Merge pull request #1044 from liquity/fix-high-fraction-liquidation-security-advisory

Fix high fraction liquidation security advisory

Author: bingen

packages/contracts/contracts/Dependencies/LiquitySafeMath128.sol

@@ -50,10 +50,9 @@ interface IStabilityPool {
     event CommunityIssuanceAddressChanged(address _newCommunityIssuanceAddress);
 
     event P_Updated(uint _P);
-    event S_Updated(uint _S, uint128 _epoch, uint128 _scale);
-    event G_Updated(uint _G, uint128 _epoch, uint128 _scale);
-    event EpochUpdated(uint128 _currentEpoch);
-    event ScaleUpdated(uint128 _currentScale);
+    event S_Updated(uint _S, uint _scale);
+    event G_Updated(uint _G, uint _scale);
+    event ScaleUpdated(uint _currentScale);
 
     event FrontEndRegistered(address indexed _frontEnd, uint _kickbackRate);
     event FrontEndTagSet(address indexed _depositor, address indexed _frontEnd);
@@ -159,6 +158,13 @@ interface IStabilityPool {
      */
     function getTotalLUSDDeposits() external view returns (uint);
 
+    /*
+     * Returns the max amount of LUSD held in the pool that can be used for liquidations.
+     * It makes sure that at least 1 LUSD remains.
+     * If the max amount is used, it makes sure it won’t revert by underflow due to the accumulated offset error.
+     */
+    function getMaxAmountToOffset() external view returns (uint);
+
     /*
      * Calculates the ETH gain earned by the deposit since its last snapshots were taken.
      */

packages/contracts/contracts/Interfaces/IStabilityPool.sol

@@ -10,7 +10,7 @@ contract StabilityPoolTester is StabilityPool {
         ETH = ETH.add(msg.value);
     }
 
-    function setCurrentScale(uint128 _currentScale) external {
+    function setCurrentScale(uint _currentScale) external {
         currentScale = _currentScale;
     }
 

packages/contracts/contracts/StabilityPool.sol

@@ -54,6 +54,7 @@ module.exports = {
             {
                 version: "0.6.11",
                 settings: {
+                    evmVersion: "istanbul",
                     optimizer: {
                         enabled: true,
                         runs: 100

packages/contracts/contracts/TestContracts/LiquitySafeMath128Tester.sol

@@ -356,6 +356,8 @@ contract('Gas compensation tests', async accounts => {
     // D, E each provide LUSD to SP
     await stabilityPool.provideToSP(A_totalDebt, ZERO_ADDRESS, { from: dennis, gasPrice: GAS_PRICE })
     await stabilityPool.provideToSP(B_totalDebt.add(C_totalDebt), ZERO_ADDRESS, { from: erin, gasPrice: GAS_PRICE })
+    // whale deposits LUSD so all debt can be offset
+    await stabilityPool.provideToSP(dec(1, 18), ZERO_ADDRESS, { from: whale })
 
     const LUSDinSP_0 = await stabilityPool.getTotalLUSDDeposits()
 
@@ -448,8 +450,10 @@ contract('Gas compensation tests', async accounts => {
     const LUSDinSP_C = await stabilityPool.getTotalLUSDDeposits()
     assert.isTrue(LUSDinSP_C.lt(LUSDinSP_B))
 
-    // Check ETH in SP has not changed due to the lquidation of C
+    // Check ETH in SP has not changed due to the liquidation of C
     const ETHinSP_C = await stabilityPool.getETH()
+    console.log('ETHinSP_C.toString(): ', ETHinSP_C.toString())
+    console.log('aliceColl.sub(_0pt5percent_aliceColl).add(bobColl).sub(_0pt5percent_bobColl).add(carolColl).sub(_0pt5percent_carolColl).toString(): ', aliceColl.sub(_0pt5percent_aliceColl).add(bobColl).sub(_0pt5percent_bobColl).add(carolColl).sub(_0pt5percent_carolColl).toString())
     assert.equal(ETHinSP_C.toString(), aliceColl.sub(_0pt5percent_aliceColl).add(bobColl).sub(_0pt5percent_bobColl).add(carolColl).sub(_0pt5percent_carolColl)) // (1+2+3 ETH) * 0.995
   })