fix: rounding in the protocol's favor

[0xJabberwock]

Description

After thoroughly reviewing the BasePoolMath library in search of rounding inconsistencies, I've found some cases in which multiplications (mulUp / mulDown) or divisions (divUp / divDown) weren't favorable to the protocol.

Type of change

• Bug fix
• New feature
• Breaking change
• Dependency changes
• Code refactor / cleanup
• Documentation or wording changes
• Other

Checklist:

• The diff is legible and has no extraneous changes
• Complex code has been commented, including external interfaces
• Tests have 100% code coverage
• The base branch is either main, or there's a description of how to merge

Issue Resolution

Closes #395.

[openzeppelin-code]

fix: rounding in the protocol's favour

Generated at commit: 2771ba7a09582fde5475b4eafaad31f6d7bbbd31

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	2 1 0 10 36 49
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

---

For more details view the full report in OpenZeppelin Code Inspector

[0xJabberwock]

Prefix increments and decrements (++i; --i) are cheaper than postfix increments and decrements (i++; i--) in terms of gas.

[wei3erHase]

how come no gas snapshots have changed? 👀

[wei3erHase]

i think there are a lot of loops around the codebase, let's try that in a new PR and see the gas snapshots improvements (avoid cross-function prs when possible)

[EndymionJkb]

Also, there's a 1% threshold on the gas snapshots, so maybe they did change, just less than 1%

[0xJabberwock]

I've made further research regarding the gas costs incurred when using prefix or postfix increments or decrements, specifically within for loop declarations. It seems that compiling via_ir = true equals the gas expenditures. For more details, refer to ethereum/solidity#14595.

[0xJabberwock]

The protocol is interested in taxing a larger amount in order to charge more swap fees which, in turn, help in reducing the amount of BPT to bid during addLiquidityUnbalanced.

[0xJabberwock]

The protocol is interested in maximizing the amount of BPT to ask for during removeLiquiditySingleTokenExactOut.

[0xJabberwock]

The protocol is interested in taxing a larger amount in order to charge more swap fees which, in turn, help in reducing the amount of tokenOut to bid during removeLiquiditySingleTokenExactIn.

[wei3erHase]

but isn't this increasing the nonTaxable part?

[HickupHH3]

Perhaps rename nonTaxableBalance, the tax is calculated from it, which implies the tax is actually a part of nonTaxableBalance.

balanceBeforeTax maybe?

[jubeira]

Good points. balanceBeforeTax or newProportionalBalance could be better suited. I had the same question as @wei3erHase when we first put this code together.

[EndymionJkb]

Should check if there's anywhere else where "taxable" or "nonTaxable" is used confusingly. Should add a comment about the rounding direction after fixing the names.

[0xJabberwock]

The protocol is interested in taxing a larger amount in order to charge more swap fees which, in turn, help in augmenting the amount of tokenIn to ask for during addLiquiditySingleTokenExactOut.

[wei3erHase]

interesting, would you run ./pkg/vault$ yarn test:forge to see if there are gas savings with this?

[jubeira]

I think this TODO is inherited from V2 code. I'd leave it out of this PR; it doesn't sound very important.

Sidenote: there's now an mcopy opcode since the last hardfork.
There are other places where we're copying arrays, although it's usually for scaling (we have to do math on every element anyways, so perhaps mcopy doesn't save much). See #308.

[EndymionJkb]

In V3 we're avoiding assembly if at all possible (e.g., not with transients quite yet), generally favoring clarity/ease of review/audit over speed.

[0xJabberwock]

interesting, would you run ./pkg/vault$ yarn test:forge to see if there are gas savings with this?

Indeed, there are some gas savings as a result of both gas optimizations introduced. However, I agree that they should be addressed separately in a further PR so as to target single concerns.

[jubeira]

Looks good, thanks @0xJabberwock!

As @wei3erHase points out, let's please try to keep PRs targeting single concerns whenever possible.
For this one in particular, the pre-increments in the for loops are fine, but let's leave the assembly optimization for another one. The rest looks good!

[jubeira]

I think this TODO is inherited from V2 code. I'd leave it out of this PR; it doesn't sound very important.

