v10 RC5 Sherlock 2
v0.10.0 Release Candidate 5
Audit fixes
PROTOTECH
- PROTOTECH-12 (Pool): cap deposit fee rate at 10% (Fixed-Point-Solutions/prototech-ajna-audit#12)
- PROTOTECH-17 (Pool) : rounding of repayment amount (Fixed-Point-Solutions/prototech-ajna-audit#17)
- PROTOTECH-14 (Pool): multiply t0debt with inflator when calculating meaningful deposit (Fixed-Point-Solutions/prototech-ajna-audit#14)
- PROTOTECH-19 (Pool): enforcing claimable collateral dust limit (Fixed-Point-Solutions/prototech-ajna-audit#19)
- PROTOTECH-57 (Pool): Collateral Can Be Extracted Without Redeeming LP (Fixed-Point-Solutions/prototech-ajna-audit#57)
- PROTOTECH-46 (Pool): Unsafe casts in KickerActions (Fixed-Point-Solutions/prototech-ajna-audit#46)
- PROTOTECH-39 (Pool): Pools round against themselves and in favor of borrower (Fixed-Point-Solutions/prototech-ajna-audit#39)
- PROTOTECH-42 (Pool): Rounding In Favor of the Interacting User Is Dangerous (Fixed-Point-Solutions/prototech-ajna-audit#42)
- PROTOTECH-14 (Pool): use mulDiv to allow higher debt in pool when calculating LUP (Fixed-Point-Solutions/prototech-ajna-audit#14)
- PROTOTECH-49 (Pool Factories): Revert nicely if no decimals() method exists (Fixed-Point-Solutions/prototech-ajna-audit#49)
- PROTOTECH-20 (Pool): New Borrower Debt overcounted with < 18 decimal Quote Tokens (Fixed-Point-Solutions/prototech-ajna-audit#20)
- PROTOTECH-45 (Pool): Revert after instead of on expiry_ (Fixed-Point-Solutions/prototech-ajna-audit#45)
CODEARENA
- CODEARENA-8 (RewardsManager): no pool validation allows rewards to be drained (code-423n4/2023-05-ajna-findings#8)
- CODEARENA-100 (RewardsManager): remove moveStakedLiquidity (code-423n4/2023-05-ajna-findings#100)
- CODEARENA-231 (RewardsManager): add
emergencyUnstakefunction (code-423n4/2023-05-ajna-findings#231) - CODEARENA-227 (RewardsManager): LP > max uint128 are silently lost when staking (code-423n4/2023-05-ajna-findings#227)
- CODEARENA-494,179 (PositionManager): moveLiquidity to bucket deposit time and LP fix (code-423n4/2023-05-ajna-findings#494 code-423n4/2023-05-ajna-findings#179)
- CODEARENA-394 (RewardsManager): bucket update reward calculation accuracy loss (code-423n4/2023-05-ajna-findings#394)
- CODEARENA-367 (RewardsManager): precision loss when calculating new rewards (code-423n4/2023-05-ajna-findings#367)
- CODEARENA-503 (RewardsManager): revert if not all LP moved, delete from memorialized positions (code-423n4/2023-05-ajna-findings#503)
- CODEARENA-440 (RewardsManager): check rewards cap > rewards claimed in epoch (code-423n4/2023-05-ajna-findings#440)
- CODEARENA-132 (RewardsManager): Prevent Multiple Reward Claims in a single epoch (code-423n4/2023-05-ajna-findings#132)
- CODEARENA-161 (PositionManager): Nft svg encoding (code-423n4/2023-05-ajna-findings#161)
- CODEARENA-145,147 (PositionManager): PermitERC721 EIP-4494 compliance (code-423n4/2023-05-ajna-findings#145 code-423n4/2023-05-ajna-findings#147)
- CODEARENA-196 (PositionManager): lock NFT transfer for 1 hour since last position change (code-423n4/2023-05-ajna-findings#196)
Bug fixes
- Bug Fix (Pool): auction bonds and reserves auctioned are not guaranteed by the pool balance
- Bug Fix (Pool): kicked reserves should not use guaranteed funds (kicked reserves + auction bond escrowed)
- Bug Fix (Pool): kick fails on calculating bonds for unsettled auctions with 0 collateral and bad debt
- Bug Fix (Pool): rounding invariant failures in kickWithDeposit
Improvements
- ERC721PoolFactory: Change tokenIdsAllowed to return true if non-subset pool
- Update solc to 0.8.18
- PROTOTECH-31 (PositionManager): ERC721 is inherited multiple times in PositionManager (Fixed-Point-Solutions/prototech-ajna-audit#31)
- RewardsManager: Loss of rewards due to underfunded contract
- PROTOTECH-34: Informational Non-security Code Changes/Recommendations (Fixed-Point-Solutions/prototech-ajna-audit#34)
- PROTOTECH-59: consider declaring RAY constant directly (Fixed-Point-Solutions/prototech-ajna-audit#59)
- Pool factories: Simplify Collection Pool Deployment
- Update params in Position manager external functions from struct params to distinct params inputs
- Various gas improvements
Full changelog: v0.10.0-rc4...v0.10.0-rc5