Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vault security improvements #5440

Merged
merged 6 commits into from
May 27, 2022
Merged

vault security improvements #5440

merged 6 commits into from
May 27, 2022

Conversation

turadg
Copy link
Member

@turadg turadg commented May 26, 2022
edited
Loading

Description

Follow ups to #5393 (comment)

Security Considerations

Improvements

Documentation Considerations

--

Testing Considerations

No changes.

turadg
turadg commented May 26, 2022
View reviewed changes
packages/run-protocol/src/vaultFactory/liquidation.js
@@ -86,7 +67,15 @@ const liquidate = async (
]);
// NB: all the proceeds from AMM sale are on the vault seat instead of a staging seat

const { shortfall, overage } = discrepancy(debt, proceeds.RUN);
const [overage, shortfall] = AmountMath.isGTE(debt, proceeds.RUN)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure this is better. read better before, imho.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

either way is OK to me.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might have gone with

  const short = AmountMath.isGTE(debt, proceeds.RUN);
  const overage = short
    ? AmountMath.makeEmptyFromAmount(debt)
    : AmountMath.subtract(proceeds.RUN, debt);
  const shortfall = short
    ? AmountMath.subtract(debt, proceeds.RUN)
    : AmountMath.makeEmptyFromAmount(debt);

I'm not a fan of the trinary assigning two values

turadg
turadg commented May 26, 2022
View reviewed changes
packages/run-protocol/src/vaultFactory/vaultManager.js Outdated
@@ -255,7 +255,16 @@ const helperBehavior = {
},
updateTime,
);
partialAssign(state, stateUpdates);

// specify keys defensively
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

another way is,

state.compoundedInterest = stateUpdates.compoundedInterest;

(x3)

opinions @dtribble ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While use of partialAssign with the 3 explicit fields addresses the risk that changes in the interest computation might change something else, assignments to the individual fields are even more clear which parts of the state can be affected; no need for the reader to check the partialAssign function.

@turadg turadg marked this pull request as ready for review May 27, 2022 13:53
@turadg turadg requested a review from dtribble as a code owner May 27, 2022 13:53
@turadg turadg requested review from Chris-Hibbert and dckc May 27, 2022 13:57
@turadg turadg force-pushed the ta/security-tweaks branch from 575ab2a to 66fffd9 Compare May 27, 2022 14:50
@dckc
Copy link
Member

dckc commented May 27, 2022
edited
Loading

The PR title here buries the lede considerably. Please change it to something like:

  • fix: whole vault state was vulnerable to interest computation

well, I suppose it's not an observable bug fix. So...

  • refactor: avoid vault state vulnerability to interest computation

@turadg
Copy link
Member Author

turadg commented May 27, 2022
edited
Loading

Yeah, not a fix. Does your request to change the PR title have to do with the commit history or something else?

I'll be landing this as a merge commit so it's this commit that will appear in the history: refactor(interest): specify keys defensively
Do you want me to rename that commit?

EDIT: I did while amending it:
refactor(interest): eschew partialAssign which made state vulnerable to interest result

turadg added 6 commits May 27, 2022 08:57
@turadg
refactor(interest): eschew partialAssign which made state vulnerable …
692773b 
…to interest result
@turadg
don't use partialAssign in contract state
b34e98d
@turadg
refactor: inline shortfall/overage calculation
9a35d3c
@turadg
test: stop spamming Ava test info output
109145e 
after:
```
  gov-collateral › assets are in AMM, Vaults

    ℹ && task was past its deadline when scheduled: 0 &&
    ℹ @@ schedule task for:86400, currently: 0 @@
    ℹ && task was past its deadline when scheduled: 0 &&
    ℹ @@ schedule task for:3600, currently: 0 @@
    ℹ addAsset {
        denom: 'ibc/abc123',
        issuer: '[object Alleged: ibc/abc123 issuer]',
        keyword: 'ibc/abc123',
      }

  Rejected promise returned by test. Reason:

  Error {
    message: 'Must first setReserveDepositFacet',
  }
```

