validator: tighten reserve slippage cap to 25% and log slippage_bps#375
Open
anderdc wants to merge 2 commits into
Open
validator: tighten reserve slippage cap to 25% and log slippage_bps#375anderdc wants to merge 2 commits into
anderdc wants to merge 2 commits into
Conversation
The reserve slippage cap was 100_000 bps (1000%), but quote_within_slippage goes non-positive at ≥10_000 — anything ≥100% turned the rate gate into a no-op. A SwapReserveSynapse with slippage_bps=10_000+ could land a quote arbitrarily far from the miner's commitment rate and still pass the gate. That's how swap 550's 71%-off quote settled at the rate-derived amount. Cap to 2_500 (25%) — well below the 10_000 no-op threshold, above the CLI's >10% warning, and tight enough to catch a swap-550-shape quote while leaving room for honest fast-moving rates. CLI default (2%) and user-set --slippage flow are unchanged. Also add slippage_bps to the SwapReserve REQUEST log line so the next swap-550-shape ticket is diagnosable from logs in a minute instead of an afternoon of chain probes. Updates test_slippage_max_bps_clamp_applied to assert the new behavior (clamp now bites a wildly-off quote) and adds an explicit guard that RESERVE_SLIPPAGE_MAX_BPS stays below 10_000.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
RESERVE_SLIPPAGE_MAX_BPSfrom100_000(1000%) to2_500(25%). The old value sat above the10_000threshold wherequote_within_slippagegoes non-positive — anything ≥100% turned the gate into a no-op. ASwapReserveSynapsewithslippage_bps=10_000+could land a quote arbitrarily far from the miner's commitment rate and still pass.slippage_bpsto theSwapReserveREQUEST log line so the next swap-550-shape ticket is diagnosable from logs in a minute, not an afternoon of archive-node probes.test_slippage_max_bps_clamp_appliedto assert the new behavior (clamp now bites a wildly-off quote) and add an explicitRESERVE_SLIPPAGE_MAX_BPS < 10_000guard so a future bump can't silently disable the gate again.Why
Surfaced while diagnosing swap 550 (
btc→tao, COMPLETED,destAmount=98M raovsdeliveredAmount=28.2M rao— 71% gap). Chain history showed the miner's commitment was stable atrate=290.87for ≥1000 blocks before init; the quote could only have settled if the synapse arrived withslippage_bps ≥ 7091. Validator logs from later that day showed the same operator running test traffic with deliberately-mismatched quotes through the same wallet pair (5HjnFE7Z / 5EqNSv84 / miner UID 14). So swap 550 itself is operator test traffic, not real user harm — but the underlying surface (any client can passslippage_bps=10_000and disable the rate gate) is a footgun that's worth closing before a non-operator client trips it.CLI default (
--slippage 2.0→ 200 bps) and user--slippageflow are unchanged. The CLI already warns above 10% and clamps toMAX_BPS, so the visible UX change is "explicit--slippage 30now clamps to 25% instead of 1000%."Test plan
pytest tests/test_axon_handlers.py -k slippage— 5/5 passing, including the flipped clamp testpytest tests/test_axon_handlers.py tests/test_rate.py— 78/78 passingREQUEST received — … slippage_bps=N …shows up and that an explicit--slippage 30from the CLI now logs asslippage_bps=2500(clamped) and accepts within the 25% band.