Previously, if the funding or interest updating instruction wasn't
called for a long time (like for a solana downtime or the security
council halting the program), the next update would apply funding or
interest for the whole time interval since the last update.
This could lead to a bad downtime situation becoming worse. Instead,
limit the maximum funding and interest time interval to one hour.
* in perp settle fees, dont error, rather return early
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* Fixes from review
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
---------
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* Fix bug: only account for borrows we are offsetting
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* fix
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* Bank: Unittest for net borrow limits
---------
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
Co-authored-by: Christian Kamm <mail@ckamm.de>
This fixes a security issue where bankruptcy related instructions could
be called inside a health region. Now health regions are limited to
compute optimization like when placing multiple orders in one
transaction.
This limitation also makes it impossible to abuse health regions for
flash loans. Use the FlashLoan instructions for that purpose.
* support name edit for token and program
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* undo
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* Fixes from review
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
---------
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
This allows the security council to say "users can't create new borrows
against this token/perp anymore". In some emergency situations this can
help reduce risk exposure.
For example, if the price of a wrapped asset permanently depegs from
its underlying or there is a successful long-term attack on an oracle,
this (and reduce-only) would significantly reduce exploitability until
the DAO's decision for how to resolve the issue goes through.
* Vendor `fixed` crate to have checked math in release mode
* remove all cm!()
* drop superfluous parens
* drop use of checked_math crate
* manual removal of redundant checked_* functions
To do that, split up the Accounts objects and the instruction
implementations.
GPL code is only used when the "enable-gpl" feature is enabled. That
means compiling the program or running tests need explicit feature
activation now.
Due to the safety features in v4, the init health can differ from maint
health a lot more than it used to in v3. This is because of stable-price
adjusted oracle prices used in init health, and the weight scaling based
on total deposits and borrows used in init health.
The effect is that once an account becomes liquidatable, it could be
liquidated a lot until it reaches init>=0.
The original idea of liquidating until init>=0 was just to provide some
buffer, such that liquidated accounts wouldn't immediately become
liquidatable again.
This patch decouples the buffer idea explicit from init health by
creating a new LiquidationEnd health type. Liquidation proceeds until
the LiquidationEnd health becomes positive.
Co-authored-by: microwavedcola1 <89031858+microwavedcola1@users.noreply.github.com>
Previously liquidation would overestimate the amount required, because
it used the oracle price for computing the health gain from
liquidation.
Now it uses the correct (stable price adjusted) price for figuring out
the amount of liquidation required, while still executing at
fee-adjusted oracle price.
- don't store internal order ids: unneeded
- provide the maker client order id for user correlation
- store fees as f32 to waste fewer bytes
- new FillLogV2
- Rename to perp_liq_base_or_positive_pnl and perp_liq_negative_pnl_or_bankruptcy
- Deal with situations where overall asset weight is zero and base position reduction
would not improve liqee health
- Add ability for liqors to take over positive unsettled pnl if that improves liqee health
Speeds up the linking step, needs way less disk space for test binaries
and executes tests significantly faster.
Test execution went from 35s -> 29s for me and compilation improved a
lot.
* return order id from a perp place order ix
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* fix
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* fixes from review
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* zero out perp position and orders for a broken market
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* fix
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* client code
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* fixes from review
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* skip iteration if the incoming order has no lots to process
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
* fixes from review
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
Signed-off-by: microwavedcola1 <microwavedcola@gmail.com>
This includes trade pnl, funding and fees. Tracking this makes it easier
for uis to display a consistent position overall pnl value that doesn't
decrease by settling.
Co-authored-by: microwavedcola1 <microwavedcola@gmail.com>
This replaces the previous distinction between trusted and untrusted
markets, they are equivalent to setting the asset weights to 1 or 0
instead.
This way, we can weigh positive pnl in the trusted case at less than 1
which is more correct from a risk point of view and allows for more
flexibility when it comes to liquidation.
Co-authored-by: microwavedcola1 <microwavedcola@gmail.com>
The new instruction allows the liqor to take over negative pnl (limited
by liqee settle health and settle limits) before applying the bankruptcy
logic.
Christian Kamm
Nicholas Clarke
microwavedcola1
microwavedcola1
Maximilian Schneider