before:
```

  gov-collateral › assets are in AMM, Vaults

    ℹ chainTimerService: new Promise
    ℹ zoe: new Promise
    ℹ feeMintAccess: new Promise
    ℹ agoricNames: new Promise
    ℹ agoricNamesAdmin: new Promise
    ℹ chainTimerService settled; remaining: [
        'agoricNames',
        'agoricNamesAdmin',
        'feeMintAccess',
        'zoe',
      ]
    ℹ zoe settled; remaining: [
        'agoricNames',
        'agoricNamesAdmin',
        'feeMintAccess',
      ]
    ℹ feeMintAccess settled; remaining: [
        'agoricNames',
        'agoricNamesAdmin',
      ]
    ℹ agoricNames settled; remaining: [
        'agoricNamesAdmin',
      ]
    ℹ agoricNamesAdmin settled; remaining: []
    ℹ loadVat: new Promise
    ℹ restoreBundleID: new Promise
    ℹ board: new Promise
    ℹ loadVat settled; remaining: [
        'board',
        'restoreBundleID',
      ]
    ℹ restoreBundleID settled; remaining: [
        'board',
      ]
    ℹ bridgeManager: new Promise
    ℹ bankManager: new Promise
    ℹ initialSupply: new Promise
    ℹ bldIssuerKit: new Promise
    ℹ client: new Promise
    ℹ clientCreator: new Promise
    ℹ coreEvalBridgeHandler: new Promise
    ℹ bridgeManager settled; remaining: [
        'bankManager',
        'bldIssuerKit',
        'board',
        'client',
        'clientCreator',
        'coreEvalBridgeHandler',
        'initialSupply',
      ]
    ℹ bankManager settled; remaining: [
        'bldIssuerKit',
        'board',
        'client',
        'clientCreator',
        'coreEvalBridgeHandler',
        'initialSupply',
      ]
    ℹ clientCreator settled; remaining: [
        'bldIssuerKit',
        'board',
        'client',
        'coreEvalBridgeHandler',
        'initialSupply',
      ]
    ℹ client settled; remaining: [
        'bldIssuerKit',
        'board',
        'coreEvalBridgeHandler',
        'initialSupply',
      ]
    ℹ namesByAddress: new Promise
    ℹ namesByAddressAdmin: new Promise
    ℹ coreEvalBridgeHandler settled; remaining: [
        'bldIssuerKit',
        'board',
        'initialSupply',
        'namesByAddress',
        'namesByAddressAdmin',
      ]
    ℹ namesByAddress settled; remaining: [
        'bldIssuerKit',
        'board',
        'initialSupply',
        'namesByAddressAdmin',
      ]
    ℹ namesByAddressAdmin settled; remaining: [
        'bldIssuerKit',
        'board',
        'initialSupply',
      ]
    ℹ initialSupply settled; remaining: [
        'bldIssuerKit',
        'board',
      ]
    ℹ board settled; remaining: [
        'bldIssuerKit',
      ]
    ℹ bldIssuerKit settled; remaining: []
    ℹ priceAuthorityVat: new Promise
    ℹ priceAuthority: new Promise
    ℹ priceAuthorityAdmin: new Promise
    ℹ priceAuthority settled; remaining: [
        'priceAuthorityAdmin',
        'priceAuthorityVat',
      ]
    ℹ priceAuthorityAdmin settled; remaining: [
        'priceAuthorityVat',
      ]
    ℹ priceAuthorityVat settled; remaining: []
    ℹ vaultFactoryCreator: new Promise
    ℹ economicCommitteeCreatorFacet: new Promise
    ℹ ammCreatorFacet: new Promise
    ℹ ammGovernorCreatorFacet: new Promise
    ℹ reserveCreatorFacet: new Promise
    ℹ reserveGovernorCreatorFacet: new Promise
    ℹ reservePublicFacet: new Promise
    ℹ lienBridge: new Promise
    ℹ runStakeCreatorFacet: new Promise
    ℹ runStakeGovernorCreatorFacet: new Promise
    ℹ vaultFactoryGovernorCreator: new Promise
    ℹ vaultFactoryVoteCreator: new Promise
    ℹ economicCommitteeCreatorFacet settled; remaining: [
        'ammCreatorFacet',
        'ammGovernorCreatorFacet',
        'lienBridge',
        'reserveCreatorFacet',
        'reserveGovernorCreatorFacet',
        'reservePublicFacet',
        'runStakeCreatorFacet',
        'runStakeGovernorCreatorFacet',
        'vaultFactoryCreator',
        'vaultFactoryGovernorCreator',
        'vaultFactoryVoteCreator',
      ]
    ℹ && task was past its deadline when scheduled: 0 &&
    ℹ @@ schedule task for:86400, currently: 0 @@
    ℹ runStakeGovernorCreatorFacet settled; remaining: [
