Dev

[matteoettam09]

Summary by CodeRabbit

• Bug Fixes

  • Improved ERC‑4626 price calculation to handle zero-supply and high‑supply precision correctly.

• Breaking Changes

  • Removed pending redemption claim flow; failed redemption transfers are now processed immediately.
  • Removed legacy redemption events and related claim/view APIs from the vault interface.

• Chores

  • Version bumped to 2.4.0; verification scripts/plugins removed and CI/example env entries simplified.
  • Adjusted upgradeable storage gaps across contracts.

• Tests

  • Added/updated ERC‑4626 price adapter tests and a test vault helper for high‑supply scenarios.

[coderabbitai]

Too much diff to scan? Review this PR in Change Stack to start with the highest-impact changes.

📝 Walkthrough

Walkthrough

Consolidates UUPS contract storage layout and upgrade-timelock placement, removes the deferred redemption-claim queue and related interface items, replaces ERC4626 price calculation with totalAssets/totalSupply precision logic (plus helpers), and adds tests; tooling and CI config bump to v2.4.0.

Changes

Storage Layout Consolidation and Redemption Simplification

Layer / File(s)	Summary
Storage layout consolidation contracts/LiquidityOrchestrator.sol, contracts/OrionConfig.sol, contracts/factories/TransparentVaultFactory.sol, contracts/price/PriceAdapterRegistry.sol	upgradeTimelock declarations relocated to early state sections in UUPS contracts and private __gap sizes adjusted (50→47/49) to match new storage layout.
Redemption claim mechanism removal contracts/interfaces/IOrionVault.sol, contracts/vaults/OrionVault.sol	Removed RedemptionFailed/RedemptionClaimed events and claimUnderlying()/totalPendingUnderlyingClaims() from the interface and vault; fulfillRedeem now performs direct transfers without try/catch queuing.

ERC4626 Price Adapter and Test Coverage

Layer / File(s)	Summary
ERC4626 price adapter precision improvements contracts/price/ERC4626PriceAdapter.sol	getPriceData derives per-share underlying from totalAssets()/totalSupply() with a computed precision multiplier, adds _effectiveShareDecimals() and _decimalDigits() helpers, and handles zero totalSupply explicitly.
Test vault and precision coverage contracts/test/TestFixedRatioERC4626.sol, test/PriceAdapterTruncation.test.ts, test/crossAsset/ERC4626PriceAdapter.test.ts, test/crossAsset/ERC4626PriceAdapterHighSupply.test.ts	Adds TestFixedRatioERC4626 deterministic vault; updates existing tests to compute expected amounts from totals; adds high-supply precision test suite including optional mainnet fork checks.
CI and tooling hardhat.config.ts, .github/workflows/ci.yml, package.json, .env.sepolia.example	Remove Etherscan/verify plugin and secrets from CI and Hardhat config; bump package to 2.4.0 and update devDependencies; remove verify:vault and storage-layout scripts; remove placeholder ETHERSCAN_API_KEY in example env.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related issues

• OrionFinanceAI/protocol-bug-bounty#84: The ERC4626PriceAdapter changes directly address the reported truncation bug by computing per-share underlying via totals and adding precision helpers.

Possibly related PRs

• OrionFinanceAI/protocol#186: Related storage layout changes and upgrade-timelock reorganization.
• OrionFinanceAI/protocol#199: Opposing/related work that introduced pending-claim redemption flow which this PR removes.
• OrionFinanceAI/protocol#140: Earlier LiquidityOrchestrator storage/layout changes tied to upgrade wiring.

Poem

🐰 I hopped through storage, neat and keen,

Timelocks moved and gaps kept clean,
Claims gone, transfers now direct,
Shares and assets counted correct,
Tests attest precision—hop, repeat!

