-
Notifications
You must be signed in to change notification settings - Fork 504
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Middleware protect #152
Open
Jun1on
wants to merge
54
commits into
middleware-remove
Choose a base branch
from
middleware-protect
base: middleware-remove
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Middleware protect #152
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* map recipient * tests for use cases * gas tests
* allow batching sig based approvals through p2 forwarder * forwarder tests * fix imports * add multicall tests * pr comments * use contracts selector
* Take portion with test * fuzz bips lib * another test * nits
* map exactIn amount to open delta * Tests * generalised settle * remove console log * other map functions * settle vs swap map amounts * Constants file and compiler warnings * linting * PR comment
* clean * format * with currencydeltas library * remove currencydeltas library
* compiling * compiling, gas snaps added * add unit tests for PositionConfigLibrary * subscriber tests * pr comments * use gas limit calcualtor * test return data * use solidity * comments * natspec & more tests * payable * pr comments * pr comments * inheritdoc
Co-authored-by: Sara Reynolds <snreynolds2506@gmail.com>
* clear or take * misc code comment * update naming; use delta resolver helper for clearOrTake * nits * reorder * nits
* TAKE_PAIR * getfullcredit * take pair recipient * add recipient test
* allow for nonsigners to call permit * forge fmt * test permit with multicall * make DOMAIN_SEPARATOR immutable * avoid chain fork replays * misc test cleanup * custom errors * move magic hex to a constant * unpayable permit * use OZ EIP712 * separate out UnorderedNonce into a reusable contract * move token URI to posm * add back in payable permit * fix cherry picked commits * remove public digest getter * replace range with config naming * deprecate old test: requiring permission to increase liq * pr feedback * borrow pertmi2 nonce tests for UnorderedNonce * dedicated permit and approve testing for ERC721Permit * pr feedback: operator should be broadcaster of permit calls * reorganize permit hashing and verification * refactor ERC721Permit signature verification with generic signature calldata handler * remove deprecated library * fix imports * formatting * pr feedback * optimize nonce bit flipping * discard public PERMIT_TYPEHASH * renaming * library-ify bit flipping * yall crazy for sending through the ringer * nits
* wip bubble up revert * fix formatting * simple bubble * test different error types on multicall * additional testing for external contract reverts * example core revert bubbling * testing for different lengths * cleanup * cleanup unused imports * delete stale gas * minor nits
* permit hash in assembly * fuzz test
* WOOF WOOF WOOF BARK BARK WOOF BARK * remove address(this) check * forge fmt * discard version from EIP712 * Update src/base/EIP712.sol Co-authored-by: Sara Reynolds <30504811+snreynolds@users.noreply.github.com> * natspec for delegatecall error * assembly optimization, pr nits * test to validate assembly --------- Co-authored-by: Sara Reynolds <30504811+snreynolds@users.noreply.github.com>
* take in router, plus remove safecast * nested if optimisation in posm * test of take command * lint * bring back contract balance and atspec
* rename files to avoid hardhat collisions * rename colliding files with _v4 suffix * remove unused import
* Align constants with UR * rename * another rename
* slippage params routing * tests * PR comment * exact out tests
* add liquidity view * comment
* add bytes, clean up compiliation * comments
* actions with no unlock * Test lockless posm via hooks (#266) * test hook which modifiesLiquidities in beforeSwap * test hook modifying liquidity * minor cleanups * test that hooks cannot re-enter modifyLiquidities * hook mints liquidity with modifyLiquidities * PR cmments * rename * rename * Update src/interfaces/IPositionManager.sol Co-authored-by: Sara Reynolds <30504811+snreynolds@users.noreply.github.com> * misc code comments --------- Co-authored-by: saucepoint <saucepoint@protonmail.com> Co-authored-by: saucepoint <98790946+saucepoint@users.noreply.github.com> Co-authored-by: Sara Reynolds <30504811+snreynolds@users.noreply.github.com>
* initial impl * hashing tests * setApprovalForAll override tests * reorganize ERC721Permit file * separate out tests for permit and permitForAll * tests for permitForAll * regenerate gas * add to interface * pr feedback * rename variable
* Wrap reverts thrown by subscribers * add tests * comment --------- Co-authored-by: Sara Reynolds <snreynolds2506@gmail.com>
* move tokenURI * reorder operations, fix mock * inheritdoc, fix compiler warnings
* use v4-core latest * use custom revert
* add mint position event * merge main
* provide delta info to subscibers * notifyModifyLiquidity parameters provided correctly * do not provide liquidity delta to subscribers
* restore permissioning on increase * fix comment * fix code comments
* update amount checks * take test after increase * make natspec better, comments --------- Co-authored-by: Alice Henshaw <henshawalice@gmail.com>
* Remove contract balance swap input * combine take and swap helpers * remove swap helper function
* move sub unsub * use struct * pass in bytes to setConfigId * ...
Jun1on
force-pushed
the
middleware-protect
branch
from
August 15, 2024 17:04
7e8c50c
to
5eec68a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related Issue
A malicious hook could perform the following actions that are deemed unsafe for the user:
beforeSwap: frontrun the user / remove liquidity
beforeAddLiquidity: cause the ratio of the two tokens owed to the pool to be different than expected by swapping to different price
deltas: steal funds from the user on swap, add liquidity, remove liquidity
dynamic fee: steal funds from the user on swap
unsafe remove functions have already been discussed in middleware-remove
Description of changes
This PR implements the MiddlewareProtect middleware, which protects the typical user from all malicious hook actions. This contract inherits MiddlewareRemove, so it already implements removeLiquidity protections.
beforeSwap: quotes the delta of a swap
afterSwap: checks the actual deltas. if different, revert.
beforeAddLiquidity: revert if the price is changed.
block deltas entirely.
block dynamic fee entirely.