sync with BGD-main

Certora · May 5, 2024 · f2729fa · f2729fa
2 parents 1fbf919 + a4f5f40
commit f2729fa
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -7,6 +7,7 @@ update:; forge update
 
 # Build & test
 test   :; forge test -vvv --no-match-contract DeploymentsGasLimits
+test-contract :; forge test --match-contract ${filter} -vvv
 test-watch   :; forge test --watch -vvv --no-match-contract DeploymentsGasLimits
 coverage :; forge coverage --report lcov && \
 	lcov --remove ./lcov.info -o ./lcov.info.p \
@@ -34,4 +35,4 @@ coverage :; forge coverage --report lcov && \
 download :; cast etherscan-source --chain ${chain} -d src/etherscan/${chain}_${address} ${address}
 git-diff :
 	@mkdir -p diffs
-	@printf '%s\n%s\n%s\n' "\`\`\`diff" "$$(git diff --no-index --diff-algorithm=patience --ignore-space-at-eol ${before} ${after})" "\`\`\`" > diffs/${out}.md
+	@printf '%s\n%s\n%s\n' "\`\`\`diff" "$$(git diff --no-index --diff-algorithm=patience --ignore-space-at-eol ${before} ${after})" "\`\`\`" > diffs/${out}.md
diff --git a/README.md b/README.md
@@ -81,7 +81,7 @@ The following are the security procedures historically applied to Aave v3.X vers
 **-> Aave v3.1 - April 2024**
 
 - [Certora](./audits/30-04-2024_Certora_AaveV3.1.pdf)
-- [MixBytes](./) TBA
+- [MixBytes](./audits/02-05-2024_MixBytes_AaveV3.1.pdf)
 - An internal review by [SterMi](https://twitter.com/stermi) on the virtual accounting feature was conducted on an initial phase of the codebase.
 - Additionally, Certora properties have been improved over time since the Aave v3 release. More details [HERE](./certora/README.md).
 

diff --git a/audits/02-05-2024_MixBytes_AaveV3.1.pdf b/audits/02-05-2024_MixBytes_AaveV3.1.pdf
diff --git a/docs/Aave-v3.1-features.md b/docs/Aave-v3.1-features.md
@@ -28,7 +28,12 @@ This new feature doesn’t create any incompatibility with Aave v3 integrations,
 
 Given its implications and criticality, virtual accounting can be considered the major feature of Aave 3.1.
 
-_Important_. Virtual balance doesn't fix the imprecision caused by other components of the protocol, its objective is to add stricter validations, reducing any type of vector to the minimum.
+**Misc considerations & acknowledged limitations**
+
+- Virtual balance doesn't fix the imprecision caused by other components of the protocol, its objective is to add stricter validations, reducing any type of attack vector to the minimum.
+- An extra "soft" protection has been added on borrowing actions (flash loan and borrow): the amount borrowed of underlying should not be higher than the aToken supply. The idea behind is to add more defenses on inflation scenarios, even if we are aware total protection is not achieved (e.g. against certain edge iteration vectors).
+  Not using `accruedToTreasury` in the calculation is intentional.
+- The addition of virtual accounting can create a situation over time that more liquidity will be available in the aToken contract than what the the virtual balance allows to withdraw/borrow. This is intended by design.
 
 <br>
 

diff --git a/tests/template/BaseTest.t.sol b/tests/template/BaseTest.t.sol
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity ^0.8.0;
+
+import {TestnetProcedures, IERC20, IAToken} from '../utils/TestnetProcedures.sol';
+
+// Base test to setup the initial config: deploying the protocol contracts and setting them up locally on foundry
+// command to test: make test-contract filter=BaseTest
+contract BaseTest is TestnetProcedures {
+  function setUp() public {
+    // this method deploys all the protocol contract and does the inital setup.
+    // -> the deployed contracts could be accessed via the ContractsReport struct internal variable `contracts`. Ex `contracts.poolProxy`
+    // -> the assets listed could be accessed via the TokenList struct internal variable `tokenList`
+    // -> the internal variable `poolAdmin` has the poolAdmin role of the protocol and holds all the admin access.
+    initTestEnvironment();
+
+    // initL2TestEnvironment(); -> deploys the protocol contracts as on an L2 (ex. we deploy L2Pool instead of Pool)
+    // initTestEnvironment(true); -> mints the listed assets to users: alice, bob, carol (can be accessed by the same variable name)
+  }
+
+  // add your code below
+  function test_default() public {
+    uint256 supplyAmount = 0.2e8;
+    uint256 underlyingBalanceBefore = IERC20(tokenList.wbtc).balanceOf(alice);
+    (address aWBTC, , ) = contracts.protocolDataProvider.getReserveTokensAddresses(tokenList.wbtc);
+
+    vm.prank(alice);
+    contracts.poolProxy.supply(tokenList.wbtc, supplyAmount, alice, 0);
+
+    assertEq(IERC20(tokenList.wbtc).balanceOf(alice), underlyingBalanceBefore - supplyAmount);
+    assertEq(IAToken(aWBTC).scaledBalanceOf(alice), supplyAmount);
+  }
+}