Skip to content

[VPD-1292] PrimeV2 Sherlock Audit#676

Open
Debugger022 wants to merge 4 commits into
feat/VPD-1247from
feat/VPD-1292
Open

[VPD-1292] PrimeV2 Sherlock Audit#676
Debugger022 wants to merge 4 commits into
feat/VPD-1247from
feat/VPD-1292

Conversation

@Debugger022
Copy link
Copy Markdown
Contributor

@Debugger022 Debugger022 commented May 27, 2026
edited
Loading

Summary

  • Address Sherlock finding PLP income accrued while a market has no scored members is no longer silently dropped
  • accrueInterest now early-returns when markets[vToken].sumOfMembersScore == 0, leaving unreleasedPLPIncome[underlying] unchanged so the slice carries forward and is distributed once the first user gains a positive score in that market

@Debugger022 Debugger022 self-assigned this May 27, 2026
claude[bot]
claude Bot reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

@Debugger022
fix: ceil weighted timestamp on deposit compaction
e421dda 
Round the amount-weighted merge timestamp up instead of down so the
merged deposit's effective duration rounds down conservatively,
removing a directional bias that let users inflate effective stake by
adding tiny deposits without advancing the deposit timestamp.
@Debugger022
revert: carry-forward PLP income when sumOfMembersScore is zero
2f809a8 
Restores the original advance-baseline behavior in accrueInterest.
Rewarding a behavior requires the user to be actively contributing
(XVS stake + supported-market position); carrying the slice forward
would credit arrival timing rather than participation. The tokens
remain in the PrimeLiquidityProvider balance and can be reallocated
via sweepToken in a governance VIP if needed.

Reverts 61625b1.
@Debugger022
feat(prime): track and reclaim undistributed PLP income via sweep
b4fca63 
When sumOfMembersScore is zero the PLP slice has no recipient and was
previously stranded once unreleasedPLPIncome advanced past it.
Recording it in undistributedReward and adding an ACM-gated
sweepUndistributed lets governance reclaim the funds without touching
user-owed balances, addressing Sherlock #10.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

Assignees

@Debugger022 Debugger022

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Debugger022