugdev zugdev commented Oct 3, 2024

Resolves #972

@ubiquity-os-deployer
Copy link

ubiquity-os-deployer bot commented Oct 3, 2024
edited
Loading

github-actions bot and others added 29 commits October 3, 2024 20:49
@github-actions @zugdev
docs: auto generate NATSPEC docs
a30c5d1
@alexandr-masl @zugdev
test(UbiquityPoolFacet): add invariant tests for collateral token add…
403b670 
…ition and price feed setup
@alexandr-masl @zugdev
test(ubiquityPoolFacet): add invariant test for Ubiquity Dollar minti…
697506c 
…ng limits with fuzzing
@alexandr-masl @zugdev
test(ubiquity-pool-facet): add collateral, ceiling, redeem, and dolla…
5c84825 
…r price manipulation tests
@alexandr-masl @zugdev
test(UbiquityPoolFacetInvariantTest): add collateral price manipulati…
65ff94e 
…on and update invariant
@alexandr-masl @zugdev
test(UbiquityPoolFacetInvariantTest): delete irrelevant logs
05d34de
@alexandr-masl @zugdev
test(lib-ubiquity-pool): add conservative estimates for price and fees
266032f
@alexandr-masl @zugdev
test(pool-facet-handler): add fuzzed parameters to dollar price manip…
50e5c48 
…ulation tests
@alexandr-masl @zugdev
test(pool-facet-handler): add usd price manipulations
db88b8e
@alexandr-masl @zugdev
test(pool-facet-handler): eth/usd price manipulations
2ac6150
@alexandr-masl @zugdev
test(pool-facet-handler): add docs
c1d48b0
@alexandr-masl @zugdev
test(pool-facet-handler): deted hard params for redeemDollar
e2c67f1
@alexandr-masl @zugdev
test(pool-facet-handler): update assume statements in redeemDollar an…
10d9adf 
…d mintUbiquityDollars
@alexandr-masl @zugdev
test(pool-facet-handler): refactor the income fuzz parameters
24f71a8
@alexandr-masl @zugdev
test(pool-facet-invariant): add new invariant checks for minting and …
4219a65 
…redemption
@alexandr-masl @zugdev
test(setting-up-ci): add deep-invariant ci sttings
1639df7
@alexandr-masl @zugdev
test(ci-settings): update fuzz and invariant ci settings
a673445
@alexandr-masl @zugdev
test: add an invariant profile to the foundry configuration
fd041c4
@github-actions @zugdev
docs: auto generate NATSPEC docs
42566ca
@rndquu @zugdev
ci: update deep-invariant.yml
769cb6d
@zugdev
feat: remove newly added contracts from storage check workflow
48870cc
@obeys @zugdev
feat: add semgrep security issues scanning
1f009ad
@obeys @zugdev
fix: fix semgrep scanning issue
3edc43d
@obeys @zugdev
fix: run on push and pull request
fe083b0
@obeys @zugdev
fix: add back pull_request run
3fc7daa
@rndquu @zugdev
ci: test
3ed7466
@rndquu @zugdev
ci: test
d55d0b0
@rndquu @zugdev
ci: test
bbaf404
@rndquu @zugdev
ci: test
8edf486
zugdev and others added 25 commits October 3, 2024 20:49
@zugdev
feat: full test suite for AMO minter
143af14
@zugdev
chore: comments
14cb015
@zugdev
feat: receive Aave parameters in AaveAMO
c9eb727
@zugdev
feat: wip AaveAMO tests
261123d
@zugdev
feat: missing immutable
6ca2d57
@zugdev
feat: working AaveAMO test suite
fa04f8e
@zugdev
feat: test constructor
3398b49
@zugdev
chore: match comment style
859a0da
@zugdev
chore: change MockERC20 import path
9fa0e12
@zugdev
feat: remove unused modifier
4b89f2c
@zugdev
feat: add claim Aave rewards mechanism
98626ce
@zugdev
feat: test AMO minter constructor
548829a
@zugdev
feat: rename error msg
0a1c189
@zugdev
feat: fix rewards controller test
70b036f
@zugdev
chore: delete unused lib
676621d
@zugdev
feat: style changes
bca19da
@zugdev
chore: comments
3e85e5f
@zugdev
feat: interface natspec
e75aaf0
@zugdev
feat: implemente amo interface in Aave AMO to ensure amo standard
20d9087
@zugdev
feat: remove borrowing from AaveAmo
a290306
@zugdev
feat: adapt tests
9f69ad8
@zugdev
chore: fix AMO contracts version
d1eeaff
@zugdev
chore: specify branch in git submodules
82ddeb0
@github-actions @zugdev
docs: auto generate NATSPEC docs
5cc2841
@zugdev
feat: rollback check_storage_layou to @V3
f768506
@zugdev zugdev force-pushed the fix-core-contracts-storage-check branch from b2c1983 to f768506 Compare October 3, 2024 23:50
@zugdev
Copy link
Contributor Author

zugdev commented Oct 3, 2024
edited
Loading

this looks very ugly because of rebase, i'll do better

@zugdev zugdev closed this Oct 3, 2024
@zugdev zugdev deleted the fix-core-contracts-storage-check branch October 3, 2024 23:50
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 3, 2024
View reviewed changes
packages/contracts/src/dollar/amo/AaveAmo.sol
uint256 _value,
bytes calldata _data
) external onlyOwner returns (bool, bytes memory) {
(bool success, bytes memory result) = _to.call{value: _value}(_data);

Check failure

Code scanning / Semgrep OSS

Semgrep Finding: rules.solidity.security.arbitrary-low-level-call Error

An attacker may perform call() to an arbitrary address with controlled calldata
packages/contracts/src/dollar/core/UbiquityAmoMinter.sol
int256 collateralAmount_i256 = int256(collateralAmount);

// Update the collateral balances
collateralBorrowedBalances[msg.sender] -= collateralAmount_i256;

Check notice

Code scanning / Semgrep OSS

Semgrep Finding: rules.solidity.security.basic-arithmetic-underflow Note

Possible arithmetic underflow
packages/contracts/src/dollar/core/UbiquityAmoMinter.sol

// Update the collateral balances
collateralBorrowedBalances[msg.sender] -= collateralAmount_i256;
collateralTotalBorrowedBalance -= collateralAmount_i256;

Check notice

Code scanning / Semgrep OSS

Semgrep Finding: rules.solidity.security.basic-arithmetic-underflow Note

Possible arithmetic underflow
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rndquu rndquu Awaiting requested review from rndquu rndquu will be requested when the pull request is marked ready for review rndquu is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CI: fix check_storage_layout for new contracts
4 participants
@zugdev @alexandr-masl @rndquu @obeys