2026 02 23 audit

[thedavidmeister]

Motivation

Solution

Checks

By submitting this for review, I'm confirming I've done the following:

• made this PR as small as possible
• unit-tested any new functionality
• linked any relevant issues or PRs
• included screenshots (if this involves a front-end change)

Summary by CodeRabbit

• New Features

  • Updated geometric mean operation to support signed values, including negative inputs.

• Updates

  • Updated contract deployment addresses and code hashes for interpreter and registry components.

• Tests

  • Added test coverage for comparison operations with floating-point and negative values.
  • Expanded test cases for exponential functions with negative inputs.
  • Enhanced external reference function error handling validation.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5ef7419 and 845e805.

⛔ Files ignored due to path filters (3)

• TESTING.md is excluded by !TESTING.md
• audit/2026-02-17-03/triage.md is excluded by !audit/**
• src/generated/Rainterpreter.pointers.sol is excluded by !**/generated/**

📒 Files selected for processing (9)

• src/lib/deploy/LibInterpreterDeploy.sol
• src/lib/op/math/LibOpGm.sol
• test/src/lib/op/00/LibOpExtern.t.sol
• test/src/lib/op/logic/LibOpGreaterThanOrEqualTo.t.sol
• test/src/lib/op/logic/LibOpLessThanOrEqualTo.t.sol
• test/src/lib/op/math/LibOpE.t.sol
• test/src/lib/op/math/LibOpExp.t.sol
• test/src/lib/op/math/LibOpExp2.t.sol
• test/src/lib/op/math/LibOpGm.t.sol

---

📝 Walkthrough

Walkthrough

Updates deployment contract addresses and code hashes in LibInterpreterDeploy.sol. Modifies LibOpGm.sol to compute signed geometric mean instead of unsigned. Adds comprehensive test coverage for comparison operations with negative values and new math operation tests for edge cases.

Changes

Cohort / File(s)	Summary
Deployment Configuration src/lib/deploy/LibInterpreterDeploy.sol	Updated four deployment constants: INTERPRETER_DEPLOYED_ADDRESS, INTERPRETER_DEPLOYED_CODEHASH, DISPAIR_REGISTRY_DEPLOYED_ADDRESS, and DISPAIR_REGISTRY_DEPLOYED_CODEHASH with new blockchain addresses and bytecode hashes.
Math Operations Logic src/lib/op/math/LibOpGm.sol	Changed geometric mean operation from unsigned to signed: computes sign \* sqrt(|a| \* |b|) where sign is negative if exactly one input is negative. Updated both run and referenceFn paths with absolute value handling and sign application logic.
Comparison Operation Tests test/src/lib/op/logic/LibOpGreaterThanOrEqualTo.t.sol, test/src/lib/op/logic/LibOpLessThanOrEqualTo.t.sol	Added new test functions covering floating-point and negative input scenarios for >= and <= operations. Modified LibOpLessThanOrEqualTo fail-0-inputs test to parse bytecode before assertion.
Math Operation Tests test/src/lib/op/math/LibOpE.t.sol, test/src/lib/op/math/LibOpExp.t.sol, test/src/lib/op/math/LibOpExp2.t.sol	Added validation tests: operand-disallowed expression parsing for e(), negative input coverage for exp(-1) and exp2(-1) with lossy float assertions.
Geometric Mean Tests test/src/lib/op/math/LibOpGm.t.sol	Expanded test suite with mixed-sign, zero-interaction, and byte-equivalence scenarios. Updated testOpGmRun to allow negative coefficients. Added eight new test functions covering gm behavior with both negative, mixed-sign, and zero inputs.
Extern Operation Tests test/src/lib/op/00/LibOpExtern.t.sol	Introduced externalReferenceFn external wrapper delegating to LibOpExtern.referenceFn. Added two new test functions validating referenceFn error handling for mismatched output lengths (BadOutputsLength).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• rainlanguage/rain.interpreter#396: Directly modifies the geometric mean operation (LibOpGm.sol) and its test coverage in the same code areas.

Poem

🐰 Fresh addresses hop in, geometric signs now bloom,
Negative and positive dance through the room,
Tests multiply like rabbits, covering every case,
From mixed signs to zero—completeness wins the race! 🌱✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title '2026 02 23 audit' is a date-based label with no meaningful information about the actual changes in the pull request.	Use a descriptive title that clearly summarizes the main changes, such as 'Implement signed geometric mean and add audit test coverage' or 'Add signed GM operation and audit test cases'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 2026-02-23-audit

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

@coderabbitai assess this PR size classification for the totality of the PR with the following criterias and report it in your comment:

S/M/L PR Classification Guidelines:

This guide helps classify merged pull requests by effort and complexity rather than just line count. The goal is to assess the difficulty and scope of changes after they have been completed.

Small (S)

Characteristics:

• Simple bug fixes, typos, or minor refactoring
• Single-purpose changes affecting 1-2 files
• Documentation updates
• Configuration tweaks
• Changes that require minimal context to review

Review Effort: Would have taken 5-10 minutes

Examples:

• Fix typo in variable name
• Update README with new instructions
• Adjust configuration values
• Simple one-line bug fixes
• Import statement cleanup

Medium (M)

Characteristics:

• Feature additions or enhancements
• Refactoring that touches multiple files but maintains existing behavior
• Breaking changes with backward compatibility
• Changes requiring some domain knowledge to review

Review Effort: Would have taken 15-30 minutes

Examples:

• Add new feature or component
• Refactor common utility functions
• Update dependencies with minor breaking changes
• Add new component with tests
• Performance optimizations
• More complex bug fixes

Large (L)

Characteristics:

• Major feature implementations
• Breaking changes or API redesigns
• Complex refactoring across multiple modules
• New architectural patterns or significant design changes
• Changes requiring deep context and multiple review rounds

Review Effort: Would have taken 45+ minutes

Examples:

• Complete new feature with frontend/backend changes
• Protocol upgrades or breaking changes
• Major architectural refactoring
• Framework or technology upgrades

Additional Factors to Consider

When deciding between sizes, also consider:

• Test coverage impact: More comprehensive test changes lean toward larger classification
• Risk level: Changes to critical systems bump up a size category
• Team familiarity: Novel patterns or technologies increase complexity

Notes:

• the assessment must be for the totality of the PR, that means comparing the base branch to the last commit of the PR
• the assessment output must be exactly one of: S, M or L (single-line comment) in format of: SIZE={S/M/L}
• do not include any additional text, only the size classification
• your assessment comment must not include tips or additional sections
• do NOT tag me or anyone else on your comment

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

SIZE=L