npm - @rev-net/core-v6 - Versions diffs - 0.0.48 → 0.0.51 - Mend

@rev-net/core-v6 0.0.48 → 0.0.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rev-net/core-v6",
-  "version": "0.0.48",
+  "version": "0.0.51",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -28,7 +28,7 @@
   "dependencies": {
     "@bananapus/721-hook-v6": "^0.0.47",
     "@bananapus/buyback-hook-v6": "^0.0.39",
-    "@bananapus/core-v6": "^0.0.44",
+    "@bananapus/core-v6": "^0.0.48",
     "@bananapus/ownable-v6": "^0.0.24",
     "@bananapus/permission-ids-v6": "^0.0.24",
     "@bananapus/router-terminal-v6": "^0.0.37",

package/src/REVDeployer.sol CHANGED Viewed

@@ -436,7 +436,18 @@ contract REVDeployer is ERC2771Context, IREVDeployer, IERC721Receiver {
             terminalToken: terminalToken,
             sqrtPriceX96: sqrtPriceX96
         }) {}
-            catch {} // Pool may already be initialized — that's OK.
+            catch {
+            // Two failure modes both end up here and both must NOT block the revnet deploy:
+            //  1. The V4 pool is already initialized at the expected price (idempotent re-deploy). The buyback
+            //     hook's strict price check inside `initializePoolFor` would still call `_setPoolFor`, so the
+            //     try-branch already covered this. We reach this catch only when the check rejected the existing
+            //     price.
+            //  2. The V4 pool was front-run and pre-initialized at an attacker-chosen `sqrtPriceX96`. The buyback
+            //     hook's strict price check reverts with `JBBuybackHook_PoolInitializedAtWrongPrice`, which lands
+            //     here. We deliberately swallow that revert so an attacker cannot DoS the revnet deploy by
+            //     squatting on the predictable pool address — the revnet ships without buyback configured and
+            //     can be configured manually post-deploy.
+        }
     }
     //*********************************************************************//

package/src/REVLoans.sol CHANGED Viewed

@@ -62,6 +62,7 @@ contract REVLoans is ERC721, ERC2771Context, JBPermissioned, Ownable, IREVLoans
     error REVLoans_InvalidTerminal(address terminal, uint256 revnetId);
     error REVLoans_LoanExpired(uint256 timeSinceLoanCreated, uint256 loanLiquidationDuration);
     error REVLoans_LoanIdOverflow(uint256 revnetId, uint256 loanNumber, uint256 maxLoanNumber);
+    error REVLoans_LoanOwnerChanged(uint256 loanId, address expectedOwner, address actualOwner);
     error REVLoans_NewBorrowAmountGreaterThanLoanAmount(uint256 newBorrowAmount, uint256 loanAmount);
     error REVLoans_NoMsgValueAllowed(uint256 msgValue, address token);
     error REVLoans_NotEnoughCollateral(uint256 collateralCountToRemove, uint256 loanCollateral);
@@ -884,6 +885,16 @@ contract REVLoans is ERC721, ERC2771Context, JBPermissioned, Ownable, IREVLoans
         maxRepayBorrowAmount =
             _acceptFundsFor({token: loan.source.token, amount: maxRepayBorrowAmount, allowance: allowance});
+        // Re-check ownership: an ERC-777/ERC-1363 source token can reenter during the transfer above and transfer
+        // the loan NFT to another account. Without this check, `_repayLoan` would burn the new owner's NFT while
+        // returning collateral to the stale cached owner.
+        {
+            address currentOwner = _ownerOf(loanId);
+            if (currentOwner != loanOwner) {
+                revert REVLoans_LoanOwnerChanged({loanId: loanId, expectedOwner: loanOwner, actualOwner: currentOwner});
+            }
+        }
         // Make sure the minimum borrow amount is met.
         if (repayBorrowAmount > maxRepayBorrowAmount) {
             revert REVLoans_OverMaxRepayBorrowAmount({

package/src/REVOwner.sol CHANGED Viewed

@@ -222,20 +222,14 @@ contract REVOwner is IJBRulesetDataHook, IJBCashOutHook, IJBPeerChainAdjustedAcc
         uint256 feeCashOutCount = mulDiv({x: context.cashOutCount, y: FEE, denominator: JBConstants.MAX_FEE});
         uint256 nonFeeCashOutCount = context.cashOutCount - feeCashOutCount;
-        // Calculate how much surplus the non-fee tokens can reclaim via the bonding curve.
-        // Use effective (cross-chain) surplus; cap at local surplus.
+        // Compute the gross (effective-surplus) reclaim and fee amounts. The bonding curve uses cross-chain effective
+        // surplus, which can exceed what this chain's terminal actually holds.
         uint256 postFeeReclaimedAmount = JBCashOuts.cashOutFrom({
             surplus: effectiveSurplusValue,
             cashOutCount: nonFeeCashOutCount,
             totalSupply: totalSupply,
             cashOutTaxRate: context.cashOutTaxRate
         });
-        // Cap at local surplus — the bonding curve uses cross-chain effective surplus which can exceed what this
-        // chain's terminal actually holds.
-        if (postFeeReclaimedAmount > context.surplus.value) postFeeReclaimedAmount = context.surplus.value;
-        // Calculate how much the fee tokens reclaim from the remaining surplus after the non-fee reclaim.
-        // Use remaining effective surplus; cap at remaining local surplus.
         uint256 feeAmount = JBCashOuts.cashOutFrom({
             surplus: effectiveSurplusValue > postFeeReclaimedAmount
                 ? effectiveSurplusValue - postFeeReclaimedAmount
@@ -244,11 +238,21 @@ contract REVOwner is IJBRulesetDataHook, IJBCashOutHook, IJBPeerChainAdjustedAcc
             totalSupply: totalSupply - nonFeeCashOutCount,
             cashOutTaxRate: context.cashOutTaxRate
         });
-        // Cap the fee reclaim at remaining local surplus. The bonding curve uses the cross-chain effective surplus,
-        // which can exceed what's actually held locally. Without this cap, the terminal would try to send more than
-        // it has.
-        if (feeAmount > context.surplus.value - postFeeReclaimedAmount) {
-            feeAmount = context.surplus.value - postFeeReclaimedAmount;
+        // If the gross outflow exceeds local terminal liquidity, scale reclaim AND fee proportionally so the fee
+        // is preserved instead of being capped to zero when the reclaim alone consumes all local surplus.
+        uint256 grossOutflow = postFeeReclaimedAmount + feeAmount;
+        if (grossOutflow > context.surplus.value) {
+            if (grossOutflow == 0) {
+                // Defensive — both grossOutflow > localSurplus and grossOutflow == 0 can't both hold, but keep
+                // the explicit branch so future edits do not divide by zero.
+                postFeeReclaimedAmount = 0;
+                feeAmount = 0;
+            } else {
+                uint256 localSurplus = context.surplus.value;
+                postFeeReclaimedAmount = mulDiv({x: postFeeReclaimedAmount, y: localSurplus, denominator: grossOutflow});
+                feeAmount = mulDiv({x: feeAmount, y: localSurplus, denominator: grossOutflow});
+            }
         }
         // Build a context for the buyback hook using the non-fee token count and cross-chain-adjusted values