Skip to content

Error-quality + NatSpec-accuracy bundle (OOB->Panic 0x32, clear revert ordering, stale clear/LibOpContext/quote2 NatSpec) #2671

Description

@thedavidmeister

Summary

A bundle of low-severity error-quality and NatSpec-accuracy divergences found and verified across take/clear/quote/subparser on 08d547fab. None involve value loss; grouped to avoid issue sprawl. Each is surfaced for triage.

Error-quality (opaque/confusing revert reasons)

  1. OOB inputIOIndex/outputIOIndexPanic(0x32) instead of the typed ZeroMaximumIO/TokenMismatch. takeOrders4 dereferences config.orders[0]…validInputs[inputIOIndex] before the zero-max guard (RaindexV6.sol:447-451 vs 469-472), so a malformed index panics opaquely. (Repro: testZeroMaxWithOOBInputIOIndex reverts Panic 0x32ZeroMaximumIO.)
  2. clear3 negative-bounty with a vault-0 input reverts ERC20InsufficientBalance, not NegativeBounty() — the pushVaultZeroInput at clear3:692 runs before the NegativeBounty guard at :702, so in the zero-ambient-balance config the ERC20 revert pre-empts the explicit guard.
  3. clear3 zero Alice IORatio + negative counterparty outputMaxDivisionByZero(-1,0) instead of a semantic error (the cap path computes (-1).div(0)).

NatSpec accuracy

  1. calculateClearStateChange function NatSpec describes the OLD cap formula (counterparty_IO * counterparty_outputMax) while the code caps via bob.outputMax / alice.IORatio — stale prose inherited verbatim from the legacy OrderBook; the @dev comments are correct, the function-level NatSpec is not. (Code is conservation-safe.)
  2. LibOpContext.run/referenceFn @param NatSpec inverts column/row ("row (low byte) and column (second byte)") vs the actual encoding (low byte = column, per LibSubParse.subParserContext). Doc-only; the same byte is used on encode/decode so the cell read is always correct.
  3. quote2 reverts TokenSelfTrade for a live self-trade order — an undocumented revert path (the quote2 NatSpec documents only a value return; TokenSelfTrade isn't even declared in the interface package). Behavior is sensible and consistent with take/clear; pure interface-doc completeness gap.

Impact / triage

Low across the board — reverts/doc only, no value loss or DoS. Fixes are localized (reorder guards, correct/soften NatSpec).


Surfaced by a blind adversarial sweep (code + spec only, no audit access) of 08d547fab, then re-verified with a real repro on that commit and dispatcher-reviewed. Part of a batch from the adversarial-mutation-test skill run.

Metadata

Metadata

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions