test: integration multi staker #1136
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* feat: add share helpers * fix: add deposit scaling factor * fix: rebase
* fix: slashable window boundaries * test: regression for alm * test: update withdrawal delay not passed reversion * test: burning indices * refactor: switch conditionals * fix: added unit tests * test: assert slashable shares in queue * fix: typos --------- Co-authored-by: Yash Patil <[email protected]>
refactor small cleanup chore: `forge fmt` fix: `getQueuedWithdrawals` + test fix: add constructor back test: `totalQueued` > `withdrawal.strategies.length` test(wip): `completeQueuedWithdrawals` currently failing fix: effectBlock test(wip): @8sunyuan patch fix: one flaky test fix: second flaky test
* feat: initial deploy * feat: slashing patch
* test(wip): todos * fix: dealloc issue * fix: remaining * fix: forktest upgrade issue * test: add `check_Withdrawal_AsShares_State_AfterSlash` * refactor: cleanup * fix: ci * refactor: review changes
* docs: add slashing docs * chore: bindings * docs: fixed commenting and updated queue withdrawal docs * docs: minor cleanup --------- Co-authored-by: Nadir Akhtar <[email protected]>
* fix: correct expected share calc * chore: bindings * fix: rounding on failing unit test
* chore: clean comments and naming in dm * refactor: simplify undelegate method * feat: removed 0 address check because 0 stakers cant be delegated * feat: condensed non-staker caller logic * refactor: remove unnecessary check * feat: use checks-effects-interactions when completing withdrawals * feat: remove implicit public method for queuedWithdrawals and impl dedicated getter * feat: deprecate withdrawer field * chore: make bindings and clean compile errors * refactor: redelegate reuses delegateTo and undelegate * fix: broken integration test * docs: update to reflect deprecated field * feat: add getter for stakers withdrawal roots
* fix: initialization params * fix: roll blocks usage
* fix: integration test initialization params (#978) * fix: initialization params * fix: roll blocks usage * fix: `SignatureUtils` construction --------- Co-authored-by: Yash Patil <[email protected]> Co-authored-by: davidironblocks <[email protected]>
* fix: readd manual checks * chore: forge fmt
* feat: add step 1 * feat: step 1 & 2 complete; pending step 3 sanity * test: add `_validateProxyDomainSeparators` * feat: add rc validation --------- Co-authored-by: clandestine.eth <[email protected]>
* fix: update alloc delay bound * test: remove unnecessary roll
* docs: shares accounting * docs: fix gh markdown view * docs: try fix gh again * docs: cleanup * docs: edit share accounting * docs: wrap up share accounting doc * docs: edit edge cases --------- Co-authored-by: wadealexc <[email protected]>
* refactor: burning * chore: fmt * chore: update storage report * chore: update readme * refactor: add burnableShares for epm storage * chore: update storage report
* docs: finish delegation manager docs * docs: update docs readme * docs: permission controller * fix: small typos * docs: address feedback * docs: nit --------- Co-authored-by: Michael Sun <[email protected]>
* docs: update StrategyManager docs with slashing delta * docs: remove references to thirdPartyTransfersForbidden * docs: update strategy docs to latest * also various edits to docs and natspec * chore: fmt and make bindings --------- Co-authored-by: wadealexc <[email protected]>
* fix: ep negative shares bug * fix: comments * test: add integration tests for neg shares * chore: remove logs * chore: use already calculated delta * chore: use stable foundry release in CI
…rator (#1051) * feat: add OperatorSharesSlashed event to track shares slashed per operator * feat: add unit tests * fix: add more tests
* feat: add `getSharesFromQueuedWithdrawal` * test: passing * refactor(review): improve natspec * refactor(review): maintain original interface * test(review): add unit tests * refactor(review): test empty * refactor(review): test empty * refactor(review): remove returned `Withdrawal` * fix: use operator from `Withdrawal` * test: use operator from `Withdrawal` * chore: forge fmt
* docs: slashing factors rounding * chore: forge fmt
* docs: small slash amounts * docs: update contract docs --------- Co-authored-by: wadealexc <[email protected]>
**Motivation:** Fixes an issue where stakers delegating Beacon Chain ETH from slashed Eigen Pods were able to delegate more shares than they should. Specifically, operators now are delegated a staker's `withdrawableShares` rather than their `depositShares`. **Modifications:** - Changed accounting logic on delegation in `DelegationManger.sol` - `DepositScalingFactor` now resets when a staker withdraws all their shares, whether through undelegation, redelegation, or a simple withdrawal - Changes in `StrategyManager.sol`, `IShareManager.sol`, `SlashingLib.sol`, and `EigenPodManager.sol` to accommodate new accounting - New test files and changes to others to reflect new accounting and invariants - Updated `docs/SharesAccounting.md` **Result:** System is now robust to stakers with arbitrary EigenPod states --------- Co-authored-by: Michael <[email protected]> Co-authored-by: Michael Sun <[email protected]> Co-authored-by: wadealexc <[email protected]> Co-authored-by: Yash Patil <[email protected]> Co-authored-by: clandestine.eth <[email protected]>
**Motivation:** Audit report flagged that function selector-based permissions may break on upgrades. This PR documents the limitation and its implications while improving NatSpec for clarity. (EGSL-15) **Modifications:** - Documented function selector upgrade invalidations. - Improved NatSpec comments in `IPermissionController`. **Result:** Clearer documentation on function selector limitations and enhanced NatSpec for better code clarity.
