Calculated-context panic, signer row mask, take/clear guard ordering (#2667, #2653, #2671)

[thedavidmeister]

Contract-correctness + error-quality batch (#2667, #2653, #2671)

Four localized in-repo fixes to RaindexV6 / LibRaindexSubParser, each
mutation-validated against the pre-fix bytecode (every test fails with the old
opaque revert and passes with the fix). Because RaindexV6 bytecode moves, this
PR also carries the redeploy cascade: regenerated pointers/artifacts, the
pre-pinned _0_1_7 deploy-constant suite, and refreshed start-block bookkeeping.

Fixes

• subparser calculated-max-output()/calculated-io-ratio() revert Panic(0x32) in the calculate entrypoint instead of returning 0 per NatSpec #2667 — calculated-max-output() / calculated-io-ratio() panic during calculate.
  calculateOrderIO never seeded the calculations context column before the
  calculate eval (it is populated only afterward, for handle IO), so reading
  those words during calculate hit a Solidity out-of-bounds bounds-check and
  reverted Panic(0x32) instead of returning 0 per their NatSpec. The column is
  now seeded with a zero-filled array of the right length before the eval; the
  real values still overwrite it afterward.
  Test: RaindexV6.takeOrder.calculationsContext.t.sol.

• signers subparser word uses the raw operand as row without & 0xFF masking (unlike signed-context) #2653 — signer<n>() row operand unmasked. subParserSigners passed the
  raw operand as the row while the sibling signed-context word masks it to a
  byte. An operand > 255 therefore overflowed the context grid
  (ContextGridOverflow). The row is now masked with & 0xFF, matching
  signed-context. Test: signers.t.sol::testSubParserContextSignerRowLowByte.

• Error-quality + NatSpec-accuracy bundle (OOB->Panic 0x32, clear revert ordering, stale clear/LibOpContext/quote2 NatSpec) #2671 item 1 — takeOrders4 zero-max with an out-of-range IO index. The
  ZeroMaximumIO guard ran after the order's validInputs[inputIOIndex]
  dereference, so a zero max with an out-of-range index reverted Panic(0x32)
  instead of the typed error. The guard now runs before the dereference.
  Test: RaindexV6.takeOrder.zeroMaxOOBIndex.t.sol.

• Error-quality + NatSpec-accuracy bundle (OOB->Panic 0x32, clear revert ordering, stale clear/LibOpContext/quote2 NatSpec) #2671 item 2 — clear3 negative bounty pre-empted by a vault settlement
  revert. The NegativeBounty guard ran after the vault settlement, so a
  spread with a vault-0 input and zero ambient balance reverted
  ERC20InsufficientBalance from the vault-0 push before the explicit guard. The
  guard now runs before any settlement. Test:
  RaindexV6.takeOrder.vaultZeroInput.t.sol::testClearNegativeBountyVaultZeroRevertsNegativeBounty.

Not in this PR (flagged for follow-up)

• Error-quality + NatSpec-accuracy bundle (OOB->Panic 0x32, clear revert ordering, stale clear/LibOpContext/quote2 NatSpec) #2671 item 3 (clear3 zero-ratio DivisionByZero(-1,0) → a semantic error)
  and items 4–6 (NatSpec / interface-doc accuracy) — the error-type and
  interface-doc changes are a separate decision.
• addOrder4 does not revert OrderNoSources/OrderNoHandleIO though the IRaindexV6 NatSpec says it MUST (dead selectors) #2652 (addOrder OrderNoSources / OrderNoHandleIO dead selectors) — the
  selectors and NatSpec live in the published raindex-interface package; the
  in-repo alternative is a behavior change against existing passing tests.

Cascade

Regenerated pointers + derived artifacts, pre-pinned the _0_1_7 constant suite
(testAllPublishedSoldeerTagsHaveAFullConstantSuite), and refreshed
RAINDEX_START_BLOCK_* / networks.json / subgraph.yaml after the redeploy.

Summary by CodeRabbit

• Bug Fixes

  • Fixed signer row selection to use only the operand's low byte.
  • Added upfront validation for maximum IO configurations to prevent invalid states.
  • Moved negative bounty verification earlier in the settlement process.

• New Features

  • Added deployment constants for version 0.1.7 across all Raindex contracts.

[coderabbitai]

Warning

Review limit reached

@thedavidmeister, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 30 minutes and 14 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2ab099e8-497b-4e93-a65e-0a88033ecdf8

📥 Commits

Reviewing files that changed from the base of the PR and between 0bca7bb and dd7cb33.

