[VAULTS] Audit fixes 5

contracts/0.8.25/utils/Confirmations.sol

@@ -15,9 +15,9 @@ abstract contract Confirmations {
      * @notice Tracks confirmations
      * @custom:storage-location erc7201:Lido.Utils.Confirmations
      * @dev We cannot set confirmExpiry to 0 because this means that all confirmations have to be in the same block,
-     *      which can never be guaranteed. And, more importantly, if the `_setConfirmExpiry` is restricted by
-     *      the `onlyConfirmed` modifier, the confirmation expiry will be tricky to change.
-     *      This is why confirmExpiry is private, set to a default value of 1 hour and cannot be set to 0.
+     *      which can never be guaranteed. And, more importantly, if the `_setConfirmExpiry` requires confirmation,
+     *      the confirmation expiry will be tricky to change.
+     *      This is why confirmExpiry is private, set to a default value of 1 days and cannot be set to 0.
      *
      * Storage layout:
      * - callData: msg.data of the call (selector + arguments)
@@ -197,6 +197,7 @@ abstract contract Confirmations {
 
     /**
      * @dev Emitted when the confirmation expiry is set.
+     * @param sender msg.sender of the call
      * @param oldConfirmExpiry The old confirmation expiry.
      * @param newConfirmExpiry The new confirmation expiry.
      */
@@ -205,12 +206,12 @@ abstract contract Confirmations {
     /**
      * @dev Emitted when a role member confirms.
      * @param member The address of the confirming member.
-     * @param role The role of the confirming member.
+     * @param roleOrAddress The role or address of the confirming member.
      * @param confirmTimestamp The timestamp of the confirmation.
      * @param expiryTimestamp The timestamp when this confirmation expires.
      * @param data The msg.data of the confirmation (selector + arguments).
      */
-    event RoleMemberConfirmed(address indexed member, bytes32 indexed role, uint256 confirmTimestamp, uint256 expiryTimestamp, bytes data);
+    event RoleMemberConfirmed(address indexed member, bytes32 indexed roleOrAddress, uint256 confirmTimestamp, uint256 expiryTimestamp, bytes data);
 
     /**
      * @dev Thrown when attempting to set confirmation expiry out of bounds.

contracts/0.8.25/vaults/LazyOracle.sol

@@ -149,7 +149,12 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
     /// @param _quarantinePeriod the quarantine period, seconds
     /// @param _maxRewardRatioBP the max reward ratio, basis points
     /// @param _maxLidoFeeRatePerSecond the max Lido fee rate per second
-    function initialize(address _admin, uint256 _quarantinePeriod, uint256 _maxRewardRatioBP, uint256 _maxLidoFeeRatePerSecond) external initializer {
+    function initialize(
+        address _admin,
+        uint256 _quarantinePeriod,
+        uint256 _maxRewardRatioBP,
+        uint256 _maxLidoFeeRatePerSecond
+    ) external initializer {
         if (_admin == address(0)) revert AdminCannotBeZero();
         _grantRole(DEFAULT_ADMIN_ROLE, _admin);
 
@@ -161,7 +166,12 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
     /// @return refSlot of the report
     /// @return treeRoot merkle root of the report
     /// @return reportCid IPFS CID for the report JSON file
-    function latestReportData() external view returns (uint256 timestamp, uint256 refSlot, bytes32 treeRoot, string memory reportCid) {
+    function latestReportData() external view returns (
+        uint256 timestamp,
+        uint256 refSlot,
+        bytes32 treeRoot,
+        string memory reportCid
+    ) {
         Storage storage $ = _storage();
         return ($.vaultsDataTimestamp, $.vaultsDataRefSlot, $.vaultsDataTreeRoot, $.vaultsDataReportCid);
     }
@@ -238,28 +248,6 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
         return _vaultInfo(_vault, _vaultHub());
     }
 
-    function _vaultInfo(address _vault, VaultHub _vh) internal view returns (VaultInfo memory) {
-        IStakingVault vault = IStakingVault(_vault);
-        VaultHub.VaultConnection memory connection = _vh.vaultConnection(_vault);
-        VaultHub.VaultRecord memory record = _vh.vaultRecord(_vault);
-        return VaultInfo(
-            _vault,
-            vault.availableBalance() + vault.stagedBalance(),
-            record.inOutDelta.currentValue(),
-            vault.withdrawalCredentials(),
-            record.liabilityShares,
-            record.maxLiabilityShares,
-            _mintableStETH(_vault),
-            connection.shareLimit,
-            connection.reserveRatioBP,
-            connection.forcedRebalanceThresholdBP,
-            connection.infraFeeBP,
-            connection.liquidityFeeBP,
-            connection.reservationFeeBP,
-            _vh.isPendingDisconnect(_vault)
-        );
-    }
-
     /**
      * @notice batch method to mass check the validator stages in PredepositGuarantee contract
      * @param _pubkeys the array of validator's pubkeys to check
@@ -305,14 +293,20 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
         $.vaultsDataTreeRoot = _vaultsDataTreeRoot;
         $.vaultsDataReportCid = _vaultsDataReportCid;
 
