Root cause: PRICE_STABILITY_INTERVAL (300s) was too long relative to
MIN_RECENTER_INTERVAL (60s). After any significant trade moving the tick
>1000 positions, the 5-minute TWAP lagged behind the current price by
hundreds of ticks, exceeding MAX_TICK_DEVIATION (50). Recenter reverted
with "price deviated from oracle" for ~285s — creating a window where
the LM could not reposition and adversary parasitic LP could extract
value from passive holders.
Fix: Reduce PRICE_STABILITY_INTERVAL from 300s to 30s. This ensures
TWAP converges within the 60s cooldown while still preventing same-block
manipulation (30s > ~12s Ethereum mainnet block time).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add SecurityInfo component displayed after LiveStats on the landing page:
- Unaudited badge with planned Q3 2026 audit date
- KRAIKEN Token and Stake contract addresses with copy-to-clipboard buttons
- BaseScan and source code links
- Responsive layout for mobile viewports
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Evidence file: change result to PENDING (not INCREASED) with delta_bps 0,
since this is a registration placeholder, not a measured run
- Attack file: add missing unstake for position 6 so all staking positions
are cleaned up
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implement the attack catalogue loop (step 5a) in red-team.sh that was
previously a forward spec in the formula. The loop replays every *.jsonl
attack file through AttackRunner.s.sol with snapshot revert between files,
records LM total ETH before/after each attack, and injects results into
the adversarial agent prompt so it knows which strategies are already
catalogued.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add defence-in-depth assert statements in recenter()'s catch block to
verify bear-mode constants (CI=0, AS=30%, AW=100, DD=0.3e18) satisfy
the same bounds the try-path clamps to (MAX_PARAM_SCALE, MAX_ANCHOR_WIDTH).
Add test verifying bear defaults are within clamping bounds and that the
catch path deploys all three positions (floor, anchor, discovery).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add CANDIDATE env var support to bootstrap-light.sh. When set to a
.push3 file path, the script:
1. Invokes push3-transpiler to regenerate OptimizerV3Push3.sol
2. Extracts the function body into OptimizerV3Push3Lib.sol
3. Deploys contracts normally via DeployLocal.sol
4. Deploys OptimizerV3 and upgrades the UUPS proxy via upgradeTo()
Also updates formulas/run-red-team.toml to reflect the implementation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add <= 1e18 upper-bound check for all 8 input slots in the validation
loops of both Optimizer.calculateParams() and OptimizerV3Push3Lib.calculateParams().
Previously only slot 0 (percentageStaked) had an overflow guard —
slots 1-7 (averageTaxRate and future indicators) could silently accept
values > 1e18, violating the documented [0, 1e18] invariant.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Planner needs to know HOW to use resources, not just that they exist.
Adds action dispatch instructions, lists all available formulas, and
documents the port 8545 constraint for concurrent formula runs.
Supports disinto #544 (planner formula dispatch awareness).
Add SCHEMA.md documenting the JSONL attack file format with all operation
definitions, field types, and the burn_lp tokenId convention divergence
between AttackRunner (.positionIndex) and FitnessEvaluator (.tokenId).
Add schema-version header comments to all existing attack files and teach
both consumers to skip comment lines starting with //.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Make burn_lp ops fork-block-independent by using a 1-based positionIndex
(resolved at runtime from prior mint_lp ops) instead of hardcoded NFT
tokenIds. Mirrors the existing pattern used by unstake/_stakedPositionIds.
Also log a warning when burn_lp encounters zero liquidity instead of
silently becoming a no-op.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add infrastructure.weth to deployments-local.json output in both
bootstrap-common.sh (write_deployments_json) and bootstrap-light.sh,
so non-Base local forks get the correct WETH address from the
deployment file instead of silently falling back to the Base hardcode.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prerequisite tree seeded from VISION.md milestones with current issue state.
Top 3 constraints: contract safety (#1031/#997/#1067), OptimizerV3 tests (#1054),
evolution commits via PR (#1047).
RESOURCES.md lists evolution box, Codeberg accounts, CI, and RPC access.
Part of disinto #502 (planner v2).
Add `_hasRecenterTick` boolean guard to decouple bootstrap detection from
VWAP volume tracking. Before this fix, the bootstrap condition relied solely
on `cumulativeVolume == 0`, which made `lastRecenterTick==0` ambiguous:
it could mean "never recentered" or "previous recenter landed at tick 0
(price = 1.0 token ratio)".
The new guard ensures the direction comparison in the else-branch only
runs after a recenter has explicitly set `lastRecenterTick`, eliminating
the tick-0 ambiguity. Belt-and-suspenders: both `!_hasRecenterTick` and
`cumulativeVolume == 0` trigger bootstrap.
Tests added:
- test_hasRecenterTickGuardPreventsTick0Ambiguity
- test_vwapFrozenDuringBuyOnlyAfterSellRecenter
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add table-driven Foundry tests for OptimizerV3.calculateParams covering:
- Bear regime at 0%, 1%, 50%, 91% staking (all tax rates)
- Bull/bear boundary at 92% with tax index transitions
- Bull/bear at 95% with penalty=50 exact boundary
- EffIdx shift behavior at 96% (taxIdx 13→14 discontinuity)
- Bull at 97% with max tax, 100% always bull
- Edge cases: all-zero inputs, zero tax at high staking
- Mantissa overflow guard
- Unused slots ignored
- Fuzz: no reverts, output always exactly bear or bull
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Review feedback: d.get('fitness_flags') without a default preserves the
null vs absent distinction mandated by the manifest schema (string | null).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two changes in evolve.sh pool-admission code:
1. Include `fitness_flags` from evaluator JSONL in the manifest entry dict
for newly admitted candidates (~line 866-874). Previously the field was
omitted, so downstream `effective_fitness()` could never zero-rate a new
candidate.
2. Use `effective_fitness(entry)` when appending new candidates to the
evolved ranking list (~line 907), so ZERO_RATED_FLAGS defence applies
at first admission — not only when re-ranking existing entries.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
