Merge branch 'master' into doc-improvements

Signed-off-by: Haythem Sellami <[email protected]>

Author: haythemsellami

SECURITY.md

@@ -1,8 +1,25 @@
-# Security policy
+# Euler Security Policy
 
-## Reporting a vulnerability
+## Vulnerability Disclosure and Bug Bounty
 
-If you discover a security vulnerability, please report it responsibly. Do not publicly disclose the issue until your report has been addressed. Resources for reporting:
+Security is a top priority at Euler, and we engage in regular security reviews and have an active bug bounty program to ensure the integrity of our systems.  
 
-- **Email:** [email protected]
-- **Further reading:** https://docs.euler.finance/security/overview
+To report a vulnerability, **please submit it through our bug bounty program**:  
+[Euler Bug Bounty](https://euler.finance/bug-bounty)  
+
+**Reports sent via email will not be accepted.** Email should only be used for general security inquiries.
+
+## Security Team Contact Details
+
+For security-related questions or inquiries (not vulnerability reports), you can contact us via:  
+- **Email**: [[email protected]](mailto:[email protected])  
+- **PGP Encryption**: [Euler Public Key](https://euler.finance/.well-known/public-key.asc)  
+
+## Previous Security Reviews
+
+Euler undergoes regular security audits. You can find details of previous security reviews here:  
+[Euler Security Reviews](https://docs.euler.finance/security/security-reviews)  
+
+## Preferred Languages
+
+We accept security-related inquiries in **English (en)**

TODO

@@ -1,24 +1,18 @@
-! Don't make quotes that would cause a swap to fail if supply/borrow caps exceeded
-* Better revert messages when a swap fails due to maglev debt-limit/vault utilisation/etc
-  * currently it's an arithmetic underflow
+* Better revert messages when a swap fails due to debt-limit/vault utilisation/etc
+  * currently they are errors thrown by the vaults or arithmetic underflows
 
 
 TESTING
 
 * when exchange rate in vaults != 1
-* uniswap callback, flash swaps
-* hitting reserve/utilisation limits
-* AssetsOutOfOrderOrEqual
 
 
 MISC
 
 ? A really small swap could fail because deposit() results in 0 shares, which causes EVK to revert. Call convertToShares() first? Seems like overkill...
-? permit2 instead of regular approval: measure gas savings
 * Improve the efficiency of on-chain quoting
   * Probably necessary for supporting non-zero slippage swaps
-  * Use unchecked math in verify() (needs careful boundary analysis)
-  * Closed-form quoting solutions
+  * Use fInverse() Closed-form quoting solutions
   * "Range hints" for the binary search
 
 
@@ -34,7 +28,3 @@ IDEAS
 * Could current reserves be calculated dynamically based on balances/debts/debt limits?
   * I guess you would lose a chunk of interest to arbitrage
   * Donation attacks?
-* What can we do to make this easily integrated with aggregators/MEV bots/etc?
-  * How to handle a discovery/tracking of the different Maglev instances?
-    ? Factory? Registry? Maybe a fake factory that reads the actually installed operators from a set of addresses?
-    ? Transparent proxy so a Maglev address can stay constant

docs/interfaces.md

@@ -46,13 +46,13 @@ The `IEulerSwap` interface defines the core functionality for executing token sw
 
 - **description**: Returns the address of the account managing EulerSwap.
 
-#### `initialReserve0() external view returns (uint112);`
+#### `equilibriumReserve0() external view returns (uint112);`
 
-- **description**: Returns the initial reserve amount of asset 0.
+- **description**: Returns the equilibrium reserve amount of asset 0.
 
-#### `initialReserve1() external view returns (uint112);`
+#### `equilibriumReserve1() external view returns (uint112);`
 
-- **description**: Returns the initial reserve amount of asset 1.
+- **description**: Returns the equilibrium reserve amount of asset 1.
 
 #### `feeMultiplier() external view returns (uint256);`
 
@@ -66,11 +66,11 @@ The `IEulerSwap` interface defines the core functionality for executing token sw
 
 #### `priceX() external view returns (uint256);`
 
-- **description**: Returns the price of asset X in terms of asset Y.
+- **description**: Returns the marginal price of asset X in terms of asset Y at the equilibrium point.
 
 #### `priceY() external view returns (uint256);`
 
-- **description**: Returns the price of asset Y in terms of asset X.
+- **description**: Returns the marginal price of asset Y in terms of asset X at the equilibrium point.
 
 #### `concentrationX() external view returns (uint256);`
 

src/EulerSwap.sol

@@ -21,10 +21,8 @@ contract EulerSwap is IEulerSwap, EVCUtil {
     address public immutable asset0;
     address public immutable asset1;
     address public immutable eulerAccount;
-    uint112 public immutable debtLimit0;
-    uint112 public immutable debtLimit1;
-    uint112 public immutable initialReserve0;
-    uint112 public immutable initialReserve1;
+    uint112 public immutable equilibriumReserve0;
+    uint112 public immutable equilibriumReserve1;
     uint256 public immutable feeMultiplier;
 
     uint256 public immutable priceX;
@@ -68,7 +66,6 @@ contract EulerSwap is IEulerSwap, EVCUtil {
         // EulerSwap params
 
         require(params.fee < 1e18, BadParam());
-        require(params.debtLimit0 <= type(uint112).max && params.debtLimit1 <= type(uint112).max, BadParam());
         require(curveParams.priceX > 0 && curveParams.priceY > 0, BadParam());
         require(curveParams.priceX <= 1e36 && curveParams.priceY <= 1e36, BadParam());
         require(curveParams.concentrationX <= 1e18 && curveParams.concentrationY <= 1e18, BadParam());
@@ -83,10 +80,10 @@ contract EulerSwap is IEulerSwap, EVCUtil {
         asset0 = asset0Addr;
         asset1 = asset1Addr;
         eulerAccount = params.eulerAccount;
-        debtLimit0 = params.debtLimit0;
-        debtLimit1 = params.debtLimit1;
-        initialReserve0 = reserve0 = offsetReserve(params.debtLimit0, params.vault0);
-        initialReserve1 = reserve1 = offsetReserve(params.debtLimit1, params.vault1);
+        equilibriumReserve0 = params.equilibriumReserve0;
+        equilibriumReserve1 = params.equilibriumReserve1;
+        reserve0 = params.currReserve0;
+        reserve1 = params.currReserve1;
         feeMultiplier = 1e18 - params.fee;
 
         // Curve params
@@ -96,6 +93,12 @@ contract EulerSwap is IEulerSwap, EVCUtil {
         concentrationX = curveParams.concentrationX;
         concentrationY = curveParams.concentrationY;
 
+        // Validate reserves
+
+        require(verify(equilibriumReserve0, equilibriumReserve1), CurveViolation());
+        require(verify(reserve0, reserve1), CurveViolation());
+        require(!verify(reserve0 > 0 ? reserve0 - 1 : 0, reserve1 > 0 ? reserve1 - 1 : 0), CurveViolation());
+
         emit EulerSwapCreated(asset0Addr, asset1Addr);
     }
 
@@ -128,7 +131,6 @@ contract EulerSwap is IEulerSwap, EVCUtil {
             uint256 newReserve0 = reserve0 + amount0In - amount0Out;
             uint256 newReserve1 = reserve1 + amount1In - amount1Out;
 
-            require(newReserve0 <= type(uint112).max && newReserve1 <= type(uint112).max, Overflow());
             require(verify(newReserve0, newReserve1), CurveViolation());
 
             reserve0 = uint112(newReserve0);
@@ -184,12 +186,16 @@ contract EulerSwap is IEulerSwap, EVCUtil {
 
