fix: [audit] ZNS-4: Address price drop going lower than minPrice be…

…fore `maxLength` (#62)
zer0-os · Oct 30, 2023 · 14749fe · 14749fe
2 parents 46f632e + aadc380
commit 14749fe
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 5 deletions.
diff --git a/contracts/price/ZNSCurvePricer.sol b/contracts/price/ZNSCurvePricer.sol
@@ -291,8 +291,7 @@ contract ZNSCurvePricer is AAccessControlled, ARegistryWired, UUPSUpgradeable, I
         if (length <= config.baseLength) return config.maxPrice;
         if (length > config.maxLength) return config.minPrice;
 
-        return
-        (config.baseLength * config.maxPrice / length)
+        return (config.baseLength * config.maxPrice / length)
         / config.precisionMultiplier * config.precisionMultiplier;
     }
 
@@ -304,7 +303,7 @@ contract ZNSCurvePricer is AAccessControlled, ARegistryWired, UUPSUpgradeable, I
      * which can occur if some of the config values are not properly chosen and set.
      */
     function _validateConfig(bytes32 domainHash) internal view {
-        uint256 prevToMinPrice = _getPrice(domainHash, priceConfigs[domainHash].maxLength - 1);
+        uint256 prevToMinPrice = _getPrice(domainHash, priceConfigs[domainHash].maxLength);
         require(
             priceConfigs[domainHash].minPrice <= prevToMinPrice,
             "ZNSCurvePricer: incorrect value set causes the price spike at maxLength."

diff --git a/hardhat.config.ts b/hardhat.config.ts
@@ -71,7 +71,7 @@ const config : HardhatUserConfig = {
     timeout: 5000000,
   },
   gasReporter: {
-    enabled: true
+    enabled: false
   },
   networks: {
     mainnet: {

diff --git a/test/ZNSCurvePricer.test.ts b/test/ZNSCurvePricer.test.ts
@@ -307,6 +307,22 @@ describe("ZNSCurvePricer", () => {
       ).to.be.revertedWith(CURVE_PRICE_CONFIG_ERR);
     });
 
+    it("Cannot go below the set minPrice", async () => {
+      // Using config numbers from audit
+      const newConfig = {
+        baseLength: BigNumber.from("5"),
+        maxLength: BigNumber.from("10"),
+        maxPrice: parseEther("10"),
+        minPrice: parseEther("5.5"),
+        precisionMultiplier: precisionMultiDefault,
+        feePercentage: registrationFeePercDefault,
+      };
+
+      await expect(
+        zns.curvePricer.connect(user).setPriceConfig(domainHash, newConfig)
+      ).to.be.revertedWith(CURVE_PRICE_CONFIG_ERR);
+    });
+
     it("Should revert if called by anyone other than owner or operator", async () => {
       const newConfig = {
         baseLength: BigNumber.from("6"),

diff --git a/test/ZNSSubRegistrar.test.ts b/test/ZNSSubRegistrar.test.ts
@@ -1375,7 +1375,7 @@ describe("ZNSSubRegistrar", () => {
 
     it("CurvePricer - StakePayment - stake fee - 13 decimals", async () => {
       const priceConfig = {
-        maxPrice: parseUnits("25000.93", decimalValues.thirteen),
+        maxPrice: parseUnits("30000.93", decimalValues.thirteen),
         minPrice: parseUnits("2000.11", decimalValues.thirteen),
         maxLength: BigNumber.from(50),
         baseLength: BigNumber.from(4),