Nialexsan/fusdev strategy

[nialexsan]

Closes: #???

Description

this PR contains bulk changes related only to FUSDEV strategy from #183
so it's easier to review just the strategy itself withoutt the second strategy

---

For contributor use:

• Targeted PR against master branch
• Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
• Code follows the standards mentioned here.
• Updated relevant documentation
• Re-reviewed Files changed in the Github PR explorer
• Added appropriate labels

[nialexsan]

this is removed to keep the contract updatable

[nialexsan]

@claude

[claude]

Claude finished @nialexsan's task in 2m 38s —— View job

---

Code Review

• Gather context
• Read changed files
• Analyze changes
• Post review feedback

---

Summary

This PR extracts the FUSDEV strategy from #183 for focused review. The changes are well-motivated and the code is generally clean. Below are my findings, ordered by severity.

---

FlowYieldVaultsStrategiesV2.cdc

Close Position Architecture — Notable Improvements

The closePosition refactor is a meaningful improvement over the previous approach:

1. Swapper reconstruction vs. serialization — Instead of storing a {DeFiActions.Swapper} in config (which required serialization of a complex struct), swappers are now rebuilt from the stored CollateralConfig. This is cleaner and avoids potential issues with stale or unresolvable stored swappers.

2. BufferedSwapSource — The design correctly addresses ERC4626 rounding underestimates. The comment is clear, and the burn of zero-balance vaults is handled properly. One note: the minimumAvailable() implementation calls quoteOut which may not be a perfect lower bound in edge cases — but given the buffered approach is already the "pull everything" pattern, this is acceptable.

3. Pre-supplement logic — The 1% buffer (shortfall + shortfall / 100.0) is reasonable for handling swap slippage during close. The key constraint is correctly documented: this must happen before closePosition to avoid the reentrancy lock.

Issues

_buildDebtToCollateralSwapper assumes a direct MOET→YIELD AMM pool exists (line ~383 in diff)

let debtToYieldAMM = FlowYieldVaultsStrategiesV2._buildUniV3Swapper(
    tokenPath: [tokens.moetTokenEVMAddress, tokens.yieldTokenEVMAddress],
    feePath: [100],
    ...
)

FUSDEV is a Morpho vault token — this assumes a MOET/FUSDEV UniV3 pool exists with fee tier 100. If that pool ever has insufficient liquidity, the dust-handling path will fail silently (the quoteOut check will return 0.0 and the vault is burned). The comment in _buildYieldToDebtSwapper confirms this pool is expected to exist, but it's worth documenting explicitly as a deployment invariant.

closePosition returns an empty collateral vault if no collateral is found (line ~244)

var collateralVault <- DeFiActionsUtils.getEmptyVault(collateralType)
while resultVaults.length > 0 {
    let v <- resultVaults.removeFirst()
    if v.getType() == collateralType {
        collateralVault.deposit(from: <-v)
    } ...
}

If closePosition returns no vault matching collateralType (shouldn't happen in practice but could if the position had dust-only collateral rounded to zero), the function returns an empty vault silently. The old code had an explicit assert that the first vault was collateral type. Consider adding an assertion after the loop: Fix this →

_resolveTokenBundle makes EVM calls during closePosition — called via _resolveTokenBundle(yieldTokenEVMAddress:), which calls ERC4626Utils.underlyingAssetEVMAddress. This performs an EVM read during close, which is already expensive. Not a bug, but worth noting as a potential cost concern in production.

Minor

• var collateralVault <- DeFiActionsUtils.getEmptyVault(collateralType) — let would work here since the binding is never reassigned (only deposits are made into the resource). Cosmetic only.
• _getStoredCollateralConfig borrows directly from deployer account storage — couples closePosition to the issuer's storage path. Acceptable for now but worth documenting.
• _resolveTokenBundle was previously _resolveTokenBundle(collateralConfig:) on the composer and hard-coded Type<@MOET.Vault>(). The new version uses _getPoolDefaultToken() to derive it dynamically — this is a correctness improvement worth calling out positively.

