You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since we will be using gauge duration in place of uptime, we need to add the critical guardrail of disallowing future gauges to be created with invalid or unauthorized uptimes. We will address existing “invalid” gauges in a future issue by making them fall back to the default uptime of 1ns. The reasons for this are explained in #7369.
This essentially updates the current validation logic to check gauge durations against authorized uptimes instead of lockable durations if the gauge is for a CL pool. For the sake of simplicity, the gaugeType abstraction in the linked code should be replaced with a NoLock type check, as this is how we currently identify CL gauges.
We also need to add two additional checks to protect against edge cases, the first of which would be directly exploitable if not included:
Edit: it seems the first check is done later in the function prior to any gauge creation logic, so this check does not seem to be necessary. It should be ensured that it is tested anyway.
If the gauge type is NoLock, fetch the pool and verify that it is a CL pool as done here:
pool, err:=k.GetPoolFromGaugeId(ctx, gauge.Id, gauge.DistributeTo.Duration)
iferr!=nil {
returnnil, err
}
poolType:=pool.GetType()
ifpoolType!=poolmanagertypes.Concentrated {
returnnil, fmt.Errorf("pool type %s is not supported for no lock distribution", poolType)
}
Otherwise, one can create a balancer gauge with NoLock type to bypass lockup duration validation.
Make an exception to validation logic if it’s coming from the Pool Incentives module account, as these are internal gauges for CL and will be using the gov param for distributions anyway. If this is not added, the post pool creation hook (that makes internal gauges) for CL will fail, potentially causing serious issues (no more CL pool creation at best, chain halt vector at worst)
Testing Strategy
The following tests should be added to existing gauge creation tests (or a new set if necessary):
Create gauge with authorized uptime (happy path)
Attempt to create gauge with unauthorized uptime (error)
Attempt to create with unauthorized (error) -> authorize the uptime and try again -> works
Authorize an uptime -> create with authorized uptime (works) -> unauthorize the uptime and try again -> errors
Attempt to create a NoLock gauge on a Balancer pool (error)
Ensure epoch duration / 1 day is unauthorized and attempt to create CL pool. Should work. Ensure internal gauge was created for the pool using k.pik.GetInternalGaugeIDForPool(ctx, poolID)
Acceptance Criteria
New validation logic is added and thoroughly tested
The text was updated successfully, but these errors were encountered:
Background
Since we will be using gauge duration in place of uptime, we need to add the critical guardrail of disallowing future gauges to be created with invalid or unauthorized uptimes. We will address existing “invalid” gauges in a future issue by making them fall back to the default uptime of 1ns. The reasons for this are explained in #7369.
Suggested Design
A clever way to implement this pretty concisely would be to add the following logic to the existing gauge duration validation logic:
main...alpo/enable-uptime-gauges#diff-d57570c2b30c7fe37108bd7847d1419ad3f0240d7dd28d37e0aecff0730236c8R131-R139
This essentially updates the current validation logic to check gauge durations against authorized uptimes instead of lockable durations if the gauge is for a CL pool. For the sake of simplicity, the
gaugeType
abstraction in the linked code should be replaced with aNoLock
type check, as this is how we currently identify CL gauges.We also need to add two additional checks to protect against edge cases, the first of which would be directly exploitable if not included:
NoLock
, fetch the pool and verify that it is a CL pool as done here:osmosis/x/incentives/keeper/distribute.go
Lines 591 to 600 in 7c81b90
NoLock
type to bypass lockup duration validation.Testing Strategy
The following tests should be added to existing gauge creation tests (or a new set if necessary):
NoLock
gauge on a Balancer pool (error)k.pik.GetInternalGaugeIDForPool(ctx, poolID)
Acceptance Criteria
The text was updated successfully, but these errors were encountered: