feat: redeem report rate deviation fix

Author: bulbozaur

contracts/0.4.24/Lido.sol

@@ -39,6 +39,7 @@ interface IWithdrawalQueue {
 }
 
 interface IRedeemsReserveVault {
+    function fundReserve() external payable;
     function withdrawToLido(uint256 _amount) external;
 }
 
@@ -195,13 +196,13 @@ contract Lido is Versioned, StETHPermit, AragonApp {
     bytes32 internal constant REDEEMS_RESERVE_VAULT_ETH_POSITION =
         0x1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2;
 
-    /// @dev Storage slot for redeems reserve replenishment share.
+    /// @dev Storage slot for redeems reserve growth share.
     /// Basis points determining how shared allocation (withdrawalsReserve + unreserved) is split
     /// between reserve growth and WQ finalization when surplus is insufficient.
     /// 0 (default) = reserve grows only from surplus. 8000 = 80% to reserve, 20% to WQ.
-    /// keccak256("lido.Lido.redeemsReserveReplenishmentShare")
-    bytes32 internal constant REDEEMS_RESERVE_REPLENISHMENT_SHARE_POSITION =
-        0xf0700d4e4a89999085a7b5d94e2e6697101ac2553a2f01512a848b9140605dfb;
+    /// keccak256("lido.Lido.redeemsReserveGrowthShare")
+    bytes32 internal constant REDEEMS_RESERVE_GROWTH_SHARE_POSITION =
+        0x165efeb2acd150f40e68b22ff2e9492cf5007021f951e4109c407f04e4e36129;
 
     // Staking was paused (don't accept user's ether submits)
     event StakingPaused();
@@ -295,7 +296,7 @@ contract Lido is Versioned, StETHPermit, AragonApp {
     event RedeemsReserveTargetRatioSet(uint256 ratioBP);
 
     // Emitted when redeems reserve replenishment share is set
-    event RedeemsReserveReplenishmentShareSet(uint256 shareBP);
+    event RedeemsReserveGrowthShareSet(uint256 shareBP);
 
     // Emitted when the RedeemsReserveVault address is set
     event RedeemsReserveVaultSet(address vault);
@@ -741,25 +742,25 @@ contract Lido is Versioned, StETHPermit, AragonApp {
     }
 
     /**
-     * @notice Sets the replenishment share for redeems reserve.
+     * @notice Sets the growth share for redeems reserve.
      *         When unreserved surplus is insufficient to fill the reserve, this share (in BP)
      *         determines what fraction of the shared allocation (withdrawalsReserve + unreserved)
      *         goes to reserve growth vs WQ finalization.
      *         0 (default) = reserve grows only from genuine surplus. 10000 = 100% to reserve.
-     * @param _shareBP Replenishment share in basis points [0-10000]
+     * @param _shareBP Growth share in basis points [0-10000]
      */
-    function setRedeemsReserveReplenishmentShare(uint256 _shareBP) external {
+    function setRedeemsReserveGrowthShare(uint256 _shareBP) external {
         _auth(BUFFER_RESERVE_MANAGER_ROLE);
         require(_shareBP <= TOTAL_BASIS_POINTS, "INVALID_SHARE");
-        REDEEMS_RESERVE_REPLENISHMENT_SHARE_POSITION.setStorageUint256(_shareBP);
-        emit RedeemsReserveReplenishmentShareSet(_shareBP);
+        REDEEMS_RESERVE_GROWTH_SHARE_POSITION.setStorageUint256(_shareBP);
+        emit RedeemsReserveGrowthShareSet(_shareBP);
     }
 
     /**
-     * @return the redeems reserve replenishment share in basis points
+     * @return the redeems reserve growth share in basis points
      */
-    function getRedeemsReserveReplenishmentShare() external view returns (uint256) {
-        return REDEEMS_RESERVE_REPLENISHMENT_SHARE_POSITION.getStorageUint256();
+    function getRedeemsReserveGrowthShare() external view returns (uint256) {
+        return REDEEMS_RESERVE_GROWTH_SHARE_POSITION.getStorageUint256();
     }
 
     /**
@@ -825,7 +826,7 @@ contract Lido is Versioned, StETHPermit, AragonApp {
             REDEEMS_RESERVE_VAULT_ETH_POSITION.getStorageUint256().add(_amount)
         );
 
