FEE_DEST is now a keccak-derived address with zero ETH balance.
anvil_impersonateAccount succeeds but cast send fails on gas deduction.
Add anvil_setBalance before impersonation, matching the same fix
already applied in red-team.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
DeployLocal.sol changed feeDest to keccak256('harb.local.feeDest') =
0x8A9145E1Ea4C4d7FB08cF1011c8ac1F0e10F9383 but bootstrap-common.sh
still had the old address 0xf6a3eef9088A255c32b6aD2025f83E57291D9011.
Mismatch caused setRecenterAccess to revert (impersonating wrong address).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Single-cycle attack extracts 21.3 ETH (2.13%) from 1000 ETH LM:
buy 31.9 ETH → recenter → sell all KRK
Key finding: thin pre-recenter positions allow massive price impact,
recenter rebuilds deep positions at manipulated price, sell through
deep positions recovers most ETH. IL crystallized during recenter.
This is the optimal single-buy amount — 31.95+ hits max tick,
<31 ETH extracts proportionally less.
Eliminates Codeberg git clone rate limiting. The mirror at
/git-mirrors/harb.git (synced every 2 min) provides objects locally,
so the clone step only fetches deltas from Codeberg.
Volume mounted via WOODPECKER_BACKEND_DOCKER_VOLUMES.
- Fix run_NNN scan regex: r'run(\d+)' → r'run_(\d+)' so it correctly
matches the underscore-separated directory names the script creates
(previously always resolved to 001, overwriting the same dir each run)
- Remove [in-progress] tag from STATE.md entry for #752
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- --output now accepts a base dir (default: evolved/) instead of requiring
an explicit path each run
- On each invocation, scan base dir for existing run_NNN/ subdirectories,
find the highest N, and create run_(N+1)/ for this run's outputs
- All generation JSONL files, best.push3, diff.txt, and evolution.log are
written to the new run dir — previous runs are never overwritten
- Log header now shows both Base dir and Output (run dir) for clarity
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- DeployBase.sol: remove broken inline second recenter() (would always
revert with 'recenter cooldown' in same Forge broadcast); replace with
operator instructions to run the new BootstrapVWAPPhase2.s.sol script
at least 60 s after deployment
- BootstrapVWAPPhase2.s.sol: new script for the second VWAP bootstrap
recenter on Base mainnet deployments
- StrategyExecutor.sol: update stale docstring that still described the
removed recenterAccess bypass; reflect permissionless model with vm.warp
- TestBase.sol: remove vestigial recenterCaller parameter from all four
setupEnvironment* functions (parameter was silently ignored after
setRecenterAccess was removed); update all callers across six test files
- bootstrap-common.sh: fix misleading retry recenter in
seed_application_state() — add evm_increaseTime 61 before evm_mine so
the recenter cooldown actually clears and the retry can succeed
All 210 tests pass.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
red-team.sh called bare `sudo docker compose up/down` which applies
env_reset and drops FORK_URL before anvil-entrypoint.sh can read it.
Change both calls to `sudo -E` so the caller's FORK_URL override is
propagated to docker-compose and into the anvil container.
Update ENVIRONMENT.md to reflect that a plain `FORK_URL=... bash
red-team.sh` invocation now works correctly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix factual error: bootstrap deploys KRAIKEN protocol contracts and uses
the existing V3 Factory; it does not re-deploy Uniswap V3 infrastructure
- Fix count/characterisation: intro now says "two network contexts" (dev
Anvil + backtesting tools) and clarifies FitnessEvaluator uses revm
in-process, not Anvil
- Fix sudo env-stripping hazard: replace bare `export FORK_URL` instruction
with `FORK_URL=... sudo -E bash red-team.sh` so the variable is not
silently dropped by sudo
- Nit: add --match-test testBatchEvaluate to the FitnessEvaluator example
to match the test file's own documented usage
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Clarify that the dev Anvil defaults to Base Sepolia but can be overridden
with FORK_URL (confirmed from containers/anvil-entrypoint.sh)
- Add "Network Contexts" section distinguishing three distinct Anvil usages:
1. Dev stack Anvil (docker-compose): Base Sepolia by default
2. red-team.sh: requires FORK_URL=mainnet because it uses Base mainnet
periphery addresses (V3_FACTORY, SwapRouter02, NPM)
3. FitnessEvaluator.t.sol: independent mainnet fork via BASE_RPC_URL,
unrelated to the docker-compose stack
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add inline Basescan URL comment identifying V3_FACTORY as the Uniswap V3
Factory on Base mainnet, consistent with the existing comment style used
for NPM_ADDR in both files.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move the orphaned NatSpec block (originally for calculateParams) from
above getLiquidityParams to directly precede calculateParams, and give
getLiquidityParams only its own @inheritdoc block.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Optimizer: add `is IOptimizer` and mark getLiquidityParams() with
`override`, making the interface conformance explicit at the base level.
OptimizerV3 inherits it transitively via Optimizer.
- OptimizerV3Push3: add `is IOptimizer` and implement getLiquidityParams()
that calls calculateParams() with zeroed inputs, returning bear-mode
defaults (ci=0, anchorShare=0.3e18, anchorWidth=100, discoveryDepth=0.3e18).
Behaviour is identical to the previous try/catch fallback used by
LiquidityManager and the backtesting deployer.
- Update backtesting comments to reflect that getLiquidityParams() now
exists on OptimizerV3Push3 (returns bear defaults via zeroed inputs).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace 0x27F971cb582BF9E50F397e4d29a5C7A34f11faA2 (Base Sepolia
NonfungiblePositionManager) with the correct Base mainnet address
0x03a520B32c04bf3beef7BEb72E919cF822Ed34F3 in all four files that
referenced it, and add an inline comment citing the chain and source.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
recenterAccess() was removed from LiquidityManager in this PR.
The old tests called recenterAccess() (selector 0xdef51130) which now
reverts, causing both recenter tests to fail.
Update tests to match the new public recenter() behavior:
- Test 1: verify any address may call recenter() without "access denied"
- Test 2: same caller pattern, guard errors are still acceptable
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add fitness_flags="token_value_inflation" to evo_run004_champion in
manifest.jsonl so callers can detect the inflated value without
discarding the entry entirely.
- Add effective_fitness() helper in evolve.sh pool admission (step 5)
that returns 0 for any entry with a token_value_inflation flag,
preventing inflated scores from biasing the top-100 evolved pool
ranking or eviction decisions.
- Document in evolve.sh that raw fitness values are only comparable
within the same evaluation run.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