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Dev' is vague and generic, providing no meaningful information about the changeset's actual purpose or contents.	Replace with a descriptive title that captures the main change, such as 'Reorganize storage layout and remove redemption claim functionality' or 'Refactor storage declarations and update price adapter logic'.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@contracts/LiquidityOrchestrator.sol`:
- Around line 122-124: The contract adds/positions variables
(initialEpochBufferAmount, upgradeTimelock, commitmentMinibatchSize,
_partialVaultsHash, _commitmentBatchIndex, and the uint256[47] __gap) that must
preserve exact storage slots from the deployed LiquidityOrchestrator; run a
storage-layout validation (e.g., OpenZeppelin prepareUpgrade/validateUpgrade or
hardhat-storage-layout) comparing the old and new LiquidityOrchestrator
implementations, do not reorder or rename existing state vars, and only reduce
__gap to account for truly new variables; if your repo lacks the validation
wiring, add a scripts/check-storage-layout.ts that performs the diff and enable
the `@openzeppelin/hardhat-upgrades` or hardhat-storage-layout plugin in
hardhat.config.ts so CI/run ensures the slot layout matches before upgrading.

In `@contracts/price/ERC4626PriceAdapter.sol`:
- Around line 94-127: The _effectiveShareDecimals function contains an
unreachable defensive branch checking totalSupply == 0; remove that check and
its early return (the if (totalSupply == 0) { return vaultAssetDecimals; }
block) from ERC4626PriceAdapter/_effectiveShareDecimals since totalSupply is
already validated by the caller, leaving the rest of the logic intact; ensure no
other callers rely on that early return and run tests to confirm behavior
unchanged.
- Around line 132-146: The function _decimalDigits currently shadows the named
return variable `uint8 digits` by redeclaring `uint8 digits = 1;`; fix this by
removing the local declaration and assigning to the named return (i.e., change
the local `uint8 digits = 1;` to `digits = 1;`) so the function uses a single
`digits` identifier throughout and eliminates the shadowing warning.

In `@contracts/test/TestFixedRatioERC4626.sol`:
- Around line 39-41: convertToAssets uses unchecked multiplication which can
overflow; change it to use OpenZeppelin's Math.mulDiv for safe mul-div
arithmetic: import OpenZeppelin's Math library and replace the body of function
convertToAssets(uint256 shares) in TestFixedRatioERC4626 with a call to
Math.mulDiv(shares, _fixedTotalAssets, _fixedTotalSupply) (ensuring the Math
import is added at the top of the file).

In `@contracts/vaults/OrionVault.sol`:
- Around line 657-658: fulfillRedeem currently pays each user inline via
liquidityOrchestrator.transferRedemptionFunds which calls
IERC20(underlyingAsset).safeTransfer and will revert the entire batch if any
single transfer fails; change the flow so failures are isolated: update
LiquidityOrchestrator.transferRedemptionFunds (or add a new
safeTransferWithoutRevert method) to perform a low-level transfer call that
returns a success boolean instead of using safeTransfer, and have fulfillRedeem
handle a failed transfer by recording a retryable pending claim (e.g., push into
a _pendingRedemptions or emit a RedeemFailed event with user and amount) while
continuing to process the rest of the users from _redeemRequests; keep the
existing emit Redeem for successful payments and ensure any new pending storage
or event uses clear identifiers so pending claims can be retried later.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: abea20f3-9955-4380-b7d3-46b6d885dd40

📥 Commits

Reviewing files that changed from the base of the PR and between d2c3313 and b468719.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (12)

• contracts/LiquidityOrchestrator.sol
• contracts/OrionConfig.sol
• contracts/factories/TransparentVaultFactory.sol
• contracts/interfaces/IOrionVault.sol
• contracts/price/ERC4626PriceAdapter.sol
• contracts/price/PriceAdapterRegistry.sol
• contracts/test/TestFixedRatioERC4626.sol
• contracts/vaults/OrionVault.sol
• package.json
• test/PriceAdapterTruncation.test.ts
• test/crossAsset/ERC4626PriceAdapter.test.ts
• test/crossAsset/ERC4626PriceAdapterHighSupply.test.ts

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

package.json (1)

100-100: 🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Remove obsolete ignoreMissing entry if @nomicfoundation/hardhat-verify is removed.

