Skip to content

new address#4

Merged
LandynDev merged 1 commit into
testfrom
update-contract
Mar 26, 2026
Merged

new address#4
LandynDev merged 1 commit into
testfrom
update-contract

Conversation

@anderdc

@anderdc anderdc commented Mar 26, 2026

Copy link
Copy Markdown
Collaborator

No description provided.

@LandynDev LandynDev merged commit bc038f0 into test Mar 26, 2026
2 checks passed
anderdc added a commit that referenced this pull request Mar 26, 2026
@anderdc anderdc deleted the update-contract branch June 8, 2026 21:56
LandynDev pushed a commit that referenced this pull request Jun 22, 2026
…olidation (on contract-v2) (#484)

* feat(solana): over-collateralize failed swaps to 1.1x (v2 #4)

Add a dedicated tunables.rs for economic knobs. COLLATERAL_REQUIREMENT_BPS
(1.10x) is compile-time bounded to [1.0x, 2.0x] via a const assert plus a
unit test; required_collateral(sol_amount) is the shared helper.

- vote_initiate now gates on collateral >= required_collateral(sol_amount)
  (was 1:1), so a miner must hold 1.1x the swap size to take it.
- timeout_swap slashes 1.1x and refunds the entire slash to the user
  (the 0.1x is a penalty paid to the victim; no treasury/burn split).

Tests: 4 tunables unit tests, a vote_initiate boundary-rejection test
(2.1 SOL < 2.2 needed), and the 1.1x slash assertion in test_swap. Also
fixes test_initialize (version 4 -> 5) left stale by the halt commit.
Full LiteSVM suite green (58 passed); e2e.sh 24/24.

* feat(solana): decaying anti-flashing fee on quote updates

set_quote now charges a treasury-bound fee when overwriting a standing
quote (first creation stays free beyond rent). The fee decays stepwise the
longer the prior quote stood: 0.01 SOL if updated within 5 min, 0.001 SOL
within 10 min, 0 thereafter. Discourages rapid quote-flashing without
deterring miners from joining.

- New QUOTE_UPDATE_FEE_* tiers + quote_update_fee(elapsed) in tunables.rs,
  compile-time asserted to decay over increasing windows.
- Fee moves miner -> vault treasury (system CPI), preserving the vault
  invariant. SetQuote gains a vault account; QuoteSet gains update_fee.
- Tests: tunables tier unit test + a test_quote decay walk (create free
  -> tier-1 -> tier-2 -> free). Updated all SetQuote callers for the new
  vault account. Full LiteSVM suite green (60 passed); e2e.sh 24/24.

* refactor(solana): consolidate all economic levers into tunables.rs

Move FEE_DIVISOR, RESERVATION_FEE_LAMPORTS, POOL_WINDOW_SECS and
WEIGHTS_UPDATE_MIN_INTERVAL_SECS out of constants.rs into tunables.rs, so
every deploy-time economic/policy knob lives in one file alongside the
collateral-requirement and quote-fee tunables. constants.rs keeps only
structural values (PDA seeds, request-type bytes, max string lengths, and
SLOT_MS as a chain fact). Pure code-organization move — identical values,
no behavior change. Imports updated across instructions + tests.
Full LiteSVM suite green (60 passed); e2e.sh 24/24.

* feat(solana): 60s pool window + 0.02 SOL reservation fee defaults; tunables after v2 merge

Merge origin/contract-v2 (#485 busy-model reservation rework, #486 runtime
config setters) into the feature branch and reconcile with the economic-knob
consolidation:

- Keep all deploy-time economic levers in tunables.rs. The three values #486
  promoted to runtime Config fields (reservation_fee_lamports, pool_window_secs,
  weights_update_min_interval_secs) live here as the initialize seed defaults;
  handlers read the live Config value. FEE_DIVISOR stays compile-time.
- Set the deploy defaults: POOL_WINDOW_SECS 3 -> 60, RESERVATION_FEE_LAMPORTS
  0.001 -> 0.02 SOL (both runtime-tunable via the #486 setters).
- initialize.rs seeds from tunables; test_initialize version 5 -> 6.
- integration_onchain: shrink the pool window to 3s in the shared setup via the
  new set_pool_window setter so the wall-clock on-chain tests don't each sleep a
  full minute (keeps the 60s deploy default; e2e ~2min not ~7min).