Sidenote: there's now an mcopy opcode since the last hardfork.
There are other places where we're copying arrays, although it's usually for scaling (we have to do math on every element anyways, so perhaps mcopy doesn't save much). See #308.

[jubeira]

Good points. balanceBeforeTax or newProportionalBalance could be better suited. I had the same question as @wei3erHase when we first put this code together.

[jubeira]

Suggested change

	// mulUp/divUp maximize the amount of tokens burned for the security reasons
	// mulUp/divUp maximizes the amount of tokens burned for security reasons

[EndymionJkb]

Do we just want to say "to favor the protocol," as elsewhere, instead of "for security reasons"? We are favoring the protocol for security reasons, but maybe we can say that in one place at the top, e.g.: "For security reasons, to help ensure that for all possible "round trip" paths, the caller always receives the same or fewer tokens than supplied, we have chosen the rounding direction to favor the protocol in all cases."

[EndymionJkb]

Suggested change

	// mulDown/divDown minimize amount of pool tokens to mint.
	// mulDown/divDown minimizes the amount of pool tokens to mint.

For consistency with other comments. It seems like it should be singular if you read it "mulDown and divDown", but you can think of it as "the combination of mulDown/divDown," or the "mulDown/divDown expression" which would make it minimizes.

[EndymionJkb]

Suggested change

	// If so, calculate the taxable amount.
	// If so, calculate the taxable amount, rounding in favor of the protocol.
	// We round the invariantRatio term down to subtract less and get a higher `taxableAmount`, which
	// charges higher swap fees, reducing the amount of BPT that will be minted.

As elsewhere, I'd comment the reasoning for the rounding direction, so that it can be explicitly reviewed, and we're not always reverse engineering it.

[EndymionJkb]

Suggested change

	// between the actual amount in and the non-taxable balance
	// between the actual amount in and the non-taxable balance. Round the `nonTaxableBalance` down to
	// favor the protocol by increasing the taxable amount, which charges higher swap fees, ultimately increasing
	// the amount of `tokenIn` that will be transferred from the caller.

[EndymionJkb]

In V3 we're avoiding assembly if at all possible (e.g., not with transients quite yet), generally favoring clarity/ease of review/audit over speed.

[EndymionJkb]

Do we just want to say "to favor the protocol," as elsewhere, instead of "for security reasons"? We are favoring the protocol for security reasons, but maybe we can say that in one place at the top, e.g.: "For security reasons, to help ensure that for all possible "round trip" paths, the caller always receives the same or fewer tokens than supplied, we have chosen the rounding direction to favor the protocol in all cases."

[EndymionJkb]

Should check if there's anywhere else where "taxable" or "nonTaxable" is used confusingly. Should add a comment about the rounding direction after fixing the names.

[0xJabberwock]

During computeRemoveLiquiditySingleTokenExactIn, it turns out that, in order for the taxableAmount to be as large as possible, we would want newBalanceBeforeTax to be rounded up and newBalance to be rounded down.

Nevertheless, newBalance was previously subtracted from currentBalances[tokenOutIndex] so as to compute amountOut; since we'd want the latter to be as low as possible, newBalance had been rounded up initially.

In consequence, a conflict of interests arises regarding the rounding of newBalance.

[jubeira]

I think it's fine.
Taxable balance is not as important as amounts out to withdraw.

[HickupHH3]

Might be good to document this rounding conflict and priority in rounding amountOut over taxableAmount so we need not repeat thinking through this again :)

[EndymionJkb]

Yes, we should always document the reason for the rounding: see #468 (comment)

[jubeira]

This is looking good IMO, thanks @0xJabberwock !
@EndymionJkb @joaobrunoah would you mind giving it one last look before merging?

/cc @HickupHH3

[jubeira]

I think it's fine.
Taxable balance is not as important as amounts out to withdraw.

[EndymionJkb]

Looks great. The only thing we might still want to address is the comment in computeRemoveLiquiditySingleTokenExactIn:

"In consequence, a conflict of interests arises regarding the rounding of newBalance."