fix(#319,#333): oracle quorum check + reserve tracker duplicate curre…#459
fix(#319,#333): oracle quorum check + reserve tracker duplicate curre…#459hartz0 wants to merge 2 commits into
Conversation
…ve tracker duplicate currency guard Issue Pi-Defi-world#319 — update_rate now enforces max(min_signatures, MIN_ORACLE_SOURCE_FEEDS=3) sources when sources are provided. A single-validator submission with < required feeds is rejected with InsufficientOracleSources (#7009). Zero-source bypass is preserved. Issue Pi-Defi-world#333 — add_currency checks the stored list before push and panics with DuplicateCurrency (#8008) on a duplicate, preventing double-counting of reserves. Adds get_currencies() to expose the tracked list. Also: - Resolves DataKey merge conflict: both last_verify_call (rate-limit) and currencies (dedup) are present in the struct - Adds tests for both fixes in their respective test files - Regenerates docs/ERROR_CODES.md with DuplicateCurrency = 8008
|
Warning Review limit reached
Next review available in: 56 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (5)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
The variant was referenced in assert_currency_registered() but never declared in the enum, causing a compile error whenever acbu_oracle is built. Adds the variant and its Display arm, then regenerates ERROR_CODES.md.
|
hello maintainer, please merge my pr |
closes #319
closes #333
fix(#319, #333): oracle validator quorum check + reserve tracker duplicate currency guard
Summary
Fixes two security issues reported in issues #319 and #333.
Issue #319 — Oracle median with no quorum safety net
update_rate previously allowed 1 or 2 source feeds through as long as some sources were provided, meaning a single
potentially-malicious validator could set the median with no meaningful aggregation. The check now enforces a minimum of
max(min_signatures, MIN_ORACLE_SOURCE_FEEDS=3) sources whenever sources are provided. Passing zero sources (the existing bypass path
for direct rate submission) is unchanged.
Before:
if sources.len() > 0 && sources.len() < MIN_ORACLE_SOURCE_FEEDS {
env.panic_with_error(OracleError::InsufficientOracleSources);
}
After:
if sources.len() > 0 {
let required = min_sigs.max(MIN_ORACLE_SOURCE_FEEDS);
if sources.len() < required {
env.panic_with_error(OracleError::InsufficientOracleSources);
}
}
Issue #333 — Reserve tracker add_currency allows duplicates
add_currency pushed to a Vec without checking for duplicates. A duplicated currency entry causes iteration-based reserve lookups to
count the same reserve twice, inflating the reported total. The function now iterates the stored list before pushing and panics with
DuplicateCurrency (#8008) if the currency is already present.
Changes
MIN_ORACLE_SOURCE_FEEDS enforces the larger value
both last_verify_call and currencies
Notes
This branch is based on current dev with no merge conflicts. The old branch fix/319-333-oracle-quorum-reserve-duplicate-currency had a
DataKey conflict (both dev and that branch added a field simultaneously) and an incorrect quorum check that removed the > 0 guard, which would have broken zero-source submissions.