Skip to content

[codex] Fix vault-state strategy validation#1243

Closed
rossgalloway wants to merge 1 commit into
release/26-04-17from
codex/validate-strategy-addresses
Closed

[codex] Fix vault-state strategy validation#1243
rossgalloway wants to merge 1 commit into
release/26-04-17from
codex/validate-strategy-addresses

Conversation

@rossgalloway

@rossgalloway rossgalloway commented May 19, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

  • Reject invalid strategy identifiers before vault-state RPC calldata is built
  • Share strategy address validation between the Vercel handler and local Bun API route
  • Cap vault-state strategy lists and cover invalid/oversized requests with focused tests
  • Add env-driven allowed preview hosts for private preview serving

Validation

  • bun run lint:fix
  • bun run tslint
  • bunx vitest run api/optimization/handlers.test.ts api/optimization/_lib/rpc.test.ts

@rossgalloway
Fix vault-state strategy validation
873ff15 
Reject malformed strategy identifiers before building vault-state RPC calldata.

- Share address validation between the Vercel and Bun vault-state routes

- Cap strategy list size before calling on-chain state fetches

- Add focused handler coverage for invalid and oversized strategy lists

- Allow preview hosts to be configured through environment variables
@vercel

vercel Bot commented May 19, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
yearnfi Ready Ready Preview, Comment May 19, 2026 10:43pm
1 Skipped Deployment
Project Deployment Actions Updated (UTC)
yearnfi-nextjs Ignored Ignored May 19, 2026 10:43pm

Request Review

@github-actions

github-actions Bot commented May 19, 2026
edited
Loading

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@rossgalloway rossgalloway marked this pull request as ready for review May 20, 2026 18:55
@rossgalloway rossgalloway requested a review from w84april May 20, 2026 19:34
@rossgalloway rossgalloway mentioned this pull request May 21, 2026
Open
@rossgalloway

rossgalloway commented May 21, 2026

Copy link
Copy Markdown
Collaborator Author

Closing this PR because it has been superseded by the grouped remediation flow.

The strategy validation work is now covered by the grouped Optimization API hardening remediation.

Replacement:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@w84april w84april Awaiting requested review from w84april

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rossgalloway