johba/harb
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
1095 commits 5 branches 1 tag 10 MiB
Commit graph

6 commits

Author SHA1 Message Date
openhands
0dd764b8b3 fix: fix: Restore proper VWAP — gas-efficient volume-weighted pricing (revert TWAP) (#603) 
- Replace pool.observe() TWAP price source with current pool tick (pool.slot0()) sampled once per recenter
- Remove _getTWAPOrFallback() and TWAPFallback event (added by PR #575)
- _scrapePositions now takes int24 currentTick instead of uint256 prevTimestamp; price computed via _priceAtTick before the burn loop
- Volume weighting (ethFee * 100) is unchanged — fees proxy swap volume over the recenter interval
- Direction fix from #566 (shouldRecordVWAP only on sell events) is preserved
- Remove test_twapReflectsAveragePriceNotJustLastSwap (tested reverted TWAP behaviour)
- ORACLE_CARDINALITY / increaseObservationCardinalityNext retained for _isPriceStable()
- All 188 tests pass

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-12 08:50:07 +00:00
openhands
53c14745cb fix: Replace anchor-midpoint VWAP with pool.observe() TWAP oracle (#575) 
- Add lastRecenterTimestamp to track recenter interval for TWAP
- Increase pool observation cardinality to 100 in constructor
- In _scrapePositions, use pool.observe([elapsed, 0]) to get TWAP tick
  over the full interval between recenters; falls back to anchor midpoint
  when elapsed==0 or pool.observe() reverts (insufficient history)
- Add test_twapReflectsAveragePriceNotJustLastSwap: verifies TWAP-based
  VWAP reflects the average price across the recenter interval, not just
  the last-swap anchor snapshot

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-11 08:17:49 +00:00
openhands
85350caf52 feat: OptimizerV3 with direct 2D staking-to-LP parameter mapping 
Core protocol changes for launch readiness:

- OptimizerV3: binary bear/bull mapping from (staking%, avgTax) — avoids
  exploitable AW 30-90 kill zone. Bear: AS=30%, AW=100, CI=0, DD=0.3e18.
  Bull: AS=100%, AW=20, CI=0, DD=1e18. UUPS upgradeable with __gap[48].
- Directional VWAP: only records prices on ETH inflow (buys), preventing
  sell-side dilution of price memory
- Floor formula: unified max(scarcity, mirror, clamp) — VWAP mirror uses
  distance from adjusted VWAP as floor distance, no branching
- PriceOracle (M-1 fix): correct fallback TWAP divisor (60000s, not 300s)
- Access control (M-2 fix): deployer-only guard on one-time setters
- Recenter rate limit (M-3 fix): 60-second cooldown for open recenters
- Safe fallback params: recenter() optimizer-failure defaults changed from
  exploitable CI=50%/AW=50 to safe bear-mode CI=0/AW=100
- Recentered event for monitoring and indexing
- VERSION bump to 2, kraiken-lib COMPATIBLE_CONTRACT_VERSIONS updated

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-13 18:21:18 +00:00
johba
d7c2184ccf Add Solidity linting with solhint, Foundry formatter, and pre-commit hooks (#51) 
## Changes

### Configuration
- Added .solhint.json with recommended rules + custom config
  - 160 char line length (warn)
  - Double quotes enforcement (error)
  - Explicit visibility required (error)
  - Console statements allowed (scripts/tests need them)
  - Gas optimization warnings enabled
  - Ignores test/helpers/, lib/, out/, cache/, broadcast/

- Added foundry.toml [fmt] section
  - 160 char line length
  - 4-space tabs
  - Double quotes
  - Thousands separators for numbers
  - Sort imports enabled

- Added .lintstagedrc.json for pre-commit auto-fix
  - Runs solhint --fix on .sol files
  - Runs forge fmt on .sol files

- Added husky pre-commit hook via lint-staged

### NPM Scripts
- lint:sol - run solhint
- lint:sol:fix - auto-fix solhint issues
- format:sol - format with forge fmt
- format:sol:check - check formatting
- lint / lint:fix - combined commands

### Code Changes
- Added explicit visibility modifiers (internal) to constants in scripts and tests
- Fixed quote style in DeployLocal.sol
- All Solidity files formatted with forge fmt

## Verification
-  forge fmt --check passes
-  No solhint errors (warnings only)
-  forge build succeeds
-  forge test passes (107/107)

resolves #44

Co-authored-by: johba <johba@harb.eth>
Reviewed-on: https://codeberg.org/johba/harb/pulls/51
 2025-10-04 15:17:09 +02:00
johba
01471b7037 more docs 2025-08-18 00:16:09 +02:00
giteadmin
8de3865c6f fix: extract VWAP logic and fix critical dormant whale vulnerability 
- Extract VWAP tracking logic into reusable VWAPTracker contract
- Fix critical compression bug that erased historical price memory
- Replace dangerous 10^35x compression with limited 1000x max compression
- Add comprehensive dormant whale protection testing
- Preserve "eternal memory" to prevent manipulation by patient whales
- Add double-overflow analysis showing 1000x limit is mathematically safe
- Maintain backwards compatibility with existing LiquidityManager

Security Impact:
- Prevents dormant whale attacks where traders accumulate early then exploit
  compressed historical data to extract value at inflated prices
- VWAP now maintains historical significance even after compression
- Floor position calculations remain anchored to true price history

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-07-08 10:31:41 +02:00