Comments (6)
call the function including the right settlement price without involving the solver.
What exactly does this part mean?
You mean that SC orders have a way to "guaranteed" receive the same price as the EOA signed orders, right? I was confused since these prices also rely on the solvers. However the attack would be that a solver settles signed orders with price p1 and smart contract orders with p2.
from gp-v2-contracts.
My fear is the attack (as I understand from @fleupold) that there is nothing preventing a solver from specifying a different price for this kind of order (by having the same token with two separate prices in the settlement).
Yes, nothing is preventing them, besides the dao rules. And in order to make the dao-rules easily enforceable, we need to know which smart contract orders are allowed to be called with arbitrary call-data and which ones not. Especially for this distinguishment, I think it is nice to have this interface defined.
But If there is another easy way to distinguish these two types of smart contract orders, I am happy to not implement this feature.
from gp-v2-contracts.
If we would not implement an "official interface for smart contract orders dealing with the current clearing price", how would we distinguish a smart contract order that wants to trade "all the time" and another one trading only at the current clearing price?
I think that the additional protection for smart contract orders is not significant, as it could also be enforced by the dao. Though, if we end up not implementing it, then we need another way to mark these orders.
The use-case that I could heavily benefit from the features is CMMs designed to pocket surpluses.
from gp-v2-contracts.
The use-case that I could heavily benefit from the features is CMMs designed to pocket surpluses.
My fear is the attack (as I understand from @fleupold) that there is nothing preventing a solver from specifying a different price for this kind of order (by having the same token with two separate prices in the settlement). In that sense, it doesn't really offer any additional protection as the solver specifying the price as part of the encoded calldata.
from gp-v2-contracts.
I think, another approach would be to have another kind of interaction that is called 3 times with the same data, pre-,mid-,post- settlement. This allows things like the CMM use case to provide funds upfront and then revert if it did not receive enough funds at the end of the settlement.
from gp-v2-contracts.
Closing for now based on discussion. Additionally, SC orders can be currently implemented using something like EIP-1271 where a pre-interaction registers an order with a limit price.
from gp-v2-contracts.
Related Issues (20)
- Update to latest Balancer contracts.
- Add custom limit amount for swap fast path
- Add `OrderBalance.ERC20` as a valid value for sell token balance `0b01` flag value
- Stricter order balance typing in TypeScript library
- Add useful flags to withdraw task
- Update Settlement Decoding to latest contracts.
- Investigate `hardhat-deploy` issues when changing deployment salt.
- [audit] GPv2Settlement.sol
- `dump` task will attempt transfer even if balance is 0.
- Tokens that are not traded do not get included in withdraw list
- Tokens that were traded and then became "invalid" can no longer be swapped.
- Allow specifying a maximum withdraw/dump batch size
- `dump` script display order information and wait
- [đĽA1] Gnosis Protocol Token Contracts Audit HOT 3
- Long approval times invalidate fees. HOT 1
- [Cowswap] API Price Strategy check endpoint HOT 2
- `dump` script can fail to place orders when approvals take too long.
- Implement faster way of getting largest token balances for WithdrawService
- Fix block native price estimation access HOT 1
- A HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
đ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. đđđ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google â¤ď¸ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gp-v2-contracts.