-        vault.transfer(_amount);
+        IRedeemsReserveVault(vault).fundReserve.value(_amount)();
         emit RedeemsReserveVaultFunded(_amount);
     }
 

contracts/0.8.9/Accounting.sol

@@ -17,6 +17,10 @@ import {WithdrawalQueue} from "./WithdrawalQueue.sol";
 
 interface IRedeemsReserveVault {
     function withdrawToLido(uint256 _amount) external;
+    function getRedeemedShares() external view returns (uint256);
+    function getRedeemedEther() external view returns (uint256);
+    function flushSharesToBurner() external;
+    function resetRedeemedEther() external;
 }
 
 interface IStakingRouter {
@@ -145,9 +149,9 @@ contract Accounting {
         Contracts memory contracts = _loadOracleReportContracts();
         if (msg.sender != contracts.accountingOracle) revert NotAuthorized("handleOracleReport", msg.sender);
 
-        // Do NOT reconcile vault before snapshot. The stale tracked vault ETH keeps
-        // preInternalEther overcounted, and the vault delta is passed to smoothenTokenRebase
-        // as an explicit ether decrease — creating headroom for the paired burn.
+        // Vault redemption counters are read on-chain during _simulateOracleReport.
+        // redeemedEther is subtracted from the smoothenTokenRebase base,
+        // and redeemedShares are added outside the rebase limiter.
 
         PreReportState memory pre = _snapshotPreReportState(contracts, false);
         CalculatedValues memory update = _simulateOracleReport(contracts, pre, _report);
@@ -189,41 +193,41 @@ contract Accounting {
         // Principal CL balance is sum of previous balances and new deposits
         update.principalClBalance = _pre.clValidatorsBalance + _pre.clPendingBalance + _pre.depositedBalance;
 
-        // Limit the rebase to avoid oracle frontrunning
-        // by leaving some ether to sit in EL rewards vault or withdrawals vault
-        // and/or leaving some shares unburnt on Burner to be processed on future reports
-        //
-        // NOTE: vaultDelta is merged with etherToFinalizeWQ into a single _etherToDecrease param
-        // due to stack-too-deep in smoothenTokenRebase (0.8.9 without via-IR).
-        // Spec describes them as separate decreaseEther calls; mathematically equivalent.
-        uint256 vaultDelta = _getRedeemsReserveVaultDelta();
+        // Read redemption counters from vault (on-chain, includes all redemptions)
+        (uint256 redeemedShares, uint256 redeemedEther) = _getRedeemedCounters();
+
+        // Limit the rebase to avoid oracle frontrunning.
+        // The base is reduced by redeemedEther so the limiter sees the actual protocol size.
         (
             update.withdrawalsVaultTransfer,
             update.elRewardsVaultTransfer,
             update.sharesToBurnForWithdrawals,
-            update.totalSharesToBurn // shares to burn from Burner balance
+            update.totalSharesToBurn // shares to burn from Burner balance (WQ + cover)
         ) = _contracts.oracleReportSanityChecker.smoothenTokenRebase(
-            _pre.totalPooledEther - _pre.externalEther,
+            _pre.totalPooledEther - _pre.externalEther - redeemedEther,
             _pre.totalShares - _pre.externalShares,
             update.principalClBalance,
             _report.clValidatorsBalance + _report.clPendingBalance,
             _report.withdrawalVaultBalance,
             _report.elRewardsVaultBalance,
             _report.sharesRequestedToBurn,
-            update.etherToFinalizeWQ + vaultDelta,  // paired decreases: WQ finalization + vault redemptions
+            update.etherToFinalizeWQ,
             update.sharesToFinalizeWQ
         );
 
+        // Add redemption shares outside the limiter — rate-neutral, must all burn on this report
+        update.totalSharesToBurn += redeemedShares;
+
         uint256 postInternalSharesBeforeFees = _pre.totalShares -
             _pre.externalShares - // internal shares before
-            update.totalSharesToBurn; // shares to be burned for withdrawals and cover
+            update.totalSharesToBurn; // shares to be burned (WQ + cover + redemptions)
 
         update.postInternalEther =
-            _pre.totalPooledEther - _pre.externalEther // internal ether before (includes stale vault ETH)
+            _pre.totalPooledEther - _pre.externalEther
             + _report.clValidatorsBalance + _report.clPendingBalance + update.withdrawalsVaultTransfer - update.principalClBalance
             + update.elRewardsVaultTransfer
             - update.etherToFinalizeWQ
-            - vaultDelta; // subtract vault delta: stale vault ETH was overcounted in preInternalEther
+            - redeemedEther;
 
         // Pre-calculate total amount of protocol fees as the amount of shares that will be minted to pay it
         (update.sharesToMintAsFees, update.feeDistribution) = _calculateProtocolFees(
@@ -382,12 +386,14 @@ contract Accounting {
             LIDO.internalizeExternalBadDebt(_pre.badDebtToInternalize);
         }
 
+        // Flush accumulated redemption shares from vault to Burner before commit
+        _flushVaultSharesToBurner();
+
         if (_update.totalSharesToBurn > 0) {
             _contracts.burner.commitSharesToBurn(_update.totalSharesToBurn);
         }
 
