Conversation
Prices vault tokens by calling `asset()` to find the underlying token, `convertToAssets(1e18)` to get the conversion rate, then delegating to an inner estimator for the underlying token's native price. Configurable as `Eip4626|<inner>`, e.g. `Eip4626|CoinGecko`. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds a native price estimator for EIP-4626 vault tokens. However, a potential Denial of Service (DoS) vulnerability was identified in the estimator factory. The use of the unreachable! macro when handling nested EIP-4626 estimators can lead to an application panic if a deeply nested configuration is provided from external strings, which could be exploited. A suggestion has been provided to replace the panic with a proper error return. Additionally, a critical logic error was found in the price calculation when vault tokens and underlying assets have different decimal counts, leading to incorrect pricing. The implementation's robustness could be enhanced by parallelizing contract calls and respecting timeouts, and a non-functional unit test was identified, which provides a false sense of coverage.
The generated artifacts are useful to avoid paying the compilation time and so we can Cmd+Click into their implementation |
|
This pull request has been marked as stale because it has been inactive a while. Please update this pull request or it will be automatically closed. |
What exactly is "their implementation"? The definition right there is technically the definition of the interface... inline. The implnementation of an |
- Change `Eip4626(Box<NativePriceEstimator>)` to `Eip4626` unit variant, eliminating recursive type that caused serde to hit the monomorphization recursion limit with `#[serde(tag = "type")]`. - Eip4626 now wraps the next estimator in the config stage list at construction time instead of nesting inside the enum. - Move Eip4626 handling into `create_native_estimator` by passing the stage iterator, removing the special-case in the caller. - Add deserialization validation rejecting Eip4626 as last in a stage. - Use vendored IERC4626 contract binding and query vault decimals for accurate conversion rate. - Fund sDAI whale with ETH in e2e test to fix gas error. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
This pull request has been marked as stale because it has been inactive a while. Please update this pull request or it will be automatically closed. |
|
@kaze-cow did you already verify that the token quote coverage will be an issue for those EIP 4626 tokens or is this currently an assumption that this will be needed? The change seems reasonable overall but would still be good to understand what prio this should get. |
Just to give an idea right now on staging we need to add a manual override for the token in order for it to be supported, despite having 3 solvers quoting/solving euler orders. So while I am not well aware of the details, this type of change does appear to be needed, and in any case, is likely to come in handy in improving our native token pricing coverage. |
Introduces a new native price estimator that prices EIP-4626 vault tokens by querying the vault's underlying asset and conversion rate, then delegating to an inner estimator for the underlying token's price. Includes IERC4626 contract bindings and resolves merge conflicts with the contracts crate refactor. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove duplicate type definitions from price-estimation/src/lib.rs that conflicted with the canonical definitions in the configs crate. Add the Eip4626 validation (must not be last in a stage) to the configs crate deserializer. Fix e2e test imports to use configs crate paths and correct start_protocol_with_args signature. Change recursive vault test to query native price directly instead of submitting a quote, since the freshly deployed mock wrapper has no DEX liquidity. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e-price # Conflicts: # crates/configs/src/native_price_estimators.rs # crates/e2e/tests/e2e/eip4626.rs
- Add negative cache (Mutex<HashSet>) for non-vault tokens to avoid
wasted RPC calls on every estimation cycle
- Enforce timeout on vault RPC calls via tokio::time::timeout so a stuck
node cannot block the pipeline indefinitely
- Forward remaining time budget to the inner estimator for correct
deadline propagation through recursive chains
- Change Eip4626 config from unit variant to Eip4626 { depth: NonZeroU8 }
so recursive depth is declared once instead of repeating the variant
- Extract conversion_rate() for readability
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ding - Add `MintableToken::at` constructor to wrap ABI-compatible contracts (e.g. MockERC4626Wrapper) as MintableToken for use with `seed_uni_v2_pool` - Split native price estimator config into two stages with results_required=1 so the EIP-4626 chain has priority over the standalone driver fallback - Seed Uniswap V2 pools for recursive wrapper tokens so the solver can find routes, enabling full quote submission - Verify native price ratios between wrappers match their vault conversion rates Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
kaze-cow
left a comment
kaze-cow
left a comment
There was a problem hiding this comment.
looking good, thanks for taking this on!
There was a problem hiding this comment.
Code Review
This pull request introduces a new native price estimator for EIP-4626 vault tokens, enabling the protocol to price vaults by querying their underlying assets and conversion rates. The implementation includes auto-generated contract bindings, a mock wrapper for testing, and comprehensive e2e tests. Feedback identifies high-severity issues in the Eip4626 estimator: the negative cache for non-vault tokens must be size-bounded to prevent memory exhaustion, and it should distinguish between transient network errors and permanent execution reverts to avoid incorrect caching. Furthermore, checked arithmetic is required when calculating token powers to prevent potential overflows.
| let asset_fut = vault.asset(); | ||
| let decimals_fut = vault_erc20.decimals(); | ||
| let (asset_result, decimals_result) = tokio::time::timeout(timeout, async { | ||
| tokio::join!(asset_fut.call(), decimals_fut.call()) |
There was a problem hiding this comment.
