fix: enforce amount0Min / amount1Min beyond Uniswap slippage checks

[supercontracts]

Summary by CodeRabbit

• Bug Fixes
  • Removed enforcement of requested minimum token amounts when removing liquidity; withdrawals no longer fail based on those minimums and instead use balance-based rate calculations.
  • Decrease liquidity flow now omits the user-specified minimums from the withdrawal call path, which may change failure behavior on low-slippage or partial-fill scenarios.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[octane-security-app]

Summary by Octane

New Contracts

No new contracts were added.

Updated Contracts

• UniswapV4Lib.sol: Added minimum amount constraints for token balances to ensure sufficient liquidity in swaps.

---

🔗 Commit Hash: 394a4a8

[coderabbitai]

Walkthrough

Removed amount0Min and amount1Min from the decrease-liquidity call path in UniswapV4Lib.sol: the min constraints are no longer passed into _decreaseLiquidity or included in the decrease calldata; internal balance-based rate-limit calculations remain.

Changes

Cohort / File(s)	Summary
Decrease flow signature change src/libraries/UniswapV4Lib.sol	Removed amount0Min and amount1Min from the decrease-liquidity flow: they are no longer accepted by _getDecreaseLiquidityCallData or propagated in the decrease calldata. Internal balance computations (e.g., rateLimitDecrease from endingBalance - startingBalance) remain but no longer use the removed min parameters.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify callers no longer supply or expect amount0Min/amount1Min in calldata/signatures.
• Ensure downstream callers or interfaces (external contracts, tests) were updated to match removed parameters to avoid mismatches.
• Confirm that removing explicit min checks doesn't introduce unintended slippage exposure or violate intended invariants.

Suggested labels

Priority: Medium

Suggested reviewers

• lucas-manuel

Poem

🐰 I hopped through code with whiskers keen,
Removed two mins from the liquidity scene.
Simpler calls now, but guard your stash,
I bounced away quick — a tiny, tidy dash. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title claims to enforce amount0Min/amount1Min constraints, but the changes actually remove these parameters from the decrease liquidity flow, which contradicts the stated objective.	Revise the title to accurately reflect the change: remove or reword to indicate that amount0Min/amount1Min are being removed from the decrease liquidity path, or clarify the new enforcement mechanism if that is the intent.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/cantina-12-enfore-amount

---

📜 Recent review details

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a388a41 and 39aba0a.

📒 Files selected for processing (1)

• src/libraries/UniswapV4Lib.sol (0 hunks)

💤 Files with no reviewable changes (1)

• src/libraries/UniswapV4Lib.sol

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build
• GitHub Check: test
• GitHub Check: coverage

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[octane-security-app]

Overview

Vulnerabilities found:	7

Warnings found:	6

---

🔗 Commit Hash: 394a4a8
🛡️ Octane Dashboard: All vulnerabilities

[github-actions]

Coverage after merging fix/cantina-12-enfore-amount into dev will be

99.36%

Coverage Report

File	Stmts	Branches	Funcs	Lines	Uncovered Lines
deploy
ControllerDeploy.sol	100%	100%	100%	100%
ForeignControllerInit.sol	100%	100%	100%	100%
MainnetControllerInit.sol	97.37%	93.33%	100%	100%	152, 90
src
ALMProxy.sol	100%	100%	100%	100%
ALMProxyFreezable.sol	100%	100%	100%	100%
ForeignController.sol	94.90%	84.62%	95.65%	97.22%	128–129, 129, 129, 316–317, 573
MainnetController.sol	99.18%	100%	98.28%	99.24%	538–539
OTCBuffer.sol	100%	100%	100%	100%
RateLimitHelpers.sol	100%	100%	100%	100%
RateLimits.sol	100%	100%	100%	100%
src/libraries
AaveLib.sol	100%	100%	100%	100%
ApproveLib.sol	100%	100%	100%	100%
CCTPLib.sol	100%	100%	100%	100%
CurveLib.sol	100%	100%	100%	100%
ERC4626Lib.sol	96%	75%	100%	100%	108
PSMLib.sol	100%	100%	100%	100%
UniswapV4Lib.sol	99.31%	95.65%	100%	100%	277