-        emit VaultsReportDataUpdated(_vaultsDataTimestamp, _vaultsDataRefSlot, _vaultsDataTreeRoot, _vaultsDataReportCid);
+        emit VaultsReportDataUpdated(
+            _vaultsDataTimestamp,
+            _vaultsDataRefSlot,
+            _vaultsDataTreeRoot,
+            _vaultsDataReportCid
+        );
     }
 
     /// @notice Permissionless update of the vault data
     /// @param _vault the address of the vault
     /// @param _totalValue the total value of the vault
     /// @param _cumulativeLidoFees the cumulative Lido fees accrued on the vault (nominated in ether)
-    /// @param _liabilityShares the liabilityShares of the vault
+    /// @param _liabilityShares the liabilityShares value of the vault (on the vaultsDataRefSlot)
+    /// @param _maxLiabilityShares the maxLiabilityShares value of the vault (on the vaultsDataRefSlot)
     /// @param _proof the proof of the reported data
     function updateVaultData(
         address _vault,
@@ -374,37 +368,63 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
         delete quarantines[_vault];
     }
 
+    function _vaultInfo(address _vault, VaultHub _vh) internal view returns (VaultInfo memory) {
+        IStakingVault vault = IStakingVault(_vault);
+        VaultHub.VaultConnection memory connection = _vh.vaultConnection(_vault);
+        VaultHub.VaultRecord memory record = _vh.vaultRecord(_vault);
+        return VaultInfo(
+            _vault,
+            vault.availableBalance() + vault.stagedBalance(),
+            record.inOutDelta.currentValue(),
+            vault.withdrawalCredentials(),
+            record.liabilityShares,
+            record.maxLiabilityShares,
+            _mintableStETH(_vault, _vh),
+            connection.shareLimit,
+            connection.reserveRatioBP,
+            connection.forcedRebalanceThresholdBP,
+            connection.infraFeeBP,
+            connection.liquidityFeeBP,
+            connection.reservationFeeBP,
+            _vh.isPendingDisconnect(_vault)
+        );
+    }
+
     /// @notice handle sanity checks for the vault lazy report data
     /// @param _vault the address of the vault
     /// @param _totalValue the total value of the vault in refSlot
     /// @param _reportRefSlot the refSlot of the report
     /// @param _reportTimestamp the timestamp of the report
     /// @param _cumulativeLidoFees the cumulative Lido fees accrued on the vault (nominated in ether)
+    /// @param _liabilityShares the liabilityShares value of the vault (on the _reportRefSlot)
+    /// @param _maxLiabilityShares the maxLiabilityShares value of the vault (on the _reportRefSlot)
     /// @return totalValueWithoutQuarantine the smoothed total value of the vault after sanity checks
     /// @return inOutDeltaOnRefSlot the inOutDelta in the refSlot
     function _handleSanityChecks(
         address _vault,
         uint256 _totalValue,
-        uint48 _reportRefSlot,
+        uint256 _reportRefSlot,
         uint256 _reportTimestamp,
         uint256 _cumulativeLidoFees,
         uint256 _liabilityShares,
         uint256 _maxLiabilityShares
     ) internal returns (uint256 totalValueWithoutQuarantine, int256 inOutDeltaOnRefSlot) {
         VaultHub vaultHub = _vaultHub();
         VaultHub.VaultRecord memory record = vaultHub.vaultRecord(_vault);
+        uint48 previousReportTs = record.report.timestamp;
 
         // 0. Check if the report is already fresh enough
-        if (uint48(_reportTimestamp) <= record.report.timestamp) {
+        if (uint48(_reportTimestamp) <= previousReportTs) {
             revert VaultReportIsFreshEnough();
         }
 
         // 1. Calculate inOutDelta in the refSlot
         int256 currentInOutDelta = record.inOutDelta.currentValue();
-        inOutDeltaOnRefSlot = record.inOutDelta.getValueForRefSlot(_reportRefSlot);
+        inOutDeltaOnRefSlot = record.inOutDelta.getValueForRefSlot(uint48(_reportRefSlot));
 
         // 2. Sanity check for total value increase
-        totalValueWithoutQuarantine = _processTotalValue(_vault, _totalValue, inOutDeltaOnRefSlot, record);
+        totalValueWithoutQuarantine = _processTotalValue(
+            _vault, _totalValue, inOutDeltaOnRefSlot, record, _reportTimestamp);
 
         // 3. Sanity check for dynamic total value underflow
         if (int256(totalValueWithoutQuarantine) + currentInOutDelta - inOutDeltaOnRefSlot < 0) {
@@ -417,7 +437,7 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
             revert CumulativeLidoFeesTooLow(_cumulativeLidoFees, previousCumulativeLidoFees);
         }
 
