refactor(audit-low): style + refactor sweep — ~22 LOW findings

[hardyjosh]

Bulk LOW-severity stylistic / refactor changes that have no behavioural
risk:

Style:

• [A01-1] [LOW] BasePythOracleAdapter: bare src/ import paths break submodule consumers #114 [A03-1] [LOW] MultiOracleUnifiedDeployer: bare src/ imports break submodule consumers #117 [A06-1] [LOW] OracleUnifiedDeployer: bare src/ imports break submodule consumers #122 [A12-1] [LOW] PassthroughProtocolAdapter: bare src/ imports break submodule consumers #128 [A13-2] [LOW] OracleRegistry: bare src/ import for AggregatorV3Interface #131 [A09-3] [LOW] MultiPythOracleAdapter: bare src/ import for BasePythOracleAdapter #136 [A10-1] [LOW] PythOracleAdapter: bare src/ import for BasePythOracleAdapter #137 [A11-4] [LOW] MorphoProtocolAdapter: bare src/ imports break submodule consumers #138 [A02-1] [LOW] MorphoProtocolAdapterBeaconSetDeployer: bare src/ imports #139 [A04-2] [LOW] MultiPythOracleAdapterBeaconSetDeployer: bare src/ import #140 [A05-2] [LOW] OracleRegistryBeaconSetDeployer: bare src/ import #141 [A07-1] [LOW] PassthroughProtocolAdapterBeaconSetDeployer: bare src/ imports #142 [A08-1] [LOW] PythOracleAdapterBeaconSetDeployer: bare src/ import #143:
  project-namespaced remapping st0x.oracle/=src/; all internal
  imports rewritten to use it so the repo is consumable as a git
  submodule without remapping conflicts.
• [A16-1] [LOW] LibProdDeploy: pragma is ^0.8.25, all other src files pin =0.8.25 #134: LibProdDeploy.sol pragma pinned to =0.8.25.
• [A04-1] [LOW] MultiPythOracleAdapterBeaconSetDeployer: error names use Multi prefix inconsistent with siblings #119: MultiZero*/InitializeMultiOracleFailed errors in
  MultiPythOracleAdapterBeaconSetDeployer renamed to match sibling
  deployer naming (ZeroImplementation, ZeroBeaconOwner,
  InitializeAdapterFailed).

Refactors:

• [A11-3] [LOW] MorphoProtocolAdapter: duplicates OnlyAdmin/ZeroAdmin/ZeroVault errors with siblings #127: file-level OnlyAdmin / ZeroAdmin / ZeroVault / ZeroRegistry /
  OracleNotFound hoisted to src/lib/LibOracleErrors.sol; 4 consumers
  updated (BasePythOracleAdapter, OracleRegistry, MorphoProtocolAdapter,
  PassthroughProtocolAdapter).
• [A13-1] [LOW] OracleRegistry: setOracleBulk loop variable 'i' and missing onlyAdmin in modifier order #130: OracleRegistry extracts _setOracle helper consumed by both
  setOracle and setOracleBulk.
• [A09-2] [LOW] MultiPythOracleAdapter: setFeeds elides per-feed bound-vs-MAX_FEEDS check inconsistent with initialize #124: MultiPythOracleAdapter.initialize bound checks already
  centralised in _setFeeds — no further dedup required (PR fix(audit-low): code-correctness sweep — 10 LOW findings in one pass #230 [A09-2] [LOW] MultiPythOracleAdapter.setFeeds reuses _setFeeds wipe-then-write pattern that leaks gas on shrink without bounding cost #41).
• [A11-1] [LOW] MorphoProtocolAdapter: NonPositivePrice error has no params, BasePythOracleAdapter's takes int256 #125: MorphoProtocolAdapter.NonPositivePrice carries int256 price
  matching BasePythOracleAdapter.
• [A11-2] [LOW] MorphoProtocolAdapter: unsafe-typecast warning on uint256(answer) and magic 1e28 #126: MorphoProtocolAdapter 1e28 magic number replaced with named
  constants derived from MORPHO_PRICE_SCALE and EXPECTED_ORACLE_DECIMALS
  (SCALE_MULTIPLIER = MORPHO_PRICE_SCALE / 10**EXPECTED_ORACLE_DECIMALS).
• [A01-2] [LOW] BasePythOracleAdapter: unsafe-typecast warning on int256(price8) cast #115: BasePythOracleAdapter int256(price8) cast annotated with
  forge-lint disable + safety comment.
• [A09-1] [LOW] MultiPythOracleAdapter: short loop variable name 'i' and 'p' in cascade #123: MultiPythOracleAdapter._tryGetPrice local p → fetchedPrice
  (named-return is already price, so use a distinct name).
• [A15-1] [LOW] LibCorporateActionsPause: vault local var name shadows the parameter and naming hides intent #133: LibCorporateActionsPause local vault → corporateActions
  to avoid shadowing the priced-vault meaning; also documents the
  discarded tuple-return placeholder.
• [A15p5-4] [LOW] LibCorporateActionsPause: no defensive effectiveTime != 0 guard for cancelled-node sentinel #200: LibCorporateActionsPause adds defensive effectiveTime != 0
  belt-and-suspenders on top of the NODE_NONE cursor check in both
  pre- and post-window branches.

