Skip to content

docs(trc-4626): restore Security Considerations notes agreed in #840 (share-inflation mitigation + decimal basis)#898

Open
BlackChar92 wants to merge 1 commit into
tronprotocol:masterfrom
BlackChar92:docs/trc4626-security-notes
Open

docs(trc-4626): restore Security Considerations notes agreed in #840 (share-inflation mitigation + decimal basis)#898
BlackChar92 wants to merge 1 commit into
tronprotocol:masterfrom
BlackChar92:docs/trc4626-security-notes

Conversation

@BlackChar92

Copy link
Copy Markdown

Per #897 / #840.

The April-17 Last Call summary in #840 stated that two non-normative implementation notes would be folded into Security Considerations before Last Call — the share-inflation / donation mitigation and a decimal-basis note — but neither made it into the published tip-4626.md. This PR adds them.

Non-normative clarification only. Security Considerations text; no change to the interface, events, rounding requirements, or any required behavior (TRC-4626 is Final).

  • Share-inflation / first-depositor (donation) attack — points at the virtual shares/assets offset (OpenZeppelin) and initial seeding as mitigations, and frames the cost as scaling with the vault asset's decimals (not chain-specific; a 6-decimal asset such as USDT is simply the cheaper case).
  • Decimal basis — TRX / most TIP-20 stablecoins are 6 decimals; vaults should document their decimal basis and integrators should read decimals() from both the vault and the underlying rather than hardcoding.

Closes #897.

…rotocol#840

Adds the share-inflation/donation mitigation and decimal-basis notes that the
tronprotocol#840 Last Call summary said would be folded in but never landed in tip-4626.md.
Non-normative: Security Considerations text only; no interface/event/behavior change.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

TRC-4626: the share-inflation mitigation note agreed in #840 is missing from the published spec

1 participant