### Changes: - *Dynamic Domain Separator:* `SignatureUtils.domainSeparator()` is now recomputed for each signature verification. This eliminates the need for storing initial values in storage or as immutables, which is important for beacon proxy support. - ~*Version Bump Command:* Introduced `make bump-version VERSION=2`, which automatically updates the version function's return values.~ - *Version Fn + Constructor Param:* Adds an immutable oz `ShortString` that's set in the constructor.
**Motivation:** Concerns about reentrancy in the DelegationManager and interactions of completed withdrawals which can call untrusted ERC20 transfers **Modifications:** Added reentrant guards across external functions **Result:** Preventing cross-function reentrancy in the DelegationManager --------- Co-authored-by: wadealexc <[email protected]>
**Motivation:** Fixes an issue arbitrary external contracts could be called via `StrategyManager.burnShares`. (Certora L-04) **Modifications:** `StrategyManager.burnShares` does not do an external call if the burnable share amount is zero **Result:** Should no longer be possible to call untrusted code directly through `burnShares`
**Motivation:** Document edge cases around BC/AVS Slashing. **Modifications:** Update docs with justification. **Result:** Clear edge case callouts.
require avs register metadata in allocation manager before they can create operatorset --------- Co-authored-by: clandestine.eth <[email protected]>
**Motivation:** Current fn only returns scaled shares, which leads integrators to making two calls. This is expensive in terms of gas. **Modifications:** - `getSharesFromQueuedWithdrawal` has been renamed to `getQueuedWithdrawalFromRoot` and now also returns `Withdrawal` struct. **Result:** Integrators can fetch both in a single call.
**Motivation:** Improve slashing invariants in integration tests **Modifications:** Adds `check_Base_Slashing_State`, and implements several checks used within **Result:** Slashing invariants check all manner of state changes in the ALM and delegation. --------- Co-authored-by: Michael <[email protected]>
**Motivation:** Naming between the `getQueuedWIthdrawal` aliases was inconsistent. **Modifications:** - ~made `queuedWithdrawals[withdrawalRoot]` mapping public.~ - renamed `queuedWithdrawals` -> `_queuedWithdrawals`. - added `_queuedWithdrawals` getter - removed previous `getQueuedWithdrawal` alias. - renamed `getQueuedWithdrawalFromRoot` to `getQueuedWithdrawal`. **Result:** Consistent function naming. --------- Co-authored-by: Yash Patil <[email protected]>
wadealexc
reviewed
Feb 20, 2025
Comment on lines
+309
to
+327
| function handleDelegatingStakers(address staker) public virtual { | ||
| // check that the current User is an operator | ||
| require( | ||
| delegationManager.isOperator(address(this)), | ||
| "User is not an operator" | ||
| ); | ||
| delegatedStakers.add(staker); | ||
| } | ||
|
|
||
| /// @dev NOTE: do NOT call this function directly. This is simply implemented to manage the | ||
| /// delegatedStakers enum set. This function is only meant to be called on the Operator User contract. | ||
| function handleUndelegatingStaker(address staker) public virtual { | ||
| // check that the current User is an operator | ||
| require( | ||
| delegationManager.isOperator(address(this)), | ||
| "User is not an operator" | ||
| ); | ||
| delegatedStakers.remove(staker); | ||
| } |
There was a problem hiding this comment.
I would call these add/remove rather than "handle"
wadealexc
reviewed
Feb 20, 2025
Comment on lines
+311
to
+314
| require( | ||
| delegationManager.isOperator(address(this)), | ||
| "User is not an operator" | ||
| ); |
There was a problem hiding this comment.
Let's leave the checks out of this. If you're failing these, you'll see failures elsewhere - so let's keep these methods as simple as possible.
wadealexc
reviewed
Feb 20, 2025
| @@ -713,6 +761,15 @@ contract User is Logger, IDelegationManagerTypes, IAllocationManagerTypes { | |||
| return activeValidators; | |||
| } | |||
|
|
|||
| function getDelegatedStakers() public view returns (User[] memory) { | |||
There was a problem hiding this comment.
function getDelegatedStakers() public view returns (User[] memory stakers) {
address[] memory _stakers = delegatedStakers.values();
assembly { stakers := _stakers }
}
wadealexc
reviewed
Feb 20, 2025
Comment on lines
+2330
to
+2331
| IStrategy[][] memory strategies, | ||
| uint[][] memory tokenBalances |
There was a problem hiding this comment.
The arrayification of integration tests is getting unwieldy. It might be time to start introducing some helper structs.
wadealexc
reviewed
Feb 20, 2025
|
|
||
| // 4. Complete withdrawal | ||
| _rollBlocksForCompleteWithdrawals(withdrawals[0]); | ||
| stakers.completeWithdrawalsAsTokens(withdrawals); |
There was a problem hiding this comment.
Hmm. The problem with this is the snapshot system is only going to capture the final staker to make this call. So if we did an invariant check after this, the Snap assertions will be using the last staker in the list.
I think it might be better to continue handling each staker individually in terms of the actions they take. After all, we want to check invariants on each, right?
ypatil12
force-pushed
the
slashing-magnitudes-fixes
branch
4 times, most recently
from
fb84edf to
44487a0
Compare
ypatil12
added
🗡️ Slashing Release
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation:
Currently integration tests mainly simulate generating a single staker delegated to an operator.
Modifications:
Added deploy functions and modified User.t.sol
Result:
Draft for writing a test with User[].
TODO: