fix(audit-low): close 2 hazard-surface findings

[hardyjosh]

• [A16-3] [LOW] foundry submodule lock mismatch: lib/st0x.deploy expected 766b468f but local is 99552486 #146 CONFIG-SUBMODULE-LOCK: regenerate foundry.lock to align with
  the working-tree pointer for lib/st0x.deploy (99552486...). Prior
  state had foundry.lock pinned to 766b468f... while .gitmodules
  resolved to 99552486..., producing a build warning on every nix
  invocation. The working-tree pointer is what the code is actually
  compiled against, so the lock is updated to match it (not the
  other way around).
• [H9] [LOW] Deployment suite name strings duplicated between manual-sol-artifacts.yaml and Deploy.sol; typo silently routes to revert #214 HAZARD-CROSS-FILE-SYNC: add .github/workflows/suite-names-sync.yaml
  (Option B in the issue — the simpler fence). The workflow extracts the
  deployment-suite names from script/Deploy.sol's keccak256("...")
  preimages and compares them against the operator-facing dropdown's
  options: list in .github/workflows/manual-sol-artifacts.yaml. If the
  two lists diverge, CI fails with a diff and a hint pointing at both
  files. This catches both typos and missing-entry drift in the same
  PR that introduces them, instead of at deploy time as a "Unknown
  deployment suite" revert. Chosen over Option A (generated source of
  truth) because it ships in one workflow file with no new build
  step, no jq dependency, and the existing duplication in Deploy.sol
  stays readable as plain Solidity.

forge build no longer warns about the revision mismatch. nix CI green
(forge fmt no-op, rainix-sol-static clean, rainix-sol-legal clean, 169
tests pass under the standard --no-match-contract exclusions).

Closes #146, #214.

Co-Authored-By: Claude Opus 4.7 noreply@anthropic.com

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 65783647-cb4c-4802-948a-011586b425e0

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/audit-low-hazard-followups

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[hardyjosh]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• fix(subgraph): update PythOracleAdapterInitialized event signatures for pauseConfig #234
• fix(audit-low): close 2 hazard-surface findings #233 👈 (View in Graphite)
• test(audit-low): coverage sweep 2 — 15 LOW test findings in one pass #232
• refactor(audit-low): style + refactor sweep — ~22 LOW findings #231
• fix(audit-low): code-correctness sweep — 10 LOW findings in one pass #230
• test(audit): close 10 MEDIUM test-coverage gaps in one sweep #228 : 1 other dependent PR (#229 )
• fix(morpho): require 8-decimal upstream oracle (audit #187) #224 : 2 other dependent PRs (#225 , #227 )
• refactor(interface): rename to AggregatorV2V3Interface + add getRoundData #222 : 1 other dependent PR (#223 )
• chore: remove MultiPythOracleAdapter for Euler launch #238
• docs: README refresh + integrator notes for corporate-action auto-pause (RAI-325) #26 : 1 other dependent PR (#221 )
• feat(deploy): thread CorporateActionPauseConfig through unified deployers (RAI-322) #25
• test: auto-pause revert propagation through protocol adapters (RAI-321) #24
• feat(oracle): wire corporate-action auto-pause into BasePythOracleAdapter (RAI-320) #23
• feat(lib): LibCorporateActionsPause reader helper (RAI-319) #22
• docs(spec): corporate-action-aware auto-pause semantics (RAI-318) #21
• deps: migrate from git submodules to soldeer #237
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[hardyjosh]

Deferred for Euler launch. The foundry.lock alignment is moot post-soldeer; the suite-names CI drift check is non-blocking.