New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
manuallyFixAccounting changes #2034
Conversation
…strategist manuallyFixAccounting calls doAccounting to check the fuse is still not blown Removed accountingGovernor
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work. Looks good, the one thing that I'd like to increase is the deltas that the strategist can manipulate.
) external onlyStrategist whenPaused { | ||
require( | ||
_validatorsDelta >= -1 && | ||
_validatorsDelta <= 1 && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the -1 -> 1 accepted validator delta and -32 -> 32 accepted consensus delta could be constants so that it is easier to configure these values if/when we want.
Also if these ranges are not able to fix the accounting we need to re-deploy the contract via OUSD governance (slow process) to introduce larger deltas. I think we should be comfortable changing up to 3 or even 5 validators (and 332 or 532 ETH in consensus rewards) without being worried that such transaction could rug anyone or produce so much rewards for the attacker (controlling the strategist) to somehow damage the protocol.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I'll update to 2 and 332
accountingValid = _doAccounting(); | ||
} | ||
|
||
function _doAccounting() internal returns (bool accountingValid) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know this works for now, I am slightly worried that we will in future forget that internal _doAccounting needs to be in whenNotPaused
context when doing the accounting and in whenPaused
context when manually correcting the accounting.
What if we introduce a bool property to the internal _doAccounting
function and be explicit whether a _pause()
call should be made depending on who the caller of the transaction is. Smth like:
function _doAccounting(bool callPause) internal...
...
// pause and fail the accounting
if (callPause) {
_pause();
}
// fail the accounting
return false;
....
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
using a pauseOnFail
param also saves as storage slot read. I'll make the change
Increased the allowed delta values of manuallyFixAccounting
…icka/fix-accounting
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
…icka/fix-accounting
Contract changes
manuallyFixAccounting
now uses delta valuesmanuallyFixAccounting
callsdoAccounting
to check the fuse is still not blownaccountingGovernor
as the Strategist now callsmanuallyFixAccounting