Fuse fixed accounting #10
Conversation
This reverts commit a35a047.
This reverts commit 36b83a2.
must set runs to 0 to compile
This reverts commit 21e9d21.
…al/compound-protocol into fuse-fixed-accounting
|
Something to check before we merge this: need to make sure that there is now way to game the protocol / exploit something during the upgrade, ie between the first and second transactions. |
you could deploy a contract that does all calls atomically |
Flashbots would also work. Yea. |
Hmm, I wouldn't risk it with flashbots as the block can be uncled and then txs are in mempool. It is very rare but I have seen frontruns on txs sent to flashbots due to this issue. |
Actually a great point |
You can use uncle protection to prevent this. You can do a |
by first and 2nd transactions you mean the 1st and 2nd upgrades? They'll be executed atomically through fuseAdmin's callPool(arbitrary logic) anyway so I don't think this'll be an issue. Also don't see how anything could be gamed but maybe I'm missing something. |
| describe("CEtherDelegateTempExploitAccounting", function () { | ||
| it("Should merge the attacker's supply and borrow balances", async function () { | ||
| // Enable using 0 gas price | ||
| await hre.network.provider.send("hardhat_setNextBlockBaseFeePerGas", ["0x0"]); |
There was a problem hiding this comment.
This should be done in a before hook, not in the test itself
| require(accrueInterest() == uint(Error.NO_ERROR), "!accrue"); | ||
|
|
||
| // Get secondary accounts from data | ||
| (address[] memory secondaryAccounts) = abi.decode(data, (address[])); |
There was a problem hiding this comment.
Please ignore my previous comment.
Just a heads up: yarn lint currently throws on this line - not sure why exactly.
No description provided.