     /// @inheritdoc IEulerSwap
     function verify(uint256 newReserve0, uint256 newReserve1) public view returns (bool) {
-        if (newReserve0 >= initialReserve0) {
-            if (newReserve1 >= initialReserve1) return true;
-            return newReserve0 >= f(newReserve1, priceY, priceX, initialReserve1, initialReserve0, concentrationY);
+        if (newReserve0 > type(uint112).max || newReserve1 > type(uint112).max) return false;
+
+        if (newReserve0 >= equilibriumReserve0) {
+            if (newReserve1 >= equilibriumReserve1) return true;
+            return
+                newReserve0 >= f(newReserve1, priceY, priceX, equilibriumReserve1, equilibriumReserve0, concentrationY);
         } else {
-            if (newReserve1 < initialReserve1) return false;
-            return newReserve1 >= f(newReserve0, priceX, priceY, initialReserve0, initialReserve1, concentrationX);
+            if (newReserve1 < equilibriumReserve1) return false;
+            return
+                newReserve1 >= f(newReserve0, priceX, priceY, equilibriumReserve0, equilibriumReserve1, concentrationX);
         }
     }
 
@@ -237,20 +243,6 @@ contract EulerSwap is IEulerSwap, EVCUtil {
         return shares == 0 ? 0 : IEVault(vault).convertToAssets(shares);
     }
 
-    function offsetReserve(uint112 reserve, address vault) internal view returns (uint112) {
-        uint256 offset;
-        uint256 debt = myDebt(vault);
-
-        if (debt != 0) {
-            offset = reserve > debt ? reserve - debt : 0;
-        } else {
-            offset = reserve + myBalance(vault);
-        }
-
-        require(offset <= type(uint112).max, Overflow());
-        return uint112(offset);
-    }
-
     /// @dev EulerSwap curve definition
     /// Pre-conditions: x <= x0, 1 <= {px,py} <= 1e36, {x0,y0} <= type(uint112).max, c <= 1e18
     function f(uint256 x, uint256 px, uint256 py, uint256 x0, uint256 y0, uint256 c) internal pure returns (uint256) {

src/EulerSwapPeriphery.sol

@@ -214,29 +214,31 @@ contract EulerSwapPeriphery is IEulerSwapPeriphery {
         pure
         returns (uint256)
     {
-        // A component of the quadratic formula
-        uint256 A = 2 * c;
+        unchecked {
+            // A component of the quadratic formula: a = 2 * c
+            uint256 A = 2 * c;
 
-        // B component of the quadratic formula
-        int256 B = int256((px * (y - y0) + py - 1) / py) - int256((x0 * (2 * c - 1e18) + 1e18 - 1) / 1e18);
+            // B component of the quadratic formula
+            int256 B = int256((px * (y - y0) + py - 1) / py) - int256((x0 * (2 * c - 1e18) + 1e18 - 1) / 1e18);
 
-        // B^2 component, using FullMath for overflow safety
-        uint256 absB = B < 0 ? uint256(-B) : uint256(B);
-        uint256 squaredB = Math.mulDiv(absB, absB, 1e18, Math.Rounding.Ceil);
+            // B^2 component, using FullMath for overflow safety
+            uint256 absB = B < 0 ? uint256(-B) : uint256(B);
+            uint256 squaredB = Math.mulDiv(absB, absB, 1e18, Math.Rounding.Ceil);
 
-        // 4 * A * C component of the quadratic formula
-        uint256 AC4a = Math.mulDiv(4 * c, (1e18 - c), 1e18, Math.Rounding.Ceil);
-        uint256 AC4b = Math.mulDiv(x0, x0, 1e18, Math.Rounding.Ceil);
-        uint256 AC4 = Math.mulDiv(AC4a, AC4b, 1e18, Math.Rounding.Ceil);
+            // 4 * A * C component of the quadratic formula
+            uint256 AC4a = Math.mulDiv(4 * c, (1e18 - c), 1e18, Math.Rounding.Ceil);
+            uint256 AC4b = Math.mulDiv(x0, x0, 1e18, Math.Rounding.Ceil);
+            uint256 AC4 = Math.mulDiv(AC4a, AC4b, 1e18, Math.Rounding.Ceil);
 
