Skip to content

REO: Documentation fixes for audit issues TRST-L-1 and TRST-L-2 #1265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
RembrandtK wants to merge 4 commits into
base: rewards-eligibility-oracle-4
Choose a base branch
from
Draft

REO: Documentation fixes for audit issues TRST-L-1 and TRST-L-2 #1265

RembrandtK wants to merge 4 commits into from
+211 −14

Conversation

@RembrandtK
Copy link
Contributor

@RembrandtK RembrandtK commented Dec 10, 2025

TRST-L-1: Large Eligibility Period Edge Case

Documents the behavior when eligibilityPeriod is set to an extremely large value exceeding block.timestamp. In this edge case, all indexers (including never-registered ones) become eligible because the check block.timestamp < 0 + eligibilityPeriod evaluates to true.

Changes:

  • Added contract-level @dev note explaining the edge case
  • Added detailed NatSpec documentation to isEligible() function
  • Added "Edge Case: Large Eligibility Periods" section to documentation
  • Added comprehensive test validating the edge case behavior

TRST-L-2: Race Condition with Configuration Changes

Documents the race condition risk where configuration changes (reducing eligibility period or enabling validation) can cause indexers to permanently lose rewards if their claim transactions are in-flight when changes occur.

Changes:

  • Added contract-level @custom:security-warning about race conditions
  • Added function-level @custom:warning to setEligibilityPeriod()
  • Added function-level @custom:warning to setEligibilityValidation()
  • Added "Operational Considerations" section with:
    • Detailed explanation of the race condition
    • Risk scenarios (configuration changes, oracle delays, network conditions)
    • Mitigation strategies for operators and indexers
    • Monitoring guidance

@RembrandtK
docs: document large eligibility period edge case (TRST-L-1)
771f9a9 
Addresses audit finding TRST-L-1 by documenting the behavior when
eligibility period is set to an extremely large value. For never-
registered indexers with zero timestamp, when eligibilityPeriod is
large enough that (block.timestamp < 0 + eligibilityPeriod) evaluates
to true, all indexers become eligible.

- Added NatSpec documentation to isEligible() function
- Updated contract-level documentation
- Added detailed edge case section to RewardsEligibilityOracle.md
- Added comprehensive test validating the edge case behavior
@RembrandtK
docs: document race condition between config changes and reward claim…
c3cbcae 
…s (TRST-L-2)

Add comprehensive documentation for TRST-L-2 race condition where
configuration changes (reducing eligibility period or enabling validation)
can cause indexers to permanently lose rewards if their claim transactions
are in-flight when the change occurs.

Changes include:
- NatSpec warnings on setEligibilityPeriod() and setEligibilityValidation()
- Contract-level security warning in RewardsEligibilityOracle
- Operational considerations section in documentation with mitigation strategies
- Monitoring guidance for operators and indexers

No code changes - mitigation relies on operational practices.
@RembrandtK RembrandtK self-assigned this Dec 10, 2025
@openzeppelin-code
Copy link

openzeppelin-code bot commented Dec 10, 2025
edited
Loading

REO: Documentation fixes for audit issues TRST-L-1 and TRST-L-2

Generated at commit: 1bdf837f7a3de1407894d392e02239d75b0c89fa

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total		 3
5
0
14
38
60
Dependencies Critical
High
Medium
Low
Note
Total		 0
0
0
0
0
0

For more details view the full report in OpenZeppelin Code Inspector

@RembrandtK RembrandtK requested a review from Copilot December 12, 2025 13:25
Copilot AI reviewed Dec 12, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses two audit findings (TRST-L-1 and TRST-L-2) by adding comprehensive documentation about edge cases and operational considerations for the RewardsEligibilityOracle contract.

Key Changes:

  • Documents the edge case where extremely large eligibility periods make all indexers eligible (TRST-L-1)
  • Documents race condition risks with configuration changes affecting in-flight reward claim transactions (TRST-L-2)
  • Adds comprehensive test case validating the large eligibility period edge case behavior

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File Description
packages/issuance/test/tests/eligibility/RewardsEligibilityOracle.test.ts Adds new test case to validate that never-registered indexers become eligible when eligibility period exceeds block timestamp
packages/issuance/contracts/eligibility/RewardsEligibilityOracle.sol Adds NatSpec documentation explaining the large eligibility period edge case and race condition warnings to configuration functions
packages/issuance/contracts/eligibility/RewardsEligibilityOracle.md Adds detailed documentation sections covering the edge case, race condition scenarios, mitigation strategies, and monitoring guidance

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@RembrandtK RembrandtK mentioned this pull request Dec 12, 2025
Merged
@RembrandtK
fix: resolve fuzz test failure in testGetBalance_WhenCollectedOverTha…
46f88dd 
…wing (#1268)

Replace vm.assume with bounded inputs to fix "vm.assume rejected too many inputs" error.
The previous implementation used overly restrictive constraints that caused the fuzzer
to reject most random inputs. Now limits amountThawing and amountCollected to half of
MAX_STAKING_TOKENS, guaranteeing valid deposit ranges while maintaining test coverage.
@RembrandtK
docs: fix grammar and terminology in RewardsEligibilityOracle
1bdf837 
- Change 'eligible period' to 'eligibility period' for consistency
- Fix 'have confidence is being able' to 'have confidence in being able'
- Fix 'have a good transparency' to 'have good transparency'
- Change 'Reward Manager' to 'RewardsManager' for correct contract naming
@codecov
Copy link

codecov bot commented Dec 12, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.07%. Comparing base (fec6aa7) to head (1bdf837).

Additional details and impacted files 
@@                      Coverage Diff                      @@
##           rewards-eligibility-oracle-4    #1265   +/-   ##
=============================================================
  Coverage                         85.07%   85.07%           
=============================================================
  Files                                44       44           
  Lines                              2178     2178           
  Branches                            649      649           
=============================================================
  Hits                               1853     1853           
  Misses                              325      325
Flag Coverage Δ
unittests 85.07% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@RembrandtK RembrandtK

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RembrandtK