Skip to content

Finalize AUDIT_INSTRUCTIONS.md to A quality#82

Merged
mejango merged 3 commits intomainfrom
docs/audit-instructions-10-of-10
Mar 22, 2026
Merged

Finalize AUDIT_INSTRUCTIONS.md to A quality#82
mejango merged 3 commits intomainfrom
docs/audit-instructions-10-of-10

Conversation

@mejango
Copy link

@mejango mejango commented Mar 22, 2026

Summary

  • Fix editorial tone: Replaced informal "Wait, is this correct?" in Priority Area 4 with a definitive open question directing auditors to trace through JBMultiTerminal.cashOutTokensOf().
  • Add Previous Audit Findings: Documents that no formal audit with finding IDs exists; points to RISKS.md for internal analysis.
  • Add Coverage Gaps: Six specific untested scenarios (stage transitions during loans, multi-source aggregation, concurrent borrow+cashout, auto-issuance with suckers, partial repay+reallocation, loan fee at liquidation boundary).
  • Add Error Reference: Complete table of all 29 custom errors across REVDeployer (11) and REVLoans (18) with exact trigger conditions sourced from code.
  • Add Compiler and Version Info: Solidity 0.8.26, Cancun, via-IR, 100 runs.
  • Add How to Report Findings: Structured 7-point template with severity guide (CRITICAL/HIGH/MEDIUM/LOW).

Test plan

  • Verify all 29 errors in the table match current source (REVDeployer.sol lines 64-74, REVLoans.sol lines 58-75)
  • Confirm optimizer_runs=100 matches foundry.toml
  • Read through the complete document for flow and consistency

🤖 Generated with Claude Code

mejango and others added 3 commits March 22, 2026 12:47
@mejango @claude
Docs: USER_JOURNEYS.md quality pass
5c745bc 
- Add missing Events section to journey 2 (Convert Existing Project)
- Add Events notes to journeys 3 and 4 (Pay/Cash Out) clarifying no
  revnet-specific events are emitted
- Fix BurnHeldTokens event parameter name from 'balance' to 'count'
  to match actual Solidity event signature in IREVDeployer

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@mejango @claude
Finalize AUDIT_INSTRUCTIONS.md with error reference, coverage gaps, a…
6307a48 
…nd reporting format

Fix editorial tone in Priority Area 4 (cash-out fee calculation). Add Previous
Audit Findings, Coverage Gaps, Error Reference (all 29 custom errors from
REVDeployer and REVLoans with triggers sourced from code), Compiler and Version
Info, and How to Report Findings sections.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@mejango @claude
Fix buyback pool init price: compute fair sqrtPriceX96 from initialIs…
d27da82 
…suance

REVDeployer previously initialized buyback pools at a hardcoded 1:1 price
regardless of the project's issuance rate. For a 1000 tokens/ETH project,
the pool priced each token at 1 ETH (1000x overvalued), causing
JBBuybackHook_SpecifiedSlippageExceeded on sell-side cashouts.

_tryInitializeBuybackPoolFor now accepts initialIssuance and computes
sqrtPriceX96 = sqrt(mulDiv(issuance, 2^192, 1e18)), aligning the pool's
initial price with the bonding curve. Test helpers updated to provision
sufficient liquidity at the new price and mock oracle at tick 69078.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@mejango mejango merged commit b108d92 into main Mar 22, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mejango