Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: check supply queue size #237

Merged
merged 6 commits into from
Oct 20, 2023
Merged

fix: check supply queue size #237

merged 6 commits into from
Oct 20, 2023

Conversation

Jean-Grimal
Copy link
Contributor

Fixes #217

I wondered if it deserved a natspec comment (on why we bound the size of the supply queue), but since the error (which is MaxQueueSizeExceeded) is already very explicit, I thought it wasn't worth it.

wdyt ?

MerlinEgalite
MerlinEgalite approved these changes Oct 19, 2023
View reviewed changes
Copy link
Contributor

@MerlinEgalite MerlinEgalite left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to me it's enough

QGarchery
QGarchery previously requested changes Oct 19, 2023
View reviewed changes
Copy link
Contributor

@QGarchery QGarchery left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just thought about this but actually this isn't enough to ensure that the supply queue does not go above the max size. This is because the _setCap also pushes an element to the queue. Should we also revert in this case ? Or should we remove that feature from _setCap ?

@MerlinEgalite
Copy link
Contributor

Just thought about this but actually this isn't enough to ensure that the supply queue does not go above the max size. This is because the _setCap also pushes an element to the queue. Should we also revert in this case ? Or should we remove that feature from _setCap ?

Are you sure? We're checking that the withdrawQueue length is not greater than MAX_QUEUE_SIZE. And to me the supplyQueue is a subset of withdrawQueue.

@MerlinEgalite
Copy link
Contributor

Could be a good invariant btw

@QGarchery
Copy link
Contributor

QGarchery commented Oct 20, 2023
edited
Loading

Are you sure? We're checking that the withdrawQueue length is not greater than MAX_QUEUE_SIZE. And to me the supplyQueue is a subset of withdrawQueue.

Yes I think so, here is a counter-example:

  1. Suppose there is only one market with non-zero cap at the start, call it M1.
    So supplyQueue = [M1], same as withdrawQueue.
  2. Then an allocator changes the supply queue to be of max size:
    supplyQueue = [M1, M1, ..., M1] and we still have withdrawQueue = [M1].
  3. Now another market gets whitelisted, call it M2.
    So we get withdrawQueue = [M1, M2], which is ok because it's less than the max size. But we also have supplyQueue = [M1, M1, ..., M1, M2] which is bigger than the max size

@MerlinEgalite
Copy link
Contributor

Oh yes you can have duplicates in supplyQueue that's unfortunate... So we should enforce it for both I think in _setCap

@Jean-Grimal
Copy link
Contributor Author

Jean-Grimal commented Oct 20, 2023
edited
Loading

I'm not sure we should do it for both. IMO we shouldn't revert when enabling a market only because there is duplicates in the supply queue, although MAX_QUEUE_SIZE hasn't been reached for withdraw queue.

Maybe we should just also forbid duplicates in the supply queue. What is the gas cost of doing so ?

@QGarchery
Copy link
Contributor

I'm not sure we should do it for both. IMO we shouldn't revert when enabling a market only because there is duplicates in the supply queue, although MAX_QUEUE_SIZE hasn't been reached for withdraw queue.

I disagree with omitting the check in _setCap: the purpose is to ensure that allocators cannot grief deposits. So either do both checks to ensure that, or do no check and trust allocators.

Maybe we should just also forbid duplicates in the supply queue.

I believe this is still not enough for this issue, because the supply queue can contain markets that were previously enabled but have now been removed from the withdraw queue

@MerlinEgalite
Copy link
Contributor

MerlinEgalite commented Oct 20, 2023
edited
Loading

Can we update this branch with the second check?

@MerlinEgalite MerlinEgalite merged commit 2f8dec5 into main Oct 20, 2023
5 of 6 checks passed
@MerlinEgalite MerlinEgalite deleted the fix/bound-supply-queue-size branch October 20, 2023 18:09
This was referenced Oct 23, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MerlinEgalite MerlinEgalite MerlinEgalite approved these changes

@Rubilmax Rubilmax Awaiting requested review from Rubilmax

@QGarchery QGarchery Awaiting requested review from QGarchery

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[protocol review] Supply queue size may exceed the max allowed size
4 participants
@Jean-Grimal @MerlinEgalite @QGarchery @Rubilmax