        'ammCreatorFacet',
        'ammGovernorCreatorFacet',
        'lienBridge',
        'reserveCreatorFacet',
        'reserveGovernorCreatorFacet',
        'reservePublicFacet',
        'runStakeCreatorFacet',
        'vaultFactoryCreator',
        'vaultFactoryGovernorCreator',
        'vaultFactoryVoteCreator',
      ]
    ℹ runStakeCreatorFacet settled; remaining: [
        'ammCreatorFacet',
        'ammGovernorCreatorFacet',
        'lienBridge',
        'reserveCreatorFacet',
        'reserveGovernorCreatorFacet',
        'reservePublicFacet',
        'vaultFactoryCreator',
        'vaultFactoryGovernorCreator',
        'vaultFactoryVoteCreator',
      ]
    ℹ ammGovernorCreatorFacet settled; remaining: [
        'ammCreatorFacet',
        'lienBridge',
        'reserveCreatorFacet',
        'reserveGovernorCreatorFacet',
        'reservePublicFacet',
        'vaultFactoryCreator',
        'vaultFactoryGovernorCreator',
        'vaultFactoryVoteCreator',
      ]
    ℹ ammCreatorFacet settled; remaining: [
        'lienBridge',
        'reserveCreatorFacet',
        'reserveGovernorCreatorFacet',
        'reservePublicFacet',
        'vaultFactoryCreator',
        'vaultFactoryGovernorCreator',
        'vaultFactoryVoteCreator',
      ]
    ℹ reserveGovernorCreatorFacet settled; remaining: [
        'lienBridge',
        'reserveCreatorFacet',
        'reservePublicFacet',
        'vaultFactoryCreator',
        'vaultFactoryGovernorCreator',
        'vaultFactoryVoteCreator',
      ]
    ℹ reserveCreatorFacet settled; remaining: [
        'lienBridge',
        'reservePublicFacet',
        'vaultFactoryCreator',
        'vaultFactoryGovernorCreator',
        'vaultFactoryVoteCreator',
      ]
    ℹ reservePublicFacet settled; remaining: [
        'lienBridge',
        'vaultFactoryCreator',
        'vaultFactoryGovernorCreator',
        'vaultFactoryVoteCreator',
      ]
    ℹ vaultFactoryCreator settled; remaining: [
        'lienBridge',
        'vaultFactoryGovernorCreator',
        'vaultFactoryVoteCreator',
      ]
    ℹ vaultFactoryGovernorCreator settled; remaining: [
        'lienBridge',
        'vaultFactoryVoteCreator',
      ]
    ℹ vaultFactoryVoteCreator settled; remaining: [
        'lienBridge',
      ]
    ℹ && task was past its deadline when scheduled: 0 &&
    ℹ @@ schedule task for:3600, currently: 0 @@
    ℹ addAsset {
        denom: 'ibc/abc123',
        issuer: '[object Alleged: ibc/abc123 issuer]',
        keyword: 'ibc/abc123',
      }

  Rejected promise returned by test. Reason:

  Error {
    message: 'Must first setReserveDepositFacet',
  }
```
@turadg
chore: logging cleanup
2a808fa
@turadg
chore: type fixes
848148c
@turadg turadg force-pushed the ta/security-tweaks branch from 66fffd9 to 848148c Compare May 27, 2022 15:58
@turadg turadg added the automerge:no-update (expert!) Automatically merge without updates label May 27, 2022
dckc
dckc approved these changes May 27, 2022
View reviewed changes
Copy link
Member

@dckc dckc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good.

packages/run-protocol/src/vaultFactory/liquidation.js
@@ -86,7 +67,15 @@ const liquidate = async (
]);
// NB: all the proceeds from AMM sale are on the vault seat instead of a staging seat

const { shortfall, overage } = discrepancy(debt, proceeds.RUN);
const [overage, shortfall] = AmountMath.isGTE(debt, proceeds.RUN)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

either way is OK to me.

@mergify mergify bot merged commit 9cb480c into master May 27, 2022
@mergify mergify bot deleted the ta/security-tweaks branch May 27, 2022 17:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dckc dckc dckc approved these changes

@dtribble dtribble Awaiting requested review from dtribble

@Chris-Hibbert Chris-Hibbert Awaiting requested review from Chris-Hibbert

Assignees
No one assigned
Labels
automerge:no-update (expert!) Automatically merge without updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@turadg @dckc @Chris-Hibbert