If @nomicfoundation/hardhat-verify is removed from devDependencies (as indicated by the AI summary), this entry in peerDependencyRules.ignoreMissing should also be removed to avoid stale configuration.

♻️ Proposed fix

     "peerDependencyRules": {
       "ignoreMissing": [
         "`@nomicfoundation/hardhat-ethers`",
-        "`@nomicfoundation/hardhat-verify`",
         "`@nomicfoundation/hardhat-network-helpers`"
       ],

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 100, Remove the stale peerDependencyRules.ignoreMissing
entry that references "`@nomicfoundation/hardhat-verify`" from package.json:
locate the peerDependencyRules.ignoreMissing array and delete the string
"`@nomicfoundation/hardhat-verify`" (or remove the entire ignoreMissing property
if it becomes empty) so the configuration no longer references the removed
devDependency.

contracts/price/ERC4626PriceAdapter.sol (1)

70-84: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Return the added share precision in priceDecimals.

Line 71 bakes effectiveShareDecimals - vaultAssetDecimals extra digits into vaultUnderlyingAssetAmount, but Lines 75 and 84 still return the old decimal count. PriceAdapterRegistry.getPrice normalizes only from priceDecimals, so any vault that takes the high-precision branch is overpriced downstream by that same factor. A vfUSDC-like +6 adjustment becomes a 1e6 price inflation at the registry boundary.

♻️ Minimal fix

         uint8 effectiveShareDecimals = _effectiveShareDecimals(totalAssets, totalSupply, vaultAssetDecimals);
+        uint8 scaleAdjustment = effectiveShareDecimals - vaultAssetDecimals;
         uint256 precisionAmount = 10 ** (PRICE_DECIMALS + effectiveShareDecimals);
         uint256 vaultUnderlyingAssetAmount = Math.mulDiv(totalAssets, precisionAmount, totalSupply);

         if (vaultUnderlying == address(UNDERLYING_ASSET)) {
-            return (vaultUnderlyingAssetAmount, PRICE_DECIMALS + UNDERLYING_ASSET_DECIMALS);
+            return (vaultUnderlyingAssetAmount, PRICE_DECIMALS + UNDERLYING_ASSET_DECIMALS + scaleAdjustment);
         }
@@
-        return (vaultPrice, PRICE_DECIMALS + CONFIG.getTokenDecimals(vaultUnderlying));
+        return (vaultPrice, PRICE_DECIMALS + CONFIG.getTokenDecimals(vaultUnderlying) + scaleAdjustment);

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@contracts/price/ERC4626PriceAdapter.sol` around lines 70 - 84, The function
multiplies totalAssets by precisionAmount that includes effectiveShareDecimals,
but the returned priceDecimals still use the old vaultAssetDecimals; update both
return paths to include the extra share precision: for the short-circuit
(vaultUnderlying == UNDERLYING_ASSET) return PRICE_DECIMALS +
effectiveShareDecimals (not PRICE_DECIMALS + UNDERLYING_ASSET_DECIMALS), and for
the other branch add the delta (effectiveShareDecimals - vaultAssetDecimals) to
the returned decimals (i.e. return PRICE_DECIMALS +
CONFIG.getTokenDecimals(vaultUnderlying) + (effectiveShareDecimals -
vaultAssetDecimals)); keep using the computed vaultUnderlyingAssetAmount and
vaultPrice as-is.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Line 49: The package.json still lists the `@nomicfoundation/hardhat-verify`
entry in devDependencies and inside pnpm.peerDependencyRules.ignoreMissing even
though hardhat.config.ts no longer uses the plugin; either remove the
"`@nomicfoundation/hardhat-verify`" entry from devDependencies and delete it from
the pnpm.peerDependencyRules.ignoreMissing array, or if you intend to keep the
dependency, update the PR description to state that the plugin remains; search
for the literal "`@nomicfoundation/hardhat-verify`" in the package.json to locate
and update both occurrences.

