refactor(pool): apply CEI ordering for transfers; ci: fork-safe tlin_check #883
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Reorder internal state updates before cross-contract calls in: - safeTransfer: update balances before SafeGRC20Transfer - safeTransferFrom: update balances before SafeGRC20TransferFrom - collectProtocol: update balances before token transfers Applies checks-effects-interactions pattern for better security practices.
Use actions/checkout with PR head repo/ref and fetch-depth: 0
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0
Fixes checkout failure when the branch doesn’t exist in the base repo (forked PRs)
No behavior changes to the job; improves CI reliability for external contributors
codinghistorian
changed the title
codinghistorian
changed the title
|
I tagged refactor to not sound alarming but it's actually a security best practice for smart contract. https://www.nethermind.io/blog/best-practices-for-writing-secure-smart-contract-code |
notJoon
approved these changes
Sep 29, 2025
|
Thanks for the review! I’m glad the CEI pattern is being considered — even if this PR doesn’t get merged, I’m happy it might help shape future improvements. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
refactor(pool): apply checks-effects-interactions (CEI)
pool/transfer.gno: update internal balances before external SafeGRC20Transfer/SafeGRC20TransferFrom
pool/pool.gno: update balances before external transfers in collectProtocol
Rationale: clearer invariants and consistent ordering; easier to reason about
Behavior: no functional change intended
ci(tlin): support forked PRs
.github/workflows/tlin_check.yml: checkout PR head repo/ref with fetch-depth: 0
Resolves checkout issues when branch isn’t on the base repo
Validation
Compiles and formats cleanly (gno fmt)
All CI checks passed for this PR