Merge pull request #7 from PFC-Validator/fix/scv-audit

fix: apply SCV's audit suggested changes

contracts/injective-auction-pool/src/contract.rs

@@ -61,7 +61,7 @@ pub fn instantiate(
 
     FUNDS_LOCKED.save(deps.storage, &false)?;
 
-    let (messages, attributes) = new_auction_round(deps, &env, info, None, None)?;
+    let (messages, attributes) = new_auction_round(deps, &env, info, None, None, vec![])?;
 
     Ok(Response::default()
         .add_messages(messages)
@@ -112,6 +112,7 @@ pub fn execute(
             auction_winner,
             auction_winning_bid,
         } => settle_auction(deps, env, info, auction_round, auction_winner, auction_winning_bid),
+        ExecuteMsg::TrySettleAuction {} => executions::try_settle_auction(deps, env, info),
     }
 }
 

contracts/injective-auction-pool/src/error.rs

@@ -61,8 +61,7 @@ pub enum ContractError {
     MissingAuctionWinningBid,
 
     #[error(
-        "Insufficient funds. Must deposit at least {min_balance} {native_denom} to instantiate \
-         the contract"
+        "Insufficient funds. Must deposit at least {min_balance} {native_denom} to create a new denom"
     )]
     InsufficientFunds {
         native_denom: String,
@@ -84,6 +83,29 @@ pub enum ContractError {
 
     #[error("Semver parsing error: {0}")]
     SemVer(String),
+
+    #[error(
+        "Previous auction round has not been settled. Unsettled auction round: {unsettled_auction_round}.\
+         Current auction round: {current_auction_round}"
+    )]
+    AuctionRoundNotSettled {
+        unsettled_auction_round: u64,
+        current_auction_round: u64,
+    },
+
+    #[error("Basket rewards is empty")]
+    EmptyBasketRewards {},
+
+    #[error("Empty auction result")]
+    EmptyAuctionResult {},
+
+    #[error(
+        "Auction round missmatch. Unsettled auction round: {unsettled}. Latest auction round: {latest}"
+    )]
+    AuctionRoundMismatch {
+        unsettled: u64,
+        latest: u64,
+    },
 }
 
 impl From<semver::Error> for ContractError {

contracts/injective-auction-pool/src/executions.rs

@@ -5,7 +5,9 @@ use injective_std::types::cosmos::base::v1beta1::Coin;
 use injective_std::types::injective::auction::v1beta1::MsgBid;
 
 use crate::{
-    helpers::{new_auction_round, query_current_auction, validate_percentage},
+    helpers::{
+        new_auction_round, query_current_auction, query_latest_auction_result, validate_percentage,
+    },
     state::{
         Whitelisted, BIDDING_BALANCE, CONFIG, FUNDS_LOCKED, UNSETTLED_AUCTION,
         WHITELISTED_ADDRESSES,
@@ -119,18 +121,25 @@ pub(crate) fn join_pool(
         });
     }
 
-    let mut messages = vec![];
+    let unsettled_auction = UNSETTLED_AUCTION.load(deps.storage)?;
+
+    // if the current auction round is different from the unsettled auction round,
+    // prevent the user from joining the pool
+    if unsettled_auction.auction_round != current_auction_round.u64() {
+        return Err(ContractError::AuctionRoundNotSettled {
+            unsettled_auction_round: unsettled_auction.auction_round,
+            current_auction_round: current_auction_round.u64(),
+        });
+    }
 
     // mint the lp token and send it to the user
-    let lp_subdenom = UNSETTLED_AUCTION.load(deps.storage)?.lp_subdenom;
-    messages.push(config.token_factory_type.mint(
-        env.contract.address.clone(),
-        format!("factory/{}/auction.{}", env.contract.address.clone(), lp_subdenom).as_str(),
-        amount,
-    ));
+    let mut messages = vec![];
+    let lp_denom =
+        format!("factory/{}/auction.{}", env.contract.address, unsettled_auction.lp_subdenom);
+
+    messages.push(config.token_factory_type.mint(env.contract.address.clone(), &lp_denom, amount));
 
     // send the minted lp token to the user address
-    let lp_denom = format!("factory/{}/auction.{}", env.contract.address, lp_subdenom);
     messages.push(
         BankMsg::Send {
             to_address: info.sender.to_string(),
@@ -311,11 +320,55 @@ pub fn settle_auction(
 
     FUNDS_LOCKED.save(deps.storage, &false)?;
 
-    let (messages, attributes) =
-        new_auction_round(deps, &env, info, Some(auction_winner), Some(auction_winning_bid))?;
+    let (messages, attributes) = new_auction_round(
+        deps,
+        &env,
+        info,
+        Some(auction_winner),
+        Some(auction_winning_bid),
+        unsettled_auction.basket,
+    )?;
 
     Ok(Response::default()
         .add_attribute("action", "settle_auction")
         .add_messages(messages)
         .add_attributes(attributes))
 }
+
+/// Tries to settle the latest auction permissionlessly
+pub fn try_settle_auction(
+    deps: DepsMut,
+    env: Env,
+    info: MessageInfo,
+) -> Result<Response, ContractError> {
+    let unsettled_auction = UNSETTLED_AUCTION.load(deps.storage)?;
+
+    let latest_auction_result_response = query_latest_auction_result(deps.as_ref())?
+        .last_auction_result
+        .ok_or(ContractError::EmptyAuctionResult {})?;
+
+    // can only settle the latest auction round permissionlessly
+    if unsettled_auction.auction_round != latest_auction_result_response.round {
+        return Err(ContractError::AuctionRoundMismatch {
+            unsettled: unsettled_auction.auction_round,
+            latest: latest_auction_result_response.round,
+        });
+    }
+
+    FUNDS_LOCKED.save(deps.storage, &false)?;
+
+    let (messages, attributes) = new_auction_round(
+        deps,
+        &env,
+        info,
+        Some(latest_auction_result_response.winner),
+        Some(latest_auction_result_response.amount.parse()?),
+        unsettled_auction.basket,
+    )?;
+
+    Ok(Response::default()
+        .add_attribute("action", "try_settle_auction")
+        .add_attribute("auction_round", unsettled_auction.auction_round.to_string())
+        .add_messages(messages)
+        .add_attributes(attributes))
+}