---

Outside diff comments:
In `@contracts/price/ERC4626PriceAdapter.sol`:
- Around line 70-84: The function multiplies totalAssets by precisionAmount that
includes effectiveShareDecimals, but the returned priceDecimals still use the
old vaultAssetDecimals; update both return paths to include the extra share
precision: for the short-circuit (vaultUnderlying == UNDERLYING_ASSET) return
PRICE_DECIMALS + effectiveShareDecimals (not PRICE_DECIMALS +
UNDERLYING_ASSET_DECIMALS), and for the other branch add the delta
(effectiveShareDecimals - vaultAssetDecimals) to the returned decimals (i.e.
return PRICE_DECIMALS + CONFIG.getTokenDecimals(vaultUnderlying) +
(effectiveShareDecimals - vaultAssetDecimals)); keep using the computed
vaultUnderlyingAssetAmount and vaultPrice as-is.

In `@package.json`:
- Line 100: Remove the stale peerDependencyRules.ignoreMissing entry that
references "`@nomicfoundation/hardhat-verify`" from package.json: locate the
peerDependencyRules.ignoreMissing array and delete the string
"`@nomicfoundation/hardhat-verify`" (or remove the entire ignoreMissing property
if it becomes empty) so the configuration no longer references the removed
devDependency.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1e6df322-2afc-45d2-be06-8a08a05553d0

📥 Commits

Reviewing files that changed from the base of the PR and between b7a3620 and 072db15.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• contracts/price/ERC4626PriceAdapter.sol
• contracts/test/TestFixedRatioERC4626.sol
• package.json

[coderabbitai]

♻️ Duplicate comments (1)

package.json (1)

49-49: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Remove leftover hardhat-verify metadata to match the verify-tooling removal.

@nomicfoundation/hardhat-verify is still retained in devDependencies, pnpm.overrides, and peerDependencyRules.ignoreMissing even though verification wiring is removed from CI and Hardhat config. This leaves stale tooling and unnecessary dependency surface.

Suggested minimal cleanup

   "devDependencies": {
@@
-    "`@nomicfoundation/hardhat-verify`": "3.0.18",
@@
   "pnpm": {
     "overrides": {
-      "`@nomicfoundation/hardhat-verify`": "3.0.18",
       "`@openzeppelin/contracts-upgradeable`@>=4.3.0 <4.8.3": "^4.9.6",
@@
     "peerDependencyRules": {
       "ignoreMissing": [
         "`@nomicfoundation/hardhat-ethers`",
-        "`@nomicfoundation/hardhat-verify`",
         "`@nomicfoundation/hardhat-network-helpers`"
       ],

Also applies to: 92-92, 101-101

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 49, Remove all leftover references to the removed
verify tooling by deleting the `@nomicfoundation/hardhat-verify` entry from
devDependencies and removing any matching keys from pnpm.overrides and the
peerDependencyRules.ignoreMissing array in package.json; search for the string
"`@nomicfoundation/hardhat-verify`" and remove each occurrence so package.json no
longer lists that package or ignores it as missing, then run the package
manager's install/lock update to regenerate lockfiles.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@package.json`:
- Line 49: Remove all leftover references to the removed verify tooling by
deleting the `@nomicfoundation/hardhat-verify` entry from devDependencies and
removing any matching keys from pnpm.overrides and the
peerDependencyRules.ignoreMissing array in package.json; search for the string
"`@nomicfoundation/hardhat-verify`" and remove each occurrence so package.json no
longer lists that package or ignores it as missing, then run the package
manager's install/lock update to regenerate lockfiles.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2409faf3-e2ae-4404-9d1c-22cb134ab14f

📥 Commits

Reviewing files that changed from the base of the PR and between 072db15 and 532da80.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• package.json