-        uint256 maxLidoFees = (_reportTimestamp - record.report.timestamp) * uint256(_storage().maxLidoFeeRatePerSecond);
+        uint256 maxLidoFees = (_reportTimestamp - previousReportTs) * uint256(_storage().maxLidoFeeRatePerSecond);
         if (_cumulativeLidoFees - previousCumulativeLidoFees > maxLidoFees) {
             revert CumulativeLidoFeesTooLarge(_cumulativeLidoFees - previousCumulativeLidoFees, maxLidoFees);
         }
@@ -468,7 +488,8 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
         address _vault,
         uint256 _reportedTotalValue,
         int256 _inOutDeltaOnRefSlot,
-        VaultHub.VaultRecord memory record
+        VaultHub.VaultRecord memory record,
+        uint256 _reportTimestamp
     ) internal returns (uint256 totalValueWithoutQuarantine) {
         if (_reportedTotalValue > MAX_SANE_TOTAL_VALUE) {
             revert TotalValueTooLarge();
@@ -493,7 +514,7 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
         uint256 quarantineThreshold =
             onchainTotalValueOnRefSlot * (TOTAL_BASIS_POINTS + $.maxRewardRatioBP) / TOTAL_BASIS_POINTS;
         // 3. Determine current quarantine state
-        QuarantineState currentState = _determineQuarantineState(quarantine, quarantinedValue, $);
+        QuarantineState currentState = _determineQuarantineState(quarantine, quarantinedValue, _reportTimestamp);
 
 
         // Execute logic based on current state and conditions ----------------
@@ -505,7 +526,12 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
                 return _reportedTotalValue;
             } else {
                 // Transition: NO_QUARANTINE → QUARANTINE_ACTIVE (start new quarantine)
-                _startNewQuarantine(_vault, quarantine, _reportedTotalValue - onchainTotalValueOnRefSlot, $.vaultsDataTimestamp);
+                _startNewQuarantine(
+                    _vault,
+                    quarantine,
+                    _reportedTotalValue - onchainTotalValueOnRefSlot,
+                    _reportTimestamp
+                );
                 return onchainTotalValueOnRefSlot;
             }
         } else if (currentState == QuarantineState.QUARANTINE_ACTIVE) {
@@ -533,7 +559,7 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
             } else {
                 // Transition: QUARANTINE_EXPIRED → QUARANTINE_ACTIVE (release old, start new)
                 emit QuarantineReleased(_vault, quarantinedValue);
-                _startNewQuarantine(_vault, quarantine, totalValueIncrease - quarantinedValue, $.vaultsDataTimestamp);
+                _startNewQuarantine(_vault, quarantine, totalValueIncrease - quarantinedValue, _reportTimestamp);
                 return onchainTotalValueOnRefSlot + quarantinedValue;
             }
         }
@@ -542,24 +568,24 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
     function _determineQuarantineState(
         Quarantine storage _quarantine,
         uint256 _quarantinedValue,
-        Storage storage $
+        uint256 _vaultsDataTimestamp
     ) internal view returns (QuarantineState) {
         if (_quarantinedValue == 0) {
             return QuarantineState.NO_QUARANTINE;
         }
 
-        bool isQuarantineExpired = ($.vaultsDataTimestamp - _quarantine.startTimestamp) >= $.quarantinePeriod;
+        bool isQuarantineExpired = (_vaultsDataTimestamp - _quarantine.startTimestamp) >= _storage().quarantinePeriod;
         return isQuarantineExpired ? QuarantineState.QUARANTINE_EXPIRED : QuarantineState.QUARANTINE_ACTIVE;
     }
 
     function _startNewQuarantine(
         address _vault,
         Quarantine storage _quarantine,
         uint256 _amountToQuarantine,
-        uint64 _currentTimestamp
+        uint256 _currentTimestamp
     ) internal {
         _quarantine.pendingTotalValueIncrease = uint128(_amountToQuarantine);
-        _quarantine.startTimestamp = _currentTimestamp;
+        _quarantine.startTimestamp = uint64(_currentTimestamp);
         emit QuarantineActivated(_vault, _amountToQuarantine);
     }
 
@@ -575,9 +601,8 @@ contract LazyOracle is ILazyOracle, AccessControlEnumerableUpgradeable {
         emit SanityParamsUpdated(_quarantinePeriod, _maxRewardRatioBP, _maxLidoFeeRatePerSecond);
     }
 
-    function _mintableStETH(address _vault) internal view returns (uint256) {
-        VaultHub vaultHub = _vaultHub();
-        uint256 mintableShares = vaultHub.totalMintingCapacityShares(_vault, 0 /* zero eth delta */);
+    function _mintableStETH(address _vault, VaultHub _vh) internal view returns (uint256) {
+        uint256 mintableShares = _vh.totalMintingCapacityShares(_vault, 0 /* zero eth delta */);
         return _getPooledEthBySharesRoundUp(mintableShares);
     }