Skip to content

Introduce logic to compute approval overrides#4401

Merged
MartinquaXD merged 5 commits into
mainfrom
approval-overrides
May 12, 2026
Merged

Introduce logic to compute approval overrides#4401
MartinquaXD merged 5 commits into
mainfrom
approval-overrides

Conversation

@MartinquaXD
Copy link
Copy Markdown
Contributor

@MartinquaXD MartinquaXD commented May 11, 2026

Description

Uses the same ideas as the balance override logic to compute approval overrides. This will be used in a new implementation of the trade verification.

Changes

  • implemented various strategies for overriding balances:
    • mapping (owner -> spender)
    • mapping (spender -> owner)
    • solady
    • direct storage slot
  • added logic to simulator crate to generate approval overrides

How to test

added a few tests

@MartinquaXD MartinquaXD requested a review from a team as a code owner May 11, 2026 15:35
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request implements an ERC-20 approval override detection system, enabling the simulator to identify and override allowance storage slots using Solidity and Solady heuristics. A high-severity security issue was identified in the Detector caching logic, which is vulnerable to cache stampedes because the mutex is released before performing expensive uncached detections.

Comment thread crates/balance-overrides/src/approval/mod.rs
Comment on lines +231 to +245
let mut cache = self.cache.lock().unwrap();
if let Some(strategy) = cache.cache_get(&(token, None)) {
tracing::trace!(?token, "cache hit (strategy valid for all pairs)");
return strategy.clone();
}
if let Some(strategy) = cache.cache_get(&(token, Some((owner, spender)))) {
tracing::trace!(
?token,
?owner,
?spender,
"cache hit (pair-specific strategy)"
);
return strategy.clone();
}
}
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

The current caching logic is susceptible to a cache stampede (thundering herd) because the lock is released before performing the potentially expensive detect_uncached call. If multiple concurrent requests arrive for the same uncached token, they will all trigger redundant simulations and RPC calls. Consider using a synchronization primitive like tokio::sync::OnceCell or a dashmap with entry API to ensure only one detection task runs per token. Additionally, ensure the cache is size-bounded to prevent potential Denial of Service attacks via memory exhaustion from user-provided data.

References
  1. Caches that store user-provided data must be size-bounded to prevent potential Denial of Service attacks via memory exhaustion.

jmg-duarte
jmg-duarte reviewed May 11, 2026
View reviewed changes
Comment thread crates/balance-overrides/src/lib.rs Outdated
Comment thread crates/balance-overrides/src/lib.rs Outdated
Comment thread crates/balance-overrides/src/lib.rs Outdated
Comment thread crates/balance-overrides/src/lib.rs Outdated
Comment thread crates/balance-overrides/src/lib.rs Outdated
Comment thread crates/balance-overrides/src/approval/mod.rs
Comment thread crates/balance-overrides/src/approval/mod.rs Outdated
Comment thread crates/balance-overrides/src/approval/mod.rs Outdated
Comment thread crates/balance-overrides/src/approval/mod.rs Outdated
Comment thread crates/balance-overrides/src/approval/mod.rs Outdated
@MartinquaXD MartinquaXD force-pushed the refactor-balance-override-logic branch from f86a64c to c66dbfd Compare May 12, 2026 08:29
@MartinquaXD MartinquaXD force-pushed the approval-overrides branch 2 times, most recently from 377a941 to 2d1f649 Compare May 12, 2026 10:47
Base automatically changed from refactor-balance-override-logic to main May 12, 2026 11:14
MartinquaXD and others added 4 commits May 12, 2026 11:25
@MartinquaXD @claude
Add approval/ submodule and approval_override to StateOverriding trait
def2888 
Adds ERC-20 allowance override detection and application: a new
`approval/` submodule with `ApprovalStrategy`, `ApprovalOverrideRequest`,
and `Detector` (mirrors the balance side). Extends the `StateOverriding`
trait with `approval_override()` and wires it into the simulator's
`AccountOverrideRequest::Approval` variant.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@MartinquaXD
address some comments
a125cd3
@MartinquaXD
more nits
7a50e2b
@MartinquaXD
split timeout off
826863d
@MartinquaXD MartinquaXD force-pushed the approval-overrides branch from 14721db to 826863d Compare May 12, 2026 11:25
@MartinquaXD MartinquaXD added this pull request to the merge queue May 12, 2026
Merged via the queue into main with commit 0865709 May 12, 2026
28 of 34 checks passed
@MartinquaXD MartinquaXD deleted the approval-overrides branch May 12, 2026 12:38
@github-actions github-actions Bot locked and limited conversation to collaborators May 12, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jmg-duarte jmg-duarte jmg-duarte approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MartinquaXD @jmg-duarte