This can use a try_join!, right?
There was a problem hiding this comment.
if asset fails but decimals succeeds we have a cacheable token
if decimal fails (asset must fail too) we don't, so we can't as try_join mixes the two
| .context("Eip4626 must be followed by another estimator in the same stage")?; | ||
| let (mut name, mut current) = | ||
| Box::pin(self.create_native_estimator(next, rest, weth)).await?; | ||
| for _ in 0..depth.get() { |
There was a problem hiding this comment.
Originally I completely misunderstood the depth, why it's needed and how it's used.
My current understanding:
- EIP4626 tokens could be wrapped multiple times (4626AdapterToken -> 4626AdapterToken -> UnderlyingAsset)
- the depth is supposed to control how many layers of indirections we can resolve
- it does this by wrapping that number of Eip4626 price estimation wrappers in each other
The current implementation seems strange for 2 reasons:
- what happens if a token has a higher recursion that we support? Ideally we don't have a configurable depth and simply unwrap as much as we have to. If this eats into our time estimation budget too much we need to adjust the caching logic (resolve the final underlying asset + conversion rate once and reuse for subsequent calls).
- why wrap multiple Eip4626 price estimation wrappers in one another if we could have a single one that does all the unrolling internally? That way we don't need a customizable limit, have all the recursion logic in one place, and don't create a bunch of different caches for the same thing.
Refactor the estimate method to iteratively unwrap vault layers, accumulating the conversion rate, instead of handling only a single vault layer. Extract `unwrap_vault_layer` for clarity. Pre-seed WETH in the non-vault token set to avoid unnecessary RPC calls. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
| Ok((asset, vault_decimals)) | ||
| } | ||
|
|
||
| /// Queries `convertToAssets(10^vault_decimals)` and the asset's decimals. |
There was a problem hiding this comment.
This comment requires the reader to have some extra context.
convertToAssets(10^vault_decimals) returns how many underlying asset tokens are equivalent to 1 vault token, right? This could be made clearer in the comment.
| let mut current_token = token; | ||
| let mut cumulative_rate = 1.0; | ||
| while let Some((asset, rate)) = self.unwrap_vault_layer(current_token).await? { | ||
| cumulative_rate *= rate; |
There was a problem hiding this comment.
Are we happy with using floats here instead of BigDecimal? I am assuming yes and it doesn't have to be super precise?
There was a problem hiding this comment.
I must defer to @kaze-cow, I honestly don't know how precise we need to be
4 participants
Description
Adds a native price estimator for EIP-4626 vault tokens (e.g. sDAI, wrapped yield vaults).
Many vault tokens lack direct DEX liquidity, causing native price estimation to fail. This estimator unwraps the vault by querying the on-chain
asset()andconvertToAssets()functions, then delegates pricing of the underlying token to the next estimator in the stage.Changes
Eip4626native price estimator (crates/price-estimation/src/native/eip4626.rs):calls
asset()+decimals()in parallel, thenconvertToAssets(10^decimals)to compute theshares-to-assets conversion rate, and multiplies by the inner estimator's price for the
underlying token.
asset()call reverts are remembered ina
Mutex<HashSet<Address>>so subsequent requests skip the RPC entirely. Cleared on processrestart.
tokio::time::timeout, and whatever time remains is forwarded to the inner estimator. Thiskeeps the total wall-clock time within the caller's original timeout, which matters for
recursive vault chains.
Eip4626config variant accepts adepthparameter(default: 1) controlling how many nested vault layers to unwrap. In the factory,
depthlayersof
Eip4626wrap the next estimator in the stage.NativePriceEstimatorsdeserialization rejects stages whereEip4626isthe last entry (it must be followed by another estimator to price the underlying asset).
IERC4626interface andMockERC4626Wrappertest contract fore2e tests.
crates/price-estimation/src/factory.rs):create_native_estimatornowconsumes the next estimator from the stage iterator when it encounters
Eip4626, wrapping itin
depthlayers of instrumentedEip4626estimators.crates/configs/src/native_price_estimators.rsthat were lost during the extraction from
price-estimationtoconfigs.How to test
cargo nextest run -p price-estimation eip4626andcargo nextest run -p configs native_price_estimatorsNODE_URL):NODE_URL=... cargo nextest run -p price-estimation -- eip4626 --run-ignored ignored-onlyFORK_URL_MAINNET):cargo nextest run -p e2e forked_node_mainnet_eip4626_native_price --test-threads 1 --run-ignored ignored-onlycargo nextest run -p e2e forked_node_mainnet_eip4626_recursive_native_price --test-threads 1 --run-ignored ignored-only