feat: soteria action (#105)

sol-mocha · web-flow · commit baa78d8ad2ac · 2022-05-28T17:16:50.000Z
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -79,3 +79,35 @@ jobs:
       - run: anchor test
       - run: cargo fmt -- --check
       - run: yarn run prettier --c ./
+  
+  audit:
+    runs-on: ubuntu-latest
+    needs: [build-cli-deps]
+    steps:
+      - id: cache-cli-deps
+        uses: actions/cache@v2
+        with:
+          key: $${{ env.cli-id }}
+          path: |
+            ~/.local/share/solana
+            ~/.cargo
+            ~/.rustup
+            ~/.cargo/bin/anchor
+
+      - run: echo "PATH=$HOME/.local/share/solana/install/active_release/bin:$HOME/.cargo/bin:$PATH" >> $GITHUB_ENV
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+
+      - name: Check-out the repository
+        uses: actions/checkout@v2
+
+      - name: Soteria Audit
+        continue-on-error: false          
+        uses: silas-x/soteria-action@main
+        with:                             
+          solana-version: "1.10.5"        
+          run-mode: "-analyzeAll"         
+          cargo-com: "."                  
+          program-path: "programs/dca-vault" 
diff --git a/Cargo.toml b/Cargo.toml
@@ -2,3 +2,12 @@
 members = [
     "programs/*"
 ]
+
+[profile.dev]
+overflow-checks = true
+[profile.release]
+overflow-checks = true
+[profile.test]
+overflow-checks = true
+[profile.bench]
+overflow-checks = true
diff --git a/programs/dca-vault/src/instructions/deposit.rs b/programs/dca-vault/src/instructions/deposit.rs
@@ -41,7 +41,7 @@ pub struct Deposit<'info> {
         constraint = {
             params.dca_cycles > 0 &&
             vault_period_end.period_id > 0 &&
-            vault_period_end.period_id == vault.last_dca_period + params.dca_cycles
+            vault_period_end.period_id == vault.last_dca_period.checked_add(params.dca_cycles).unwrap()
         }
     )]
     pub vault_period_end: Box<Account<'info, VaultPeriod>>,
diff --git a/programs/dca-vault/src/state/vault.rs b/programs/dca-vault/src/state/vault.rs
@@ -58,7 +58,10 @@ impl<'info> Vault {
     }
 
     pub fn increase_drip_amount(&mut self, extra_drip: u64) {
-        self.drip_amount += extra_drip;
+        self.drip_amount = self
+            .drip_amount
+            .checked_add(extra_drip)
+            .expect("overflow drip amount");
     }
 
     pub fn decrease_drip_amount(&mut self, position_drip: u64) {
diff --git a/programs/dca-vault/src/state/vault_period.rs b/programs/dca-vault/src/state/vault_period.rs
@@ -35,11 +35,11 @@ impl VaultPeriod {
     }
 
     pub fn increase_drip_amount_to_reduce(&mut self, extra_drip: u64) {
-        self.dar += extra_drip;
+        self.dar = self.dar.checked_add(extra_drip).expect("dar overflow");
     }
 
     pub fn decrease_drip_amount_to_reduce(&mut self, position_drip: u64) {
-        self.dar = self.dar.checked_sub(position_drip).unwrap();
+        self.dar = self.dar.checked_sub(position_drip).expect("dar underflow");
     }
 
     pub fn update_twap(

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ pub struct Deposit<'info> {`
`41`	`41`	`constraint = {`
`42`	`42`	`params.dca_cycles > 0 &&`
`43`	`43`	`vault_period_end.period_id > 0 &&`
`44`		`- vault_period_end.period_id == vault.last_dca_period + params.dca_cycles`
	`44`	`+ vault_period_end.period_id == vault.last_dca_period.checked_add(params.dca_cycles).unwrap()`
`45`	`45`	`}`
`46`	`46`	`)]`
`47`	`47`	`pub vault_period_end: Box<Account<'info, VaultPeriod>>,`
Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,10 @@ impl<'info> Vault {`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`pub fn increase_drip_amount(&mut self, extra_drip: u64) {`
`61`		`- self.drip_amount += extra_drip;`
	`61`	`+ self.drip_amount = self`
	`62`	`+ .drip_amount`
	`63`	`+ .checked_add(extra_drip)`
	`64`	`+ .expect("overflow drip amount");`
`62`	`65`	`}`
`63`	`66`
`64`	`67`	`pub fn decrease_drip_amount(&mut self, position_drip: u64) {`
Original file line number	Diff line number	Diff line change
`@@ -35,11 +35,11 @@ impl VaultPeriod {`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`pub fn increase_drip_amount_to_reduce(&mut self, extra_drip: u64) {`
`38`		`- self.dar += extra_drip;`
	`38`	`+ self.dar = self.dar.checked_add(extra_drip).expect("dar overflow");`
`39`	`39`	`}`
`40`	`40`
`41`	`41`	`pub fn decrease_drip_amount_to_reduce(&mut self, position_drip: u64) {`
`42`		`- self.dar = self.dar.checked_sub(position_drip).unwrap();`
	`42`	`+ self.dar = self.dar.checked_sub(position_drip).expect("dar underflow");`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`pub fn update_twap(`