Skip to content

fix(lib): move DecimalsTooLarge guard into LibFtsoCurrentPriceUsd (#79)#188

Open
thedavidmeister wants to merge 4 commits into
mainfrom
fix/issue-79-decimals-guard-in-library
Open

fix(lib): move DecimalsTooLarge guard into LibFtsoCurrentPriceUsd (#79)#188
thedavidmeister wants to merge 4 commits into
mainfrom
fix/issue-79-decimals-guard-in-library

Conversation

@thedavidmeister

@thedavidmeister thedavidmeister commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Moves the DecimalsTooLarge guard from LibOpFtsoCurrentPriceUsd.run() into LibFtsoCurrentPriceUsd.ftsoCurrentPriceUsd(), enforcing the bound at the library trust boundary for every caller.
  • Narrows the return type from (uint256, uint256) to (uint256, uint8) — Solidity now enforces the decimals invariant at every call site.
  • Removes the now-redundant check and DecimalsTooLarge import from the op layer.

Closes #79

Test plan

  • All existing tests pass unchanged: the DecimalsTooLarge revert (tested in testRunDecimalOverflow and testRunDecimalsBoundary) is still raised with the same selector and args, just sourced from the library rather than the op.
  • No new tests needed — the behavior is identical; the structural change is that the guard fires earlier (in the library) rather than later (in the op).

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Bug Fixes

    • Improved USD price fetching by validating the fetched FTSO decimals before converting prices.
    • Prevents incorrect conversions when the returned decimal precision is outside the supported range.
    • Streamlined current USD price conversion to use a smaller, safer decimal representation.
  • Tests

    • Updated stale-price test coverage to keep decimal values within the supported range.

Any direct caller of LibFtsoCurrentPriceUsd.ftsoCurrentPriceUsd that
forgets to bound the returned decimals before feeding them to a fixed-
decimal scaler could silently mishandle a malicious FTSO. Moving the
guard to the library enforces the bound at the trust boundary for every
caller, and narrows the return type to (uint256, uint8) so Solidity
makes the invariant machine-checkable at the call site.

The op layer no longer needs its own DecimalsTooLarge check or import.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@thedavidmeister thedavidmeister self-assigned this Jun 29, 2026
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • src/generated/FlareFtsoWords.pointers.sol is excluded by !**/generated/**

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 89c6f2ad-6feb-4a59-a425-d080c6197a24

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Walkthrough

LibFtsoCurrentPriceUsd now enforces the DecimalsTooLarge bound and returns uint8 decimals. LibOpFtsoCurrentPriceUsd removes its duplicate check and import, and the stale-price test constrains fuzzed decimals to the uint8 range.

Changes

Decimals guard relocation

Layer / File(s) Summary
Library: add guard and narrow return type to uint8
src/lib/price/LibFtsoCurrentPriceUsd.sol
Imports DecimalsTooLarge, adds a decimals > type(uint8).max revert, and returns decimals as uint8. The function signature changes to return (uint256, uint8).
Op: remove redundant check and import
src/lib/op/LibOpFtsoCurrentPriceUsd.sol, test/src/lib/op/LibOpFtsoCurrentPriceUsd.t.sol
Removes the op-side DecimalsTooLarge import and overflow check, destructures the library return as uint8, and bounds the stale-price fuzz input to the uint8 range.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main change: moving the DecimalsTooLarge guard into LibFtsoCurrentPriceUsd.
Linked Issues check ✅ Passed The PR implements the preferred fix by enforcing the decimals bound inside LibFtsoCurrentPriceUsd and removing the caller-side guard.
Out of Scope Changes check ✅ Passed The visible code changes stay focused on the FTSO decimals guard and related test adjustment, with no unrelated additions.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/issue-79-decimals-guard-in-library

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

thedavidmeister and others added 3 commits June 29, 2026 17:14
…ters + bound testRunStale decimals

Regenerate FlareFtsoWords.pointers.sol after guard moved to library changes
function pointer offsets. Bound testRunStale decimals to uint8 range so the
test exclusively exercises the staleness path (DecimalsTooLarge is separately
covered by testRunDecimalOverflow).

Co-Authored-By: Claude <noreply@anthropic.com>
…nkr fork flakes; local meta matches committed)
…e after DecimalsTooLarge guard move

CI reported expected 0xa30dc38f...; prior attempt committed hash from wrong nix shell.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[F28] [LOW] Library returns un-bounded decimals; DecimalsTooLarge guard is the caller's responsibility and undocumented

1 participant