Full LiteSVM suite green (60 passed); e2e.sh 24/24.
anderdc added a commit that referenced this pull request Jun 22, 2026
…vation, admin cancels, shared validation

- consolidate tunables.rs into constants.rs (economic-levers section)
- open_or_request: gate on 1.10x required_collateral at pool entry so an
  under-collateralized miner can't strand a user at vote_initiate (#1)
- vote_deactivate: forbid deactivating a busy miner (busy => active invariant),
  so resolve_pool never arms a reservation on an inactive miner (#3)
- restore admin cancel_pool / cancel_reservation, clearing busy_until (#4)
- admin setters reject contradictory min/max bounds (#6)
- set_quote charges the churn fee on creation too, closing the
  remove_quote + set_quote dodge (#7)
- validate.rs: shared Config-field validators used by initialize + setters so
  the two write paths can't diverge (#8)
- DEFAULT_FULFILLMENT_TIMEOUT_SECS = 14400 (4h) canonical deploy default
- tests: 12 new (entry gate, busy deactivation, cancels, bounds, quote fee);
  LiteSVM 67/67, e2e.sh 24/24
LandynDev pushed a commit that referenced this pull request Jun 22, 2026
* fix(solana): PR review — entry over-collateral gate, busy-lock deactivation, admin cancels, shared validation

- consolidate tunables.rs into constants.rs (economic-levers section)
- open_or_request: gate on 1.10x required_collateral at pool entry so an
  under-collateralized miner can't strand a user at vote_initiate (#1)
- vote_deactivate: forbid deactivating a busy miner (busy => active invariant),
  so resolve_pool never arms a reservation on an inactive miner (#3)
- restore admin cancel_pool / cancel_reservation, clearing busy_until (#4)
- admin setters reject contradictory min/max bounds (#6)
- set_quote charges the churn fee on creation too, closing the
  remove_quote + set_quote dodge (#7)
- validate.rs: shared Config-field validators used by initialize + setters so
  the two write paths can't diverge (#8)
- DEFAULT_FULFILLMENT_TIMEOUT_SECS = 14400 (4h) canonical deploy default
- tests: 12 new (entry gate, busy deactivation, cancels, bounds, quote fee);
  LiteSVM 67/67, e2e.sh 24/24

* refactor(solana): separate subnet-revenue Treasury PDA from the collateral Vault

Collateral and subnet revenue no longer share an account. The Vault holds ONLY
miner collateral (trustless — leaves only via the owning miner's withdraw or a
slash to the wronged user); a new Treasury PDA holds ONLY subnet income.

- new Treasury { total, bump } PDA (seeds [b"treasury"]); Vault loses treasury_total
- confirm 1% fee, reservation fee, and quote churn fee all accrue to the Treasury
- timeout slash still pays the user from the Vault (never the treasury)
- withdraw_treasury drains the Treasury PDA (admin-only, caller-chosen recipient)
- split invariants: vault.lamports == rent + total_collateral;
  treasury.lamports == rent + total

Anti-flash fee follows the #488 mechanism (creation free; charge on remove_quote):
- set_quote creation is free again; updates still pay the decaying churn fee
- remove_quote charges the same decaying fee -> Treasury, closing the
  remove+recreate dodge without taxing first-time quotes

Tests updated for the split + new fee semantics. LiteSVM 67/67, e2e.sh 24/24.

* fix(solana): address pre-PR code-review findings

- cancel_reservation: require an active reservation (reserved_until != 0) so it
  can't clear busy_until on a miner whose pool is still open — that could let the
  miner be deactivated mid-contest and resolve_pool match a removed miner against
  a user (fund-safety regression caught in review)
- resolve_pool: restore the inactive-miner backstop (reset pool, never arm a
  reservation or busy lock for an inactive miner)
- vote_initiate: defensive active-miner check before initiating
- remove_quote: document the deliberate "removal can cost the churn fee" stance
- fix stale vault->treasury doc comments (confirm_swap, set_quote, lib, constants)
- tests: cancel_reservation open-pool rejection + treasury lamport conservation

LiteSVM 68/68, e2e.sh 24/24.

* refactor(solana): drop cancel_pool/cancel_reservation; rely on TTL self-expiry

No permanent stuck state exists: resolve_pool is permissionless (always progresses
an open pool) and a reservation's reserved_until is always now + reservation_ttl,
so a miner abandoned in a reservation self-frees at the TTL. The admin cancel ops
were only early-clear accelerators and were the sole paths that cleared busy_until
manually — the exact footgun behind the fund-safety bug. Removing them restores a
clean busy => active invariant without a resolve_pool backstop.

- remove cancel_pool / cancel_reservation instructions, their events + tests
- resolve_pool: no active check (documented invariant); vote_initiate keeps its
  defensive active check as the funds-commit backstop

LiteSVM 65/65, e2e.sh 24/24.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants