Split predict redeem by authority (owner vs permissionless)#1064
Draft
emmazzz wants to merge 1 commit into
Draft
Split predict redeem by authority (owner vs permissionless)#1064emmazzz wants to merge 1 commit into
emmazzz wants to merge 1 commit into
Conversation
redeem previously carried three authority models selected by control flow: liquidated/settled branches were permissionless, the live branch owner-only, with the gate buried inside redeem_live_internal and invisible from the signature. Hoist the owner check to a now owner-gated redeem, and add a name-explicit redeem_permissionless for keeper-driven settled/liquidated finalization of any manager (pays the manager, never the caller; aborts on a live order). Lifecycle dispatch moves into a private redeem_internal; the redundant owner check in redeem_live_internal is removed. Adds ENotPermissionlesslyRedeemable. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
expiry_market::redeemcarried three different authority models selected by control flow — the liquidated and settled branches were permissionless, the live branch was owner-only — with the owner check buried insideredeem_live_internal. The public signature gave no hint that the function was sometimes keeper-callable.redeemowner-gated at the entry (hoistmanager.assert_owner); it handles the owner's own live / settled / liquidated closes.redeem_permissionlessfor keeper-driven finalization of any manager's settled or liquidated order. It pays the manager (never the caller) and aborts on a live order.redeem_internal; drop the now-redundant owner check inredeem_live_internal.ENotPermissionlesslyRedeemableabort code.Key decisions
redeemowner /redeem_permissionlesskeeper) rather than three lifecycle entrypoints: authority now maps to the function name, and no single function contains branches with differing authority. The owner path still handles the owner's own settled/liquidated orders for convenience.redeem_permissionlessdropsclose_quantity/pyth/clock— it is always a full close and runs no liquidation pass, finalizing only already-terminal (settled or tombstoned) orders. The keeper flow isliquidate(to tombstone underwater orders) thenredeem_permissionless(to clear them).mainindependent of the live-pricing-context PR (per request). The two editexpiry_market.moveand will need a rebase when the first merges.Test plan
sui move test --path packages/predict --gas-limit 100000000000— 449 passed, 0 failedredeem_permissionless_settles_for_non_owner— non-owner finalizes a settled order; position cleared, returned id matchesredeem_permissionless_live_order_aborts—ENotPermissionlesslyRedeemableon a live orderredeem_by_non_owner_aborts—predict_manager::ENotOwneron the owner-gatedredeemplp_rebate_flow_tests.move🤖 Generated with Claude Code