test: address Bugbot review on #470 (rebase caller, PWQ ctor args, dead vars)#479
Merged
seongyun-ko merged 1 commit intoJun 21, 2026
Conversation
…ad vars) Fixes the open Cursor Bugbot findings against the I3/I10 fork invariant suites (all confirmed against source, not the bot summary): - WithdrawalSolvency: rebasePositive/rebaseNegative pranked membershipManager, but LiquidityPool.rebase requires msg.sender == etherFiAdminContract (LiquidityPool.sol:456). On a realistic fork membershipManagerInstance is address(0) (only set in initializeTestingFork), so both helpers always reverted IncorrectCaller AND were never even in the fuzz selector set (dead code). Now prank the real etherFiAdminContract, drop the unused membershipManager immutable/ctor arg, add both ops to targetSelector, and bound the positive rebase to <=0.2% so it stays under MAX_POSITIVE_REBASE_BPS (0.25%) and actually applies. - WithdrawalSolvency: removed unused baseLocked/baseOutOfLp snapshots; the invariants assert the stronger construction-true absolute bound, so the baseline vars were dead. - ValidatorStateMachine: PriorityWithdrawalQueue ctor is (lp, eETH, weETH, blacklister, roleRegistry, minDelay); the fork upgrade passed roleRegistry as blacklister and treasury as roleRegistry. Now wired with blacklisterInstance + roleRegistryInstance in their correct slots. Verified on mainnet fork: WithdrawalSolvency 7/7 pass (requestsClaimed=14, finalizeBoundChecks=7, lockBoundEnforced=10), ValidatorStateMachine 2/2, RewardsDistributor 3/3 (its non-vacuity gates were already present).
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses the open Cursor Bugbot findings on #470. Test-only, no
src/changes. Targets the PR-470 branch so it rides into the release with the rest of the test layer.Every finding was re-checked against source (not the bot summary):
Medium — rebase uses wrong caller / unset membership manager (
WithdrawalSolvency)The two Bugbot comments (#3417785711-family) flagged
rebasePositive/rebaseNegativeprankingmembershipManager. Source:LiquidityPool.rebaserequiresmsg.sender == etherFiAdminContract(LiquidityPool.sol:456), and on a realistic forkmembershipManagerInstanceisaddress(0)(only set ininitializeTestingFork). Worse: the rebase ops weren't even in thetargetSelectorset — dead code, which is why the suite passed despite the bug.etherFiAdminContract; drop the unusedmembershipManagerimmutable + ctor arg.rebasePositive/rebaseNegativetotargetSelectorso they actually run.MAX_POSITIVE_REBASE_BPS(0.25%) and applies.Medium — PriorityWithdrawalQueue wrong constructor args (
ValidatorStateMachine)Ctor is
(lp, eETH, weETH, blacklister, roleRegistry, minDelay); the fork upgrade passedroleRegistryas_blacklisterandtreasuryas_roleRegistry. Now wired withblacklisterInstance+roleRegistryInstancein their correct slots (matchesTestSetup.sol:504).Low — unused baseline snapshots (
WithdrawalSolvency)Removed dead
baseLocked/baseOutOfLp; the invariants assert the stronger construction-true absolute bound, so the snapshots were never read.Already fixed at HEAD (no action)
MEMBERSHIP_MANAGER).afterInvariant).Verification (mainnet fork)
WithdrawalSolvencyInvariantTest: 7/7 pass — requestsClaimed=14, finalizeBoundChecks=7, lockBoundEnforced=10, rebase ops now active.ValidatorStateMachineInvariantTest: 2/2 pass.RewardsDistributorInvariantTest: 3/3 pass.Note
Low Risk
Changes are confined to invariant/fork test setup and fuzz handlers; production contracts are untouched.
Overview
Test-only fixes for mainnet-fork invariant suites; no
src/changes.ValidatorStateMachinefork upgrade: ThePriorityWithdrawalQueueimplementation deployed duringsetUpnow passesblacklisterInstanceandroleRegistryInstancein the constructor slots that match production (lp,eETH,weETH, blacklister, roleRegistry,minDelay), instead of mis-wiringroleRegistryas blacklister andtreasuryas role registry.WithdrawalSolvencyhandler/fuzzer: Drops unusedbaseLocked/baseOutOfLpsnapshots and the unusedmembershipManagerdependency.rebasePositive/rebaseNegativenow pranketherFiAdminContract(the only callerLiquidityPool.rebaseaccepts on a realistic fork, wheremembershipManageris unset), are included intargetSelectorso they actually run during fuzzing, and positive rebase is capped at ≤0.2% of out-of-LP TVL so deltas stay underMAX_POSITIVE_REBASE_BPS(0.25%) and apply instead of reverting.Reviewed by Cursor Bugbot for commit 1e4ba9e. Bugbot is set up for automated code reviews on this repo. Configure here.