Add swap rate tolerance threshold when swapping SOL or USDC into USDCpo#31
Add swap rate tolerance threshold when swapping SOL or USDC into USDCpo#31gigileungyingchi wants to merge 5 commits intomainfrom
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
gigileungyingchi
force-pushed
the
swap-tolerance-threshold
branch
from
89c67b1 to
c05d810
Compare
gigileungyingchi
force-pushed
the
swap-tolerance-threshold
branch
from
c05d810 to
77b1e6f
Compare
gigileungyingchi
force-pushed
the
swap-tolerance-threshold
branch
from
77b1e6f to
024bcb1
Compare
gigileungyingchi
force-pushed
the
swap-tolerance-threshold
branch
from
093bbfa to
1872aba
Compare
| } | ||
|
|
||
| let input_initial_balance = ctx.remaining_accounts[0].lamports() as f64; | ||
| let output_intitial_balance = ctx.remaining_accounts[&ctx.remaining_accounts.len()-1].lamports() as f64; |
There was a problem hiding this comment.
typo - too many 't's in 'initial'
There was a problem hiding this comment.
this typo is still there (line 66 now)
gigileungyingchi
force-pushed
the
swap-tolerance-threshold
branch
2 times, most recently
from
6edd1fe to
81b5c60
Compare
| pub state: Account<'info, State>, | ||
| pub jupiter_program: Program<'info, Jupiter>, | ||
| /// CHECK: the price feed account needs to correspond to the exchange pair | ||
| pub pyth_price_feed_account: AccountInfo<'info>, |
There was a problem hiding this comment.
Better to use UncheckedAccount<'info> here - Anchor has special build-time checks for it.
In reality, this is fixed based on the input pair, right? Does this check happen inside the pyth program?
| if ctx.accounts.pyth_price_feed_account.key() != ctx.accounts.state.pyth_price_feed_key { | ||
| return Err(ErrorCode::IncorrectPriceFeedOracleAccount.into()); | ||
| } | ||
| let price_feed: PriceFeed = load_price_feed_from_account_info( &ctx.accounts.pyth_price_feed_account ).unwrap(); |
There was a problem hiding this comment.
See my comment below on the pyth_price_feed_account - this is where I would assume to be passing in the currency pair.
My thinking is:
Let's say an attacker, for whatever reason, passes in SOL, that will be converted to USDC at a rate of 1:100, but passes in the pyth account for BTC, which gives a rate of 1:40,000. Obviously the jupiter accounts would have to be falsified too, but I think it is possible to pass in an unfavourable juniper route that would result in the bad rate.
Maybe I'm missing where this is checked? I.e. specifically check that the juniper in and out ccy are equal to the pyth pair.
There was a problem hiding this comment.
In Pyth you need to pass in the price feed account which are based on the pair of prices you want to check, and unfortunately one cannot just pass in the two tokens. So the way I try to make sure this is the correct pyth price feed account here is to first have it specified in the State struct when the program will be initialised. So when the swap function is called, the price feed account that is passed in will be checked against the one specified in the state. Do you think that is sufficient?
There was a problem hiding this comment.
Ah I just found that "Product accounts store metadata about a product, such as its symbol (e.g., "BTC/USD")." on Pyth's page. So I can also check the account product symbol against the in and out pair. I will add this check :)
|
|
||
| #[error_code] | ||
| pub enum ErrorCode { | ||
| #[msg("Swap rate below accepted tolerance")] |
There was a problem hiding this comment.
nitpick: do we allow incorrect rates in the other direction?
gigileungyingchi
force-pushed
the
swap-tolerance-threshold
branch
from
81b5c60 to
f3ff99d
Compare
gigileungyingchi
force-pushed
the
swap-tolerance-threshold
branch
from
f3ff99d to
b676d66
Compare
2 participants
No description provided.