Skip to content

IA: Audit fix/response for Issuance Allocator #1267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
RembrandtK wants to merge 4 commits into
base: issuance-allocator-3
Choose a base branch
from
Draft

IA: Audit fix/response for Issuance Allocator #1267

RembrandtK wants to merge 4 commits into from

Conversation

@RembrandtK
Copy link
Contributor

@RembrandtK RembrandtK commented Dec 12, 2025

This PR adds two enhancements:

  • Issuance Allocator now supports configurable default allocation for unallocated issuance
  • Rewards Manager can now reclaim tokens that would otherwise be denied

Issuance Allocator: Default Allocation

The default allocation automatically receives whatever percentage is not explicitly allocated to other targets.

Added setDefaultAllocationAddress() to configure where unallocated issuance is sent.

Modified getTotalAllocation() to exclude the default allocation if it is the zero address (as it will in this scenario not be minted).

RewardsManager: Reclaim Addresses

Added two configurable reclaim addresses:

  • indexerEligibilityReclaimAddress - receives rewards denied due to eligibility oracle
  • subgraphDeniedReclaimAddress - receives rewards denied due to subgraph denylist

When rewards are denied and a reclaim address is set (non-zero), tokens are minted to that address instead of not being minted at all. Defaults to address(0) (original behavior).

@RembrandtK
feat: default issuance allocation for Issuance Allocator
9f6c704 
The default allocation receives issuance that is
not explicitly allocated to another target.

- Added setDefaultAllocationAddress() to set.
- getTotalAllocation() excludes default when it is the zero address.
- Tests and documentation updated.
@RembrandtK
feat: optional issunace reclaim addresses for Rewards Manager
13a77e4 
Added two configurable reclaim addresses:

- indexerEligibilityReclaimAddress
- subgraphDeniedReclaimAddress

When rewards are denied and the reclaim address is set (non-zero),
tokens are minted to that address instead of not being minted at all.
Defaults to address(0) (original behavior).

Also updated associated documentation and tests.
@RembrandtK RembrandtK mentioned this pull request Dec 12, 2025
Closed
@RembrandtK RembrandtK requested a review from Copilot December 12, 2025 17:54
@RembrandtK RembrandtK self-assigned this Dec 12, 2025
@openzeppelin-code
Copy link

openzeppelin-code bot commented Dec 12, 2025
edited
Loading

IA: Audit fix/response for Issuance Allocator

Generated at commit: cbe2bd1eb018d1490bed669385170ad91ceb1f89

🚨 Report Summary

Severity Level Results
Contracts Critical
High
Medium
Low
Note
Total		 3
5
0
14
38
60
Dependencies Critical
High
Medium
Low
Note
Total		 0
0
0
0
0
0

For more details view the full report in OpenZeppelin Code Inspector

Copilot AI reviewed Dec 12, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds two enhancements to the Graph Protocol's issuance and rewards system:

Purpose: Enable better management of unallocated issuance and denied rewards through configurable reclaim mechanisms.

Key Changes:

  • Issuance Allocator: Introduces a default allocation mechanism that automatically receives unallocated issuance portions, with address configurable via setDefaultAllocationAddress()
  • Rewards Manager: Adds two reclaim addresses (indexerEligibilityReclaimAddress and subgraphDeniedReclaimAddress) that can receive rewards that would otherwise be denied, preventing token loss

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
IssuanceAllocator.sol Implements default allocation mechanism with 100% invariant, adds setDefaultAllocationAddress(), modifies allocation tracking to exclude default from reported totals when address(0)
IIssuanceAllocationAdministration.sol Adds setDefaultAllocationAddress() interface method
RewardsManager.sol Implements reclaim functionality with two helper functions to handle denied rewards, refactors takeRewards() to use them
RewardsManagerStorage.sol Adds storage variables for reclaim addresses with documentation
IRewardsManager.sol Adds interface methods for setting reclaim addresses
MockRewardsManager.sol Adds mock implementations of new reclaim setter methods
IssuanceAllocator.test.ts Updates all tests to account for default allocation always existing at index 0
IssuanceSystem.test.ts Updates tests with corrected total allocation expectations
DefaultAllocation.test.ts New comprehensive test suite covering default allocation behavior, edge cases, and distribution scenarios
rewards-reclaim.test.ts New comprehensive test suite covering reclaim address functionality for both denylist and eligibility scenarios
optimizedFixtures.ts Updates reset helper to skip default allocation and reset it properly
InterfaceIdStability.test.ts (both) Updates expected interface IDs for modified interfaces

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@RembrandtK
docs: improve code comments in IssuanceAllocator
70c00e4 
- Add clarity to availablePPM calculation explaining it comprises default allocation's allocator-minting PPM, target's allocator-minting PPM, and target's self-minting PPM to maintain 100% allocation invariant
- Refine reentrancy comment to explicitly reference that calculations occur after notifications to prevent reentrancy issues

Addresses PR feedback from code review
@RembrandtK RembrandtK mentioned this pull request Dec 12, 2025
Merged
@RembrandtK
fix: resolve fuzz test failure in testGetBalance_WhenCollectedOverTha…
cbe2bd1 
…wing (#1268)

Replace vm.assume with bounded inputs to fix "vm.assume rejected too many inputs" error.
The previous implementation used overly restrictive constraints that caused the fuzzer
to reject most random inputs. Now limits amountThawing and amountCollected to half of
MAX_STAKING_TOKENS, guaranteeing valid deposit ranges while maintaining test coverage.
@codecov
Copy link

codecov bot commented Dec 12, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.09%. Comparing base (dbf5d2b) to head (cbe2bd1).

Additional details and impacted files 
@@                   Coverage Diff                    @@
##           issuance-allocator-3    #1267      +/-   ##
========================================================
+ Coverage                 85.83%   86.09%   +0.26%     
========================================================
  Files                        45       45              
  Lines                      2294     2338      +44     
  Branches                    680      696      +16     
========================================================
+ Hits                       1969     2013      +44     
  Misses                      325      325
Flag Coverage Δ
unittests 86.09% <100.00%> (+0.26%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@RembrandtK RembrandtK

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RembrandtK