📒 Files selected for processing (3)

• src/lib/deploy/LibRaindexDeploy.sol
• subgraph/networks.json
• subgraph/subgraph.yaml

📝 Walkthrough

Walkthrough

This PR introduces the 0.1.7 release for Raindex with three core behavioral improvements to RaindexV6, a signer-operand masking fix, new deployment constants, updated bytecode fixtures, and comprehensive test coverage validating all changes.

Changes

Raindex 0.1.7 Release: Behavioral Fixes and Deployment

Layer / File(s)	Summary
Zero Maximum IO Guard Optimization in takeOrders4 src/concrete/raindex/RaindexV6.sol, test/concrete/raindex/RaindexV6.takeOrder.zeroMaxOOBIndex.t.sol	Added upfront validation in takeOrders4 that reverts with ZeroMaximumIO when config.maximumIO is not strictly positive, eliminating redundant per-loop checks. Imported CONTEXT_CALCULATIONS_ROWS constant. Test verifies guard triggers even with out-of-range inputIOIndex.
Negative Bounty Check Repositioning in clear3 src/concrete/raindex/RaindexV6.sol, test/concrete/raindex/RaindexV6.takeOrder.vaultZeroInput.t.sol	Relocated the "negative bounty" spread check in clear3 to execute before vault settlement, using clearStateChange deltas to determine early revert. Removed the previous bounty-only check location from the settlement block. Test confirms revert for vault-0 cross-trades with negative bounty.
Calculations Context Seeding in calculateOrderIO src/concrete/raindex/RaindexV6.sol, test/concrete/raindex/RaindexV6.takeOrder.calculationsContext.t.sol	Pre-initialized the calculations column in the interpreter calling context with a zero-filled bytes32[] sized by CONTEXT_CALCULATIONS_ROWS, ensuring calculated-field reads during eval do not fail out-of-bounds. Test verifies calculated words read as zero during calculate phase without reverting.
SubParser Signer Operand Low-Byte Masking src/lib/LibRaindexSubParser.sol, test/concrete/parser/RaindexV6SubParser.signers.t.sol	Changed subParserSigners to derive the signer-row index from only the low 8 bits of operand (operand & 0xFF), fixing operand-routing consistency. Test confirms operand 256 correctly resolves to signer-row 0 via low-byte masking.
Deployment Constants for 0.1.7 Release src/lib/deploy/LibRaindexDeploy.sol	Added pinned address and bytes32 code-hash constants for six Raindex contracts (RaindexV6, RaindexV6SubParser, RouteProcessor4, GenericPoolRaindexV6ArbOrderTaker, RouteProcessorRaindexV6ArbOrderTaker, GenericPoolRaindexV6FlashBorrower) to track 0.1.7 release deployment.
Updated Bytecode Fixtures for 0.1.7 crates/test_fixtures/abis/RaindexV6.json, crates/test_fixtures/abis/RaindexV6SubParser.json	Updated compiled bytecode objects in ABI JSON fixtures to reflect the 0.1.7 release build, with ABI signatures unchanged.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• rainlanguage/raindex#2653: The change to LibRaindexSubParser.subParserSigners (masking operand with 0xFF) directly fixes the reported inconsistency in signer-operand derivation.

Possibly related PRs

• rainlanguage/raindex#2635: Operand-driven signer-row routing tests validate the same low-byte masking behavior introduced in this PR.
• rainlanguage/raindex#2683: Both PRs add pinned deployment constants to LibRaindexDeploy.sol for different release tags in the same contract area.
• rainlanguage/raindex#2644: Both PRs modify clear3 settlement/ordering logic in RaindexV6.sol, with this PR moving the NegativeBounty check earlier.

Suggested reviewers

• hardyjosh
• 0xgleb

Poem

🐰 A rabbit hops through the release,
Three guards make the logic more neat,
Bytecode and constants align,
Tests verify each design—
Zero-max, bounties, context complete! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: fixes for calculated-context panic, signer row masking, and guard ordering in take/clear operations, all referenced by the included issue numbers.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 2026-06-10-contract-doc-batch

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[thedavidmeister]

this is not correct

IO is valid as zero

consider the case of claims, the sender of the claim needs to be able to accept 0 input for the outgoing claim, the receiver of the claim needs to be able to send 0 and receive the claim

there needs to be comprehensive test coverage around this case at least

[thedavidmeister]

Split into 4 independently-reviewable PRs per request — one issue + one mutation-validated fix each, all rebased on current main (post-#2701): #2735 calc-context-panic (#2667), #2734 signer-row-mask (#2653), #2736 zeromax-OOB-ordering (#2671 item 1), #2732 negbounty-ordering (#2671 item 2). Closing this bundle in favour of those so each can be reviewed individually.