Skip to content

fix: maxWithdraw returns 0 instead of reverting on zero share ratio#304

Merged
thedavidmeister merged 5 commits into
mainfrom
2026-05-14-max-withdraw-no-revert
May 14, 2026
Merged

fix: maxWithdraw returns 0 instead of reverting on zero share ratio#304
thedavidmeister merged 5 commits into
mainfrom
2026-05-14-max-withdraw-no-revert

Conversation

@thedavidmeister
Copy link
Copy Markdown
Collaborator

@thedavidmeister thedavidmeister commented May 14, 2026

Summary

  • ERC-4626 requires maxWithdraw MUST NOT revert.
  • ERC20PriceOracleReceiptVault._shareRatioUserAgnostic returns id, so maxWithdraw(owner, 0) produces a zero share ratio and panics with Panic(0x12) inside _calculateRedeem. A zero share ratio means no deposit at this id has ever existed; the max withdrawable is 0. Short-circuit before the math.
  • Pinned by a targeted test (testMaxWithdrawZeroIdDoesNotRevert) and a broad fuzz (testMaxWithdrawAnyIdDoesNotRevert).

Part of #303 (full ERC-4626 spec compliance is broader and remains open).

Test plan

  • TDD: new tests fail against unfixed code with Panic(0x12); pass after the fix.
  • Full non-fork suite green (341/341).
  • CI passes

🤖 Generated with Claude Code

@thedavidmeister @claude
fix: maxWithdraw returns 0 instead of reverting on zero share ratio
efcf62b 
ERC-4626 specifies that maxWithdraw MUST NOT revert
(https://eips.ethereum.org/EIPS/eip-4626#maxwithdraw).
`ERC20PriceOracleReceiptVault._shareRatioUserAgnostic` returns `id` as the
share ratio, so `maxWithdraw(owner, 0)` produces a zero share ratio and
panics with `Panic(0x12)` from divide-by-zero inside `_calculateRedeem`.
A zero share ratio at this surface means no deposit at this id has ever
existed, so the max withdrawable is 0. Short-circuit before the math.

Part of #303 (full ERC-4626 spec compliance is broader and remains open).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@thedavidmeister thedavidmeister self-assigned this May 14, 2026
@thedavidmeister @claude
test: fuzz maxWithdraw across full id range
b2ba6dd 
`testMaxWithdrawZeroIdDoesNotRevert` pins the id=0 boundary; this fuzz
covers every id including ones the vault never minted a receipt for.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 14, 2026
edited
Loading

Warning

Rate limit exceeded

@thedavidmeister has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 43 minutes and 2 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5e22987b-0e3c-4430-b56a-7f31e2a40513

📥 Commits

Reviewing files that changed from the base of the PR and between 78390b1 and b9c0957.

📒 Files selected for processing (3)
  • src/abstract/ReceiptVault.sol
  • test/src/concrete/authorize/OffchainAssetReceiptVaultPaymentMintAuthorizerV1.deposit.t.sol
  • test/src/concrete/vault/ERC20PriceOracleReceiptVault.maxWithdraw.t.sol
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch 2026-05-14-max-withdraw-no-revert

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

thedavidmeister and others added 3 commits May 14, 2026 17:42
@thedavidmeister @claude
test: filter contract addresses from PaymentMintAuthorizer fuzz
dbd29b8 
`testMintSimpleRealReceiptVault` asserts `ERC20InsufficientBalance` when
alice mints without paying first. The upper-half-address `vm.assume`
filter is insufficient — fuzzer-generated addresses in that range can
have code (e.g. precompiles spilled into the address space), in which
case the ERC1155 receipt mint trips `ERC1155InvalidReceiver` before the
ERC20 balance check, masking the asserted revert.

`maxWithdraw` bytecode change shifted the fuzz seed and surfaced an
existing flake; the fix is to filter receivers to EOAs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@thedavidmeister @claude
test: drop verbose comment from fuzz assume
59fc3c5 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@thedavidmeister @claude
fix(slither): annotate strict-equality guard in maxWithdraw
b9c0957 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@thedavidmeister thedavidmeister merged commit 0dd34fe into main May 14, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@thedavidmeister thedavidmeister

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thedavidmeister