Enable async withdrawals on superOETHb #2275
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #2275 +/- ##
==========================================
+ Coverage 53.26% 53.47% +0.20%
==========================================
Files 79 79
Lines 4089 4090 +1
Branches 1074 1079 +5
==========================================
+ Hits 2178 2187 +9
+ Misses 1908 1900 -8
Partials 3 3 ☔ View full report in Codecov by Sentry. |
shahthepro
requested review from
sparrowDom,
DanielVF and
clement-ux
as code owners
| @@ -287,12 +288,16 @@ contract OETHVaultCore is VaultCore { | |||
| internal | |||
| returns (uint256 amount) | |||
| { | |||
| // Note: When `withdrawalClaimDelay` is set to 0, users can | |||
There was a problem hiding this comment.
I think we will want to eventualy change the request.timestamp to become an end stamp rather than a start time stamp.
The current code has three awkward things:
- If we change the claim duration, it retroactively changes the end date of inflight requests.
- If we disable async claims by setting it to zero, it actually allows instant claims of all inflight claims.
- If someone wrapped the governance execute() of a zero set, then they could flash loan a mint and a redeem in the same block.
However, our current upgrade on OETH will be atomically setting a value for this in the upgrade, and we don't have to use the zero value for now.
Given that the current zero value is dangerous, how about we also have the require nonzero in the claim? In this way we never accidentally give someone the ability to flashloan an 1:1 mint/redeem. We could then remove it at some future date once we've changed the code to make it safe.
There was a problem hiding this comment.
I looked at changing request.timestamp to the end time. Looks like there's no space in the WithdrawRequest to fit in the same slot now. If we reuse the existing var on that struct, someone can still wrap our governance execute() and do a flash loan attack. So, yeah, leaving that aside for sometime later makes sense. When we do that change, perhaps we could consider disabling the async withdrawals first (go through governance and execute it) and then doing the upgrade would help avoid the flash loan attacks.
For now, I have changed _claimWithdrawal to revert when it's disabled as well.
However, our current upgrade on OETH will be atomically setting a value for this in the upgrade, and we don't have to use the zero value for now.
This may not be true. We have a deployment file for Base. Not for mainnet. I have excluded that file intentionally since we have other changes to the Vault happening soon (rebasification). I can set a reminder to update the deployment file in those PRs to reset the withdrawalClaimDelay to 10 minutes (current value)
There was a problem hiding this comment.
Agree on disabling withdraws right before the upgrade.
Changes Overview
CLAIM_DELAYconstant in favour of awithdrawalClaimDelayvariablewithdrawalClaimDelayhas an hardcoded limit of 10m to 7d (to avoid accidentally or intentionally setting a huge withdrawal claim period)withdrawalClaimDelaycan be set to zero to disable async withdrawals. This will prevent users from making any new withdrawal requests. However, they'd be able to claim any pending withdrawals instantly after disabling itCode Change Checklist
To be completed before internal review begins:
Internal review: