[VPD-109] Fix Certik findings on Position Swapper#7
Merged
web3rover merged 3 commits intofeat/VEN-1193from Sep 9, 2025
Merged
Conversation
chechu
approved these changes
Sep 9, 2025
gleiser-oliveira
pushed a commit
that referenced
this pull request
Dec 19, 2025
## 1.1.0 (2025-12-18) * fixup! feat: SwapHelper & LeverageStrategiesManager audits ([eda400f](eda400f)) * Merge branch 'develop' into feat/swapper ([09e7e79](09e7e79)) * Merge branch 'develop' into feat/VPD-70-deployment ([bf45393](bf45393)) * Merge pull request #10 from VenusProtocol/feat/VEN-1193-hashdit ([89c2e45](89c2e45)), closes [#10](#10) * Merge pull request #12 from VenusProtocol/feat/VPD-70 ([7c50632](7c50632)), closes [#12](#12) * Merge pull request #15 from VenusProtocol/fix/contract-verification ([f6b2bb0](f6b2bb0)), closes [#15](#15) * Merge pull request #2 from VenusProtocol/feat/VEN-1193 ([a31b4a1](a31b4a1)), closes [#2](#2) * Merge pull request #20 from VenusProtocol/feat/swapper-quantstamp ([4d4c935](4d4c935)), closes [#20](#20) * Merge pull request #21 from VenusProtocol/feat/swapper-certik ([53573b5](53573b5)), closes [#21](#21) * Merge pull request #26 from VenusProtocol/feat/VPD-70-hashdit-simplify ([fd9f3f5](fd9f3f5)), closes [#26](#26) * Merge pull request #28 from VenusProtocol/feat/VPD-70-quantstamp ([4c99a03](4c99a03)), closes [#28](#28) * Merge pull request #29 from VenusProtocol/feat/VPD-70-deployment ([6fc7438](6fc7438)), closes [#29](#29) * Merge pull request #33 from VenusProtocol/ci/trusted-publishing-package-update ([73cb736](73cb736)), closes [#33](#33) * Merge pull request #35 from VenusProtocol/cd-setup-node-step-fix ([2f3ef86](2f3ef86)), closes [#35](#35) * Merge pull request #36 from VenusProtocol/fix/patch-dep ([c8ceb2f](c8ceb2f)), closes [#36](#36) * Merge pull request #37 from VenusProtocol/feat/slim-package ([5966768](5966768)), closes [#37](#37) * Merge pull request #38 from VenusProtocol/develop ([e9e345a](e9e345a)), closes [#38](#38) * Merge pull request #4 from VenusProtocol/fix/certik-audit ([b8e00cf](b8e00cf)), closes [#4](#4) * Merge pull request #5 from VenusProtocol/feat/swapper ([2546af2](2546af2)), closes [#5](#5) * Merge pull request #7 from VenusProtocol/fix/certik-reaudit ([39a501a](39a501a)), closes [#7](#7) * Merge pull request #9 from VenusProtocol/feat/VEN-1193-quantstamp-audit ([e052258](e052258)), closes [#9](#9) * revert yarn.lock ([2bef9ca](2bef9ca)) * chore: downgrade zksolc version to 1.5.0 ([8dda1c6](8dda1c6)) * chore: update package and fix imports ([f52360e](f52360e)) * chore(release): 1.0.1-dev.1 [skip ci] ([7d92734](7d92734)) * chore(release): 1.1.0-dev.1 [skip ci] ([332a647](332a647)) * chore(release): 1.1.0-dev.2 [skip ci] ([3bbb9f4](3bbb9f4)) * chore(release): 1.1.0-dev.3 [skip ci] ([80b7e23](80b7e23)) * chore(release): 1.1.0-dev.4 [skip ci] ([1c84f99](1c84f99)) * chore(release): 1.1.0-dev.5 [skip ci] ([30087d8](30087d8)) * fix: [I01] Missing Validation When Collateral and Borrow Markets Are Identical ([f7e5293](f7e5293)) * fix: [I02] Missing zero address check in sweep Function ([e15a7b2](e15a7b2)) * fix: [I02] Missing zero address check in sweep Function ([c05662f](c05662f)) * fix: [I02] Missing zero address check in sweep Function (continued) ([2d42c5b](2d42c5b)) * fix: [I02] Missing zero address check in sweep Function (continued) ([8e02d90](8e02d90)) * fix: [I03] Missing comments ([0f2dd43](0f2dd43)) * fix: [I03] Missing comments ([c8114a0](c8114a0)) * fix: [L01] Incorrect order can cause leverage action reverts ([cb0fa7e](cb0fa7e)) * fix: [L02] Special Cases May Prevent Users from Exiting Leverage ([c4f2cd6](c4f2cd6)) * fix: [S2] Critical Role Transfer Not Following Two-Step Pattern ([6455bd3](6455bd3)) * fix: [VEN-02] Collateral Exit Flashloan Repayment Does Not Consider Excess Borrow ([ecf7bdc](ecf7bdc)) * fix: [VLL-03] Account Saftey Check May Not Account For Unaccrued Interest ([d6e1e95](d6e1e95)) * fix: [VLL-05] Revert Does Not Include Error Code ([32512b2](32512b2)) * fix: [VLL-08] Exiting Leverage May Not Account For Potential Treasury Percentage ([87b6dec](87b6dec)) * fix: [VLL-10] Contract Is Not Compatible With vBNB ([46069b9](46069b9)) * fix: [VLL-11] Potential Reentrancy Risks ([e7b0d0f](e7b0d0f)) * fix: [VLL-12] Typos And Inconsistencies ([0b618ee](0b618ee)) * fix: [VLL-13] Excess Tokens Protecting Against Price Volatility Will Be Lost ([d5dc0ac](d5dc0ac)) * fix: [VLS-02] Missing Caller Address In Multicall Signature Allows Front- ([6b7be31](6b7be31)) * fix: [VLS-03] Inconsistent Signature Requirement In multicall() Function ([cf713b5](cf713b5)) * fix: adapt to changes in swap contract. review fixes ([b6ea5a4](b6ea5a4)) * fix: add LeverageStrategiesManager to bscmainnet_addresses.json ([5474799](5474799)) * fix: added missing netspec and forceApprove ([11b59a1](11b59a1)) * fix: added unit tests for debt swap ([75821c6](75821c6)) * fix: after initial review changes ([1a26e1e](1a26e1e)) * fix: after review changes ([6479a78](6479a78)) * fix: after review changes ([15dfdef](15dfdef)) * fix: after review fixes ([5f21560](5f21560)) * fix: after review fixes ([47d5113](47d5113)) * fix: after review fixes ([fdedf52](fdedf52)) * fix: expanded tests ([dee3f89](dee3f89)) * fix: fixed compiler error ([c83bb05](c83bb05)) * fix: fixed contract verification ([c6a1790](c6a1790)) * fix: fixed contract verification ([9f0293e](9f0293e)) * fix: fixed event name ([0c5d144](0c5d144)) * fix: fixed fork tests ([b15c2d7](b15c2d7)) * fix: fixed imports ([528402e](528402e)) * fix: fixed lint ([0943f62](0943f62)) * fix: fixed ut ([35e8411](35e8411)) * fix: fixed yarn lock ([1593207](1593207)) * fix: fixed yarn lock ([9e149df](9e149df)) * fix: format LeverageStrategiesManager contract ([6e3ea79](6e3ea79)) * fix: format SwapHelper ([bf721e9](bf721e9)) * fix: formatting ([d1e7ba9](d1e7ba9)) * fix: handle over-repayment when exiting leverage ([cb521c8](cb521c8)) * fix: implement fork tests for debt swap ([35ebe30](35ebe30)) * fix: m02 ([cff664c](cff664c)) * fix: merge conflict in deployment file ([69924a9](69924a9)) * fix: move patch-package to dependencies ([0fd9d1e](0fd9d1e)) * fix: natspec comment ([25afb5a](25afb5a)) * fix: remove duplicate check ([95a87c0](95a87c0)) * fix: remove wrap from natspec ([60261ec](60261ec)) * fix: remove zksync build step ([04ffe7c](04ffe7c)) * fix: renamed CollateralSwapper to PositionSwapper ([4555faa](4555faa)) * fix: renamed file ([ea4c952](ea4c952)) * fix: s1 ([fbccb32](fbccb32)) * fix: s3 ([7ab4537](7ab4537)) * fix: slim pkg release ([09bfcc9](09bfcc9)) * fix: update natspecs ([2160be9](2160be9)) * fix: update tests to work with new multicall signature format ([8bd034e](8bd034e)) * fix: update yarn.lock ([98a464b](98a464b)) * fix: upgrade vtoken ([055a55f](055a55f)) * fix: use facets with whitelisted feature ([2ba681f](2ba681f)) * fix: use forceApprove ([2853954](2853954)) * fix: use public npm package ([c6b5956](c6b5956)) * fix: vaildate and enterMarketBehalf only for collateral market ([d06cba4](d06cba4)) * fix: vlp-02 ([3852699](3852699)) * fix: vlp-02 ([f3088b2](f3088b2)) * fix: vlp-04 ([540a95e](540a95e)) * fix: vps-01 ([7d8a6ad](7d8a6ad)) * fix: vps-01 ([aeeb8cf](aeeb8cf)) * fix: vps-02 ([2625454](2625454)) * fix: vps-02 ([9063796](9063796)) * fix: vps-03 ([65cb255](65cb255)) * fix: vps-03 ([b209b9f](b209b9f)) * fix: vps-03 ([8e1c7f9](8e1c7f9)) * fix: vps-04 ([f249d4e](f249d4e)) * fix: vps-05 and vps-16 ([454b93e](454b93e)) * fix: vps-06 ([6f52088](6f52088)) * fix: vps-07 ([991d561](991d561)) * fix: vps-13 ([e4f3997](e4f3997)) * fix: vps-14 ([bc86a53](bc86a53)) * fix: vps-15 ([11c448d](11c448d)) * cd: publish slim package ([83990d3](83990d3)) * feat: add backend signature verification to the swapper ([09d4144](09d4144)) * feat: add Collateral swapper functionality ([9b4a131](9b4a131)) * feat: Add default operation type to detect incorrect executeOperation calls ([ec9e19d](ec9e19d)) * feat: add enter leveraged position with borrowed asset ([a88524c](a88524c)) * feat: add flow to enter a leverage position only with collateral ([7aec72c](7aec72c)) * feat: add flow to exit a leverage position only with collateral ([e40dac3](e40dac3)) * feat: add generic swapper contract ([cfa9d4e](cfa9d4e)) * feat: add slim package scripts ([c10a2ef](c10a2ef)) * feat: added debt swap feature ([429a814](429a814)) * feat: always require signed multicall ([ef2c1a2](ef2c1a2)) * feat: deploy on bsc and bsctestnet ([59a2290](59a2290)) * feat: deploy scripts ([854b783](854b783)) * feat: deployment of SwapHelper and LeverageStrategiesManager ([59be7c4](59be7c4)) * feat: exitLeveragedPosition ([74ab101](74ab101)) * feat: fork tests for enterLeveragedPositionWithCollateral and enterLeveragedPositionWithBorrowed ([1ade9e9](1ade9e9)) * feat: gas optimisation to avoid unecessary TLOADs ([c303753](c303753)) * feat: improve readability of LeverageStrategiesManager contract and fix issues ([eb0f85c](eb0f85c)) * feat: improved unit tests ([21166c1](21166c1)) * feat: improvements after disscussion ([a7fe346](a7fe346)) * feat: initial implementation of LeverageStrategiesManager ([3a7674b](3a7674b)) * feat: natspecs ([f507a9f](f507a9f)) * feat: redeploy contracts ([6f7e972](6f7e972)) * feat: remove wrap function and payable from multicall and genericCall ([767e600](767e600)) * feat: small improvements to keep consitent with other contracts ([32b7f2e](32b7f2e)) * feat: some review fixes + test cleanup ([63430e6](63430e6)) * feat: SwapHelper & LeverageStrategiesManager audits ([9247d4a](9247d4a)) * feat: unit tests scaffold ([898d8b1](898d8b1)) * feat: updating deployment files ([88d9abf](88d9abf)) * feat: updating deployment files ([c1f522e](c1f522e)) * feat: utility to swap wbnb to bnb ([4884ea3](4884ea3)) * ci: fix setup-node step ([fd30f2f](fd30f2f)) * ci: fix the release flow through Trusted Publishing ([6d6f337](6d6f337)) * ci: update @semantic-release dependecies to support trusted publishing ([c374416](c374416)) * deploy: deploy LeverageStrategiesManager to bscmainnet ([6a4ba3e](6a4ba3e)) * test: improve tests coverage ([af8c2aa](af8c2aa))
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Resolves #
Checklist