-        // Reconcile RedeemsReserveVault AFTER burns — tracked vault ETH updated to actual.
-        // Must happen after commitSharesToBurn so the paired burn + reconcile are both applied.
+        // Reconcile RedeemsReserveVault — tracked vault ETH updated to actual.
         _reconcileRedeemsReserveVault();
 
         LIDO.collectRewardsAndProcessWithdrawals(
@@ -431,31 +437,38 @@ contract Accounting {
         );
     }
 
-    /// @dev Computes how much ETH left the RedeemsReserveVault since the last report.
-    ///      Returns 0 if no vault is configured or vault balance increased (e.g. donation).
-    ///      Used to pass the delta to smoothenTokenRebase as an ether decrease.
-    function _getRedeemsReserveVaultDelta() internal view returns (uint256) {
+    /// @dev Reads redemption counters from the vault. Returns (0, 0) if no vault configured.
+    function _getRedeemedCounters() internal view returns (uint256 redeemedShares, uint256 redeemedEther) {
         address vault = LIDO.getRedeemsReserveVault();
-        if (vault == address(0)) return 0;
+        if (vault == address(0)) return (0, 0);
 
-        uint256 tracked = LIDO.getRedeemsReserveVaultEth();
-        uint256 actual = vault.balance;
-        return tracked > actual ? tracked - actual : 0;
+        redeemedShares = IRedeemsReserveVault(vault).getRedeemedShares();
+        redeemedEther = IRedeemsReserveVault(vault).getRedeemedEther();
+    }
+
+    /// @dev Flushes accumulated redemption shares from vault to Burner.
+    ///      Called before commitSharesToBurn so redeemed shares are included in the burn.
+    function _flushVaultSharesToBurner() internal {
+        address vault = LIDO.getRedeemsReserveVault();
+        if (vault == address(0)) return;
+
+        IRedeemsReserveVault(vault).flushSharesToBurner();
     }
 
-    /// @dev Reconciles the RedeemsReserveVault tracked ETH to the actual vault balance.
-    ///      Called AFTER commitSharesToBurn so the paired burn + reconcile are applied together.
+    /// @dev Reconciles the RedeemsReserveVault tracked ETH to the actual vault balance
+    ///      and resets the redeemed ether counter.
     function _reconcileRedeemsReserveVault() internal {
         address vault = LIDO.getRedeemsReserveVault();
         if (vault == address(0)) return;
 
         LIDO.reconcileRedeemsReserveVault(vault.balance);
+        IRedeemsReserveVault(vault).resetRedeemedEther();
     }
 
     /// @dev Replenishes or drains the RedeemsReserveVault to match the reserve target.
     ///      Called after collectRewardsAndProcessWithdrawals when the buffer is finalized.
     ///      Fills to target from unreserved surplus first. When surplus is insufficient,
-    ///      splits the shared allocation (withdrawalsReserve + unreserved) by replenishmentShareBP.
+    ///      splits the shared allocation (withdrawalsReserve + unreserved) by growthShareBP.
     function _replenishRedeemsReserveVault() internal {
         address vault = LIDO.getRedeemsReserveVault();
         if (vault == address(0)) return;
@@ -465,23 +478,20 @@ contract Accounting {
 
         if (target > actual) {
             uint256 deficit = target - actual;
-            uint256 unreserved = LIDO.getDepositableEther();
+            uint256 depositableEther = LIDO.getDepositableEther();
             uint256 toPush;
 
-            if (unreserved >= deficit) {
-                // Surplus fully covers the deficit — no impact on WQ
+            if (depositableEther >= deficit) {
                 toPush = deficit;
             } else {
-                // Surplus insufficient — split shared allocation by replenishment share
-                uint256 shareBP = LIDO.getRedeemsReserveReplenishmentShare();
+                uint256 shareBP = LIDO.getRedeemsReserveGrowthShare();
                 if (shareBP == 0) {
-                    // No forced growth — reserve grows only from genuine surplus
-                    toPush = unreserved;
+                    toPush = depositableEther;
                 } else {
                     uint256 withdrawalsReserve = LIDO.getWithdrawalsReserve();
-                    uint256 sharedAllocation = withdrawalsReserve + unreserved;
+                    uint256 sharedAllocation = withdrawalsReserve + depositableEther;
                     uint256 reserveShare = sharedAllocation * shareBP / TOTAL_BASIS_POINTS;
-                    toPush = reserveShare > unreserved ? reserveShare : unreserved;
+                    toPush = reserveShare > depositableEther ? reserveShare : depositableEther;
                     if (toPush > deficit) toPush = deficit;
                 }
             }