It looks like it wasn't possible to exploit the program by
re-initializing the user-owned token accounts used in flash loan because
the later use of health_ais with the health computation would error out
if any token account was included there.
However, the check and a few others were too indirect. In this patch:
- We pass the number of loans into FlashLoanEnd explicitly (verified
from FlashLoanBegin)
- Add explicit checks for token mints, so it's no longer possible to use
token accounts for foreign mints in Begin when the loan amount is zero,
and it's clearer to see that the bookkeeping in End won't break if the
user reinited the account for a different mint.
- Also add a few other extra comments and checks.
The updated FlashLoanEnd instruction is called FlashLoanEndV2
* Emit the slot corresponding to the oracle price to PerpUpdateFundingLog.
* Emit a new FilledPerpOrderLog consisting of just the group, perp market and seq num. This will be used to correlate perp fills to the transactions they were matched (not consumed).
Previously, if the funding or interest updating instruction wasn't
called for a long time (like for a solana downtime or the security
council halting the program), the next update would apply funding or
interest for the whole time interval since the last update.
This could lead to a bad downtime situation becoming worse. Instead,
limit the maximum funding and interest time interval to one hour.
* in perp settle fees, dont error, rather return early
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* Fixes from review
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
---------
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* Fix bug: only account for borrows we are offsetting
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* fix
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* Bank: Unittest for net borrow limits
---------
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
Co-authored-by: Christian Kamm <mail@ckamm.de>
This fixes a security issue where bankruptcy related instructions could
be called inside a health region. Now health regions are limited to
compute optimization like when placing multiple orders in one
transaction.
This limitation also makes it impossible to abuse health regions for
flash loans. Use the FlashLoan instructions for that purpose.
* support name edit for token and program
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* undo
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* Fixes from review
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
---------
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
This allows the security council to say "users can't create new borrows
against this token/perp anymore". In some emergency situations this can
help reduce risk exposure.
For example, if the price of a wrapped asset permanently depegs from
its underlying or there is a successful long-term attack on an oracle,
this (and reduce-only) would significantly reduce exploitability until
the DAO's decision for how to resolve the issue goes through.
* Vendor `fixed` crate to have checked math in release mode
* remove all cm!()
* drop superfluous parens
* drop use of checked_math crate
* manual removal of redundant checked_* functions
To do that, split up the Accounts objects and the instruction
implementations.
GPL code is only used when the "enable-gpl" feature is enabled. That
means compiling the program or running tests need explicit feature
activation now.