Storage hardening (#116, #218):

• BasePythOracleAdapter storage groups separated by comment banners
  ("mutable governance" vs "immutable-after-init corporate-action
  config" vs "reserved slots"); ends with a uint256[50] __gap
  reserved-slot array so future base additions don't shift subclass
  slots. Subclass slot positions shift one-time by 50; safe because
  no live deployment exists. Adds vm.load-based storage layout test
  pinning vault at slot 0 and MultiPythOracleAdapter.feedCount at
  the post-gap slot 55.

forge build, forge fmt --check, slither (0 results), and REUSE all
green. Test count delta: 147 → 148 (+1, the new storage layout test).
No behaviour change to user-visible APIs beyond
NonPositivePrice(int256) shape change and storage layout (documented
above).

Closes #114, #115, #116, #117, #119, #122, #123, #124, #125, #126,
#127, #128, #130, #131, #133, #134, #136, #137, #138, #139, #140,
#141, #142, #143, #200, #218.

Co-Authored-By: Claude Opus 4.7 noreply@anthropic.com

[hardyjosh]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(subgraph): update PythOracleAdapterInitialized event signatures for pauseConfig #234
• fix(audit-low): close 2 hazard-surface findings #233
• test(audit-low): coverage sweep 2 — 15 LOW test findings in one pass #232
• refactor(audit-low): style + refactor sweep — ~22 LOW findings #231 👈 (View in Graphite)
• fix(audit-low): code-correctness sweep — 10 LOW findings in one pass #230
• test(audit): close 10 MEDIUM test-coverage gaps in one sweep #228 : 1 other dependent PR (#229 )
• fix(morpho): require 8-decimal upstream oracle (audit #187) #224 : 2 other dependent PRs (#225 , #227 )
• refactor(interface): rename to AggregatorV2V3Interface + add getRoundData #222 : 1 other dependent PR (#223 )
• chore: remove MultiPythOracleAdapter for Euler launch #238
• docs: README refresh + integrator notes for corporate-action auto-pause (RAI-325) #26 : 1 other dependent PR (#221 )
• feat(deploy): thread CorporateActionPauseConfig through unified deployers (RAI-322) #25
• test: auto-pause revert propagation through protocol adapters (RAI-321) #24
• feat(oracle): wire corporate-action auto-pause into BasePythOracleAdapter (RAI-320) #23
• feat(lib): LibCorporateActionsPause reader helper (RAI-319) #22
• docs(spec): corporate-action-aware auto-pause semantics (RAI-318) #21
• deps: migrate from git submodules to soldeer #237
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 19b72ad6-2c7c-469d-9ef6-60f3387988da

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/audit-low-style-refactor

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[hardyjosh]

Storage __gap carve-out folded into PR #238 (chore: remove MultiPyth) since the corp-actions stack head is the natural anchor. Remaining style/refactor work (LibOracleErrors hoist, project-namespaced remapping) deferred for Euler launch — defer because most of it is invasive churn touching every file.