---

FlowYieldVaultsStrategiesV2_FUSDEV_test.cdc

Commented-out contract deployment (lines ~211–221)

// temporary commented until merged with syWFLOW strategy
// log("Deploying FlowYieldVaultsStrategiesV2...")
// err = Test.deployContract(...)

This means the fork tests are running against the already-deployed mainnet version of the contract, not the new code from this PR. The new BufferedSwapSource, pre-supplement logic, and swapper reconstruction are not tested by these tests. This is a known limitation but should be noted as a gap — the tests validate the strategy's end-to-end lifecycle, not the specific new code paths.

Shared wbtcUser / wethUser state — Both point to 0x68da18f20e98a7b6. The WBTC and WETH lifecycle tests share this account including vault IDs stored in module-level state. If one lifecycle test fails, subsequent tests for the other collateral type may fail spuriously. The pattern is consistent with the rest of the test file, so not a blocker.

Leaked open vault in testCannotDepositWrongTokenToYieldVault — A fresh WETH vault is created for the negative test but never closed. Minor test hygiene issue.

---

upsert_strategy_config.cdc

The removal of the composer parameter from addOrUpdateCollateralConfig → addOrUpdateMorphoCollateralConfig is clean and reduces the risk of passing the wrong composer type. The rename is well-aligned with the fact that this issuer only manages Morpho configs.

---

Overall Assessment

The design is sound. The key risk is the commented-out contract deployment in tests — the fork tests provide good coverage of the strategy lifecycle but don't exercise the new closePosition code paths against the new contract. This should be resolved (or explicitly tracked) before merging to main.

[nialexsan]

Swapper reconstruction vs. serialization — Instead of storing a {DeFiActions.Swapper} in config (which required serialization of a complex struct), swappers are now rebuilt from the stored CollateralConfig. This is cleaner and avoids potential issues with stale or unresolvable stored swappers.

this change fixes an issue with exceeding compute limit while reading through the dict and retrieving a big object (Swapper) from it. Also this approach makes the implementation more flexible, in case the swap paths are updated after a strategy is created.

[jribbink]

This is the same behaviour as a SwapSource, but ignores the maxAmount provided by the DeFiActions.Source interface.

Are we sure that this is necessary, and not masking an underlying bug/design flaw? I thought that DeFiActions used UFix64.max as a senteniel value for cases like this, or am I misunderstanding here?

[zhangchiqing]

Should we give us some visibility of the reason we burn the tokens? Because the decision depends on a 3rd party quote.

We have 2 (or more?) code paths that lead to token burning event: 1) vault has 0 balance 2) the token worth nothing.

Maybe it's useful to add a TokenBurned event with the amount and the quote as evidence of why we decided to burn it, in case we need to debug, since the swapper price might be either outdated or misbehaving?

[zhangchiqing]

Suggested change

	assert(yieldToCollPath.length >= 2, message: "yieldToCollateral path must have at least 2 elements")
	assert(yieldToCollPath.length >= 2, message: "yieldToCollateral path requires at least yield and collateral tokens, got \(yieldToCollPath.length)")

[zhangchiqing]

Better validate this as well

assert(
      yieldToCollFees.length == yieldToCollPath.length - 1,
      message: "Fee array length (\(yieldToCollFees.length)) must equal path hops (\(yieldToCollPath.length - 1))"
  )

[zhangchiqing]

could we mention the burning token behavior (the cleanup) in the comments of closePosition as well?

[jordanschalm]

What is the rounding underestimate caused by? Is it bounded? If the source contains much more funds than is needed, we'll swap much more than we need to.

[jordanschalm]

It seems like both these changes are related to the Swapper quotes being unreliable:

• BufferedSwapSource swaps all funds available in the source, ignoring the quote, because it might contain rounding errors
• This "pre-supplement extra moet" step adds 1% to account for slippage/rounding unaccounted for in the quote from collateralToMoetSwapper

But when we calculate the shortfall, we are using expectedMOET, which is the result of a swapper quote. Why do we trust this quote and not the others?