Summary
A bundle of low-severity error-quality and NatSpec-accuracy divergences found and verified across take/clear/quote/subparser on 08d547fab. None involve value loss; grouped to avoid issue sprawl. Each is surfaced for triage.
Error-quality (opaque/confusing revert reasons)
- OOB
inputIOIndex/outputIOIndex → Panic(0x32) instead of the typed ZeroMaximumIO/TokenMismatch. takeOrders4 dereferences config.orders[0]…validInputs[inputIOIndex] before the zero-max guard (RaindexV6.sol:447-451 vs 469-472), so a malformed index panics opaquely. (Repro: testZeroMaxWithOOBInputIOIndex reverts Panic 0x32 ≠ ZeroMaximumIO.)
- clear3 negative-bounty with a vault-0 input reverts
ERC20InsufficientBalance, not NegativeBounty() — the pushVaultZeroInput at clear3:692 runs before the NegativeBounty guard at :702, so in the zero-ambient-balance config the ERC20 revert pre-empts the explicit guard.
- clear3 zero Alice
IORatio + negative counterparty outputMax → DivisionByZero(-1,0) instead of a semantic error (the cap path computes (-1).div(0)).
NatSpec accuracy
calculateClearStateChange function NatSpec describes the OLD cap formula (counterparty_IO * counterparty_outputMax) while the code caps via bob.outputMax / alice.IORatio — stale prose inherited verbatim from the legacy OrderBook; the @dev comments are correct, the function-level NatSpec is not. (Code is conservation-safe.)
LibOpContext.run/referenceFn @param NatSpec inverts column/row ("row (low byte) and column (second byte)") vs the actual encoding (low byte = column, per LibSubParse.subParserContext). Doc-only; the same byte is used on encode/decode so the cell read is always correct.
quote2 reverts TokenSelfTrade for a live self-trade order — an undocumented revert path (the quote2 NatSpec documents only a value return; TokenSelfTrade isn't even declared in the interface package). Behavior is sensible and consistent with take/clear; pure interface-doc completeness gap.
Impact / triage
Low across the board — reverts/doc only, no value loss or DoS. Fixes are localized (reorder guards, correct/soften NatSpec).
Surfaced by a blind adversarial sweep (code + spec only, no audit access) of 08d547fab, then re-verified with a real repro on that commit and dispatcher-reviewed. Part of a batch from the adversarial-mutation-test skill run.
Summary
A bundle of low-severity error-quality and NatSpec-accuracy divergences found and verified across take/clear/quote/subparser on
08d547fab. None involve value loss; grouped to avoid issue sprawl. Each is surfaced for triage.Error-quality (opaque/confusing revert reasons)
inputIOIndex/outputIOIndex→Panic(0x32)instead of the typedZeroMaximumIO/TokenMismatch.takeOrders4dereferencesconfig.orders[0]…validInputs[inputIOIndex]before the zero-max guard (RaindexV6.sol:447-451 vs 469-472), so a malformed index panics opaquely. (Repro:testZeroMaxWithOOBInputIOIndexrevertsPanic 0x32≠ZeroMaximumIO.)ERC20InsufficientBalance, notNegativeBounty()— thepushVaultZeroInputat clear3:692 runs before theNegativeBountyguard at :702, so in the zero-ambient-balance config the ERC20 revert pre-empts the explicit guard.IORatio+ negative counterpartyoutputMax→DivisionByZero(-1,0)instead of a semantic error (the cap path computes(-1).div(0)).NatSpec accuracy
calculateClearStateChangefunction NatSpec describes the OLD cap formula (counterparty_IO * counterparty_outputMax) while the code caps viabob.outputMax / alice.IORatio— stale prose inherited verbatim from the legacy OrderBook; the@devcomments are correct, the function-level NatSpec is not. (Code is conservation-safe.)LibOpContext.run/referenceFn@paramNatSpec inverts column/row ("row (low byte) and column (second byte)") vs the actual encoding (low byte = column, perLibSubParse.subParserContext). Doc-only; the same byte is used on encode/decode so the cell read is always correct.quote2revertsTokenSelfTradefor a live self-trade order — an undocumented revert path (thequote2NatSpec documents only a value return;TokenSelfTradeisn't even declared in the interface package). Behavior is sensible and consistent with take/clear; pure interface-doc completeness gap.Impact / triage
Low across the board — reverts/doc only, no value loss or DoS. Fixes are localized (reorder guards, correct/soften NatSpec).
Surfaced by a blind adversarial sweep (code + spec only, no audit access) of
08d547fab, then re-verified with a real repro on that commit and dispatcher-reviewed. Part of a batch from the adversarial-mutation-test skill run.