-        // Discriminant: b^2 + 4ac, scaled up to maintain precision
-        uint256 discriminant = (squaredB + AC4) * 1e18;
+            // Discriminant: b^2 + 4ac, scaled up to maintain precision
+            uint256 discriminant = (squaredB + AC4) * 1e18;
 
-        // Square root of the discriminant (rounded up)
-        uint256 sqrt = Math.sqrt(discriminant);
-        sqrt = (sqrt * sqrt < discriminant) ? sqrt + 1 : sqrt;
+            // Square root of the discriminant (rounded up)
+            uint256 sqrt = Math.sqrt(discriminant);
+            sqrt = (sqrt * sqrt < discriminant) ? sqrt + 1 : sqrt;
 
-        // Compute and return x = fInverse(y) using the quadratic formula
-        return Math.mulDiv(uint256(int256(sqrt) - B), 1e18, A, Math.Rounding.Ceil);
+            // Compute and return x = fInverse(y) using the quadratic formula
+            return Math.mulDiv(uint256(int256(sqrt) - B), 1e18, A, Math.Rounding.Ceil);
+        }
     }
 }

src/interfaces/IEulerSwap.sol

@@ -6,8 +6,10 @@ interface IEulerSwap {
         address vault0;
         address vault1;
         address eulerAccount;
-        uint112 debtLimit0;
-        uint112 debtLimit1;
+        uint112 equilibriumReserve0;
+        uint112 equilibriumReserve1;
+        uint112 currReserve0;
+        uint112 currReserve1;
         uint256 fee;
     }
 
@@ -46,8 +48,8 @@ interface IEulerSwap {
     function asset0() external view returns (address);
     function asset1() external view returns (address);
     function eulerAccount() external view returns (address);
-    function initialReserve0() external view returns (uint112);
-    function initialReserve1() external view returns (uint112);
+    function equilibriumReserve0() external view returns (uint112);
+    function equilibriumReserve1() external view returns (uint112);
     function feeMultiplier() external view returns (uint256);
     function getReserves() external view returns (uint112 reserve0, uint112 reserve1, uint32 status);
 

test/AltDecimals.t.sol

@@ -11,7 +11,7 @@ contract AltDecimals is EulerSwapTestBase {
     }
 
     function test_alt_decimals_6_18_in() public {
-        eulerSwap = createEulerSwap(50e6, 50e18, 0, 1e18, 1e6, 0.9e18, 0.9e18);
+        eulerSwap = createEulerSwap(50e6, 60e18, 0, 1e18, 1e6, 0.9e18, 0.9e18);
         skimAll(eulerSwap, true);
 
         uint256 amount = 1e6;
@@ -31,7 +31,7 @@ contract AltDecimals is EulerSwapTestBase {
     }
 
     function test_alt_decimals_6_18_out() public {
-        eulerSwap = createEulerSwap(50e6, 50e18, 0, 1e18, 1e6, 0.9e18, 0.9e18);
+        eulerSwap = createEulerSwap(50e6, 60e18, 0, 1e18, 1e6, 0.9e18, 0.9e18);
         skimAll(eulerSwap, true);
 
         uint256 amount = 1e18;
@@ -51,7 +51,7 @@ contract AltDecimals is EulerSwapTestBase {
     }
 
     function test_alt_decimals_18_6_in() public {
-        eulerSwap = createEulerSwap(50e18, 50e6, 0, 1e6, 1e18, 0.9e18, 0.9e18);
+        eulerSwap = createEulerSwap(60e18, 50e6, 0, 1e6, 1e18, 0.9e18, 0.9e18);
         skimAll(eulerSwap, true);
 
         uint256 amount = 1e18;
@@ -71,7 +71,7 @@ contract AltDecimals is EulerSwapTestBase {
     }
 
     function test_alt_decimals_18_6_out() public {
-        eulerSwap = createEulerSwap(50e18, 50e6, 0, 1e6, 1e18, 0.9e18, 0.9e18);
+        eulerSwap = createEulerSwap(60e18, 50e6, 0, 1e6, 1e18, 0.9e18, 0.9e18);
         skimAll(eulerSwap, false);
 
         uint256 amount = 1e6;

test/DepositFailures.t.sol

@@ -13,7 +13,7 @@ contract DepositFailuresTest is EulerSwapTestBase {
     function setUp() public virtual override {
         super.setUp();
 
-        eulerSwap = createEulerSwap(50e18, 50e18, 0, 1e18, 1e18, 0.4e18, 0.85e18);
+        eulerSwap = createEulerSwap(60e18, 60e18, 0, 1e18, 1e18, 0.4e18, 0.85e18);
     }
 
     function test_griefing() public monotonicHolderNAV {

test/EulerSwapFactoryTest.t.sol

@@ -20,7 +20,8 @@ contract EulerSwapFactoryTest is EulerSwapTestBase {
         uint256 allPoolsLengthBefore = eulerSwapFactory.allPoolsLength();
 
         bytes32 salt = bytes32(uint256(1234));
-        IEulerSwap.Params memory poolParams = IEulerSwap.Params(address(eTST), address(eTST2), holder, 1e18, 1e18, 0);
+        IEulerSwap.Params memory poolParams =
+            IEulerSwap.Params(address(eTST), address(eTST2), holder, 1e18, 1e18, 1e18, 1e18, 0);
         IEulerSwap.CurveParams memory curveParams = IEulerSwap.CurveParams(0.4e18, 0.85e18, 1e18, 1e18);
 
         address predictedAddress = predictPoolAddress(address(eulerSwapFactory), poolParams, curveParams, salt);
@@ -73,7 +74,8 @@ contract EulerSwapFactoryTest is EulerSwapTestBase {
 
     function testDeployWithAssetsOutOfOrderOrEqual() public {
         bytes32 salt = bytes32(uint256(1234));
-        IEulerSwap.Params memory poolParams = IEulerSwap.Params(address(eTST), address(eTST), holder, 1e18, 1e18, 0);
+        IEulerSwap.Params memory poolParams =
+            IEulerSwap.Params(address(eTST), address(eTST), holder, 1e18, 1e18, 1e18, 1e18, 0);
         IEulerSwap.CurveParams memory curveParams = IEulerSwap.CurveParams(0.4e18, 0.85e18, 1e18, 1e18);
 
         vm.prank(holder);
@@ -83,7 +85,8 @@ contract EulerSwapFactoryTest is EulerSwapTestBase {
 
     function testDeployWithBadFee() public {
         bytes32 salt = bytes32(uint256(1234));
-        IEulerSwap.Params memory poolParams = IEulerSwap.Params(address(eTST), address(eTST2), holder, 1e18, 1e18, 1e18);
+        IEulerSwap.Params memory poolParams =
+            IEulerSwap.Params(address(eTST), address(eTST2), holder, 1e18, 1e18, 1e18, 1e18, 1e18);
         IEulerSwap.CurveParams memory curveParams = IEulerSwap.CurveParams(0.4e18, 0.85e18, 1e18, 1e18);
 
         vm.prank(holder);

test/EulerSwapPeriphery.t.sol

@@ -11,7 +11,7 @@ contract EulerSwapPeripheryTest is EulerSwapTestBase {
     function setUp() public virtual override {
         super.setUp();
 
-        eulerSwap = createEulerSwap(50e18, 50e18, 0, 1e18, 1e18, 0.4e18, 0.85e18);
+        eulerSwap = createEulerSwap(60e18, 60e18, 0, 1e18, 1e18, 0.4e18, 0.85e18);
 
         IEulerSwap.Params memory params = getEulerSwapParams(50e18, 50e18, 0.4e18);
         IEulerSwap.CurveParams memory curveParams =