Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue 160 test auction underflow #173

Merged
merged 2 commits into from
Dec 27, 2023
Merged

Issue 160 test auction underflow #173

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f9e1b9b
Tests: added auction underflow panic test
markuspluna Dec 21, 2023
7ce666b
added additional tests and documentation
markuspluna Dec 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ debug-assertions = true

[profile.release]
opt-level = "z"
overflow-checks = true
overflow-checks = true # DEV: Do not remove this check - doing so will create vulnerabilities
debug = 0
strip = "symbols"
debug-assertions = false
Expand Down
13 changes: 11 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ This repository contains the smart contacts for an implementation of the Blend P
## Documentation

To learn more about the Blend Protocol, visit the docs:
* [Blend Docs](https://docs.blend.capital/)

- [Blend Docs](https://docs.blend.capital/)

## Audits

Expand All @@ -30,13 +31,21 @@ make test
The `make` command creates an optimized and un-optimized set of WASM contracts. It's recommended to use the optimized version if deploying to a network.

These can be found at the path:

```
target/wasm32-unknown-unknown/optimized
```

For help with deployment to a network, please visit the [Blend Utils](https://github.com/blend-capital/blend-utils) repo.

## Contributing

Notes for contributors:

- Under no circumstances should the "overflow-checks" flag be removed otherwise contract math will become unsafe

## Community Links

A set of links for various things in the community. Please submit a pull request if you would like a link included.

* [Blend Discord](https://discord.com/invite/a6CDBQQcjW)
- [Blend Discord](https://discord.com/invite/a6CDBQQcjW)
100 changes: 100 additions & 0 deletions test-suites/tests/test_overflow_flag.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
#![cfg(test)]
use pool::Request;
use soroban_sdk::{testutils::Address as AddressTestTrait, vec, Address, Vec};
use test_suites::{
create_fixture_with_data,
test_fixture::{TokenIndex, SCALAR_7},
};

#[test]
#[should_panic(expected = "Error(WasmVm, InvalidAction)")]
fn test_backstop_donate_overflow_panics() {
let fixture = create_fixture_with_data(true);
let pool_fixture = &fixture.pools[0];

// Create a user
let samwise = Address::generate(&fixture.env);

fixture.tokens[TokenIndex::USDC].mint(&samwise, &(i128::MAX - 100));

// donate tokens
fixture
.backstop
.donate_usdc(&samwise, &pool_fixture.pool.address, &(i128::MAX - 100));
fixture.tokens[TokenIndex::USDC].mint(&samwise, &(500));
fixture.tokens[TokenIndex::USDC].burn(&fixture.backstop.address, &500);
fixture
.backstop
.donate_usdc(&samwise, &pool_fixture.pool.address, &201);
}

// This test ensures that an accessible underflow in the auction flow cannot be hit due to the overflow-checks flag being set
// Without this flag set, filling an auction on the same block it's started would cause an underflow
#[test]
#[should_panic(expected = "Error(WasmVm, InvalidAction)")]
fn test_auction_underflow_panics() {
let fixture = create_fixture_with_data(true);
let frodo = fixture.users.get(0).unwrap();
let pool_fixture = &fixture.pools[0];

// Create a user
let samwise = Address::generate(&fixture.env); //sam will be supplying XLM and borrowing STABLE

// Mint users tokens
fixture.tokens[TokenIndex::XLM].mint(&samwise, &(500_000 * SCALAR_7));

// Supply and borrow sam tokens
let sam_requests: Vec<Request> = vec![
&fixture.env,
Request {
request_type: 2,
address: fixture.tokens[TokenIndex::XLM].address.clone(),
amount: 6_000 * SCALAR_7,
},
Request {
request_type: 4,
address: fixture.tokens[TokenIndex::STABLE].address.clone(),
amount: 200 * 10i128.pow(6),
},
];
pool_fixture
.pool
.submit(&samwise, &samwise, &samwise, &sam_requests);

//tank xlm price
fixture.oracle.set_price_stable(&vec![
&fixture.env,
1000_0000000, // eth
1_0000000, // usdc
0_0000100, // xlm
1_0000000, // stable
]);

// liquidate user
let liq_pct = 100;
let auction_data_2 = pool_fixture
.pool
.new_liquidation_auction(&samwise, &liq_pct);

let usdc_bid_amount = auction_data_2
.bid
.get_unchecked(fixture.tokens[TokenIndex::STABLE].address.clone());

//fill user liquidation
let fill_requests = vec![
&fixture.env,
Request {
request_type: 6,
address: samwise.clone(),
amount: 1,
},
Request {
request_type: 5,
address: fixture.tokens[TokenIndex::STABLE].address.clone(),
amount: usdc_bid_amount,
},
];
pool_fixture
.pool
.submit(&frodo, &frodo, &frodo, &fill_requests);
}