Skip to content

fix(py): approve_attack_request + vyper verify version & query-ABI duplication#18

Open
Equious wants to merge 1 commit into
Cyfrin:mainfrom
Equious:fix/py-safe-harbor-parity
Open

fix(py): approve_attack_request + vyper verify version & query-ABI duplication#18
Equious wants to merge 1 commit into
Cyfrin:mainfrom
Equious:fix/py-safe-harbor-parity

Conversation

@Equious

@Equious Equious commented Jun 26, 2026

Copy link
Copy Markdown

Three battlechain-lib-py correctness fixes, all found and verified live on testnet while exercising the vyper-template flow end-to-end.

1. approve_attack_request (new) — Python↔JS parity

JS exposes approveAttackRequest; Python had no equivalent, so the vyper-template flow could never reach UNDER_ATTACK. Adds:

  • safe_harbor.approve_attack_request(agreement) — self-approves via the permissionless testnet MockRegistryModerator (ATTACK_REQUESTED → UNDER_ATTACK); raises on non-testnet (mainnet approval is real DAO governance).
  • config.mock_registry_moderator_address() resolver + a _boa loader.
  • Root cause of the missing ABI: tools/gen_abi.py's ARTIFACTS map omitted registryModerator, so MOCK_REGISTRY_MODERATOR_ABI was never generated. Added the mapping and regenerated.

Verified live: approve_attack_request moved a real agreement to UNDER_ATTACK (3).

2. verify_contract sent a malformed vyper version

It submitted v0.4.3 — a bare version with a spurious v. The explorer's Sourcify verifier fetches the compiler by version and needs the full 0.4.3+commit.<hash> with no leading v; a bare version 404s:

✗ Verification failed: Compiler error. Failed fetching vyper 0.4.3 for platform linux.

Since the lib only supports vyper-json, Vyper verification never worked. Added _resolve_vyper_version() to derive the full X.Y.Z+commit.<hash> from the vyper releases mirror (same source the explorer UI uses; vyper doesn't expose its commit hash at runtime). Falls back gracefully on lookup failure.

Verified live: MockToken 0x1ce3…332E✅ Verified.

3. ATTACK_REGISTRY_QUERY_ABI produced duplicate entries

It concatenated hand-written copies of getAgreementState / getAgreementForContract / isTopLevelContractUnderAttack onto ATTACK_REGISTRY_ABI — which (since the ABI was regenerated to include the read methods) already contains them. boa then raised Ambiguous call to getAgreementState, breaking all three on-chain query helpers + check_state. Now a plain alias of ATTACK_REGISTRY_ABI.

Verified live: check_state returns UNDER_ATTACK (3).

ruff clean; 33/33 tests pass.

🤖 Generated with Claude Code

…y-ABI duplication

Three correctness fixes to battlechain-lib-py, found while verifying the
vyper-template flow live on testnet:

1. approve_attack_request (new) — mirrors JS `approveAttackRequest`. Self-approves a
   pending attack request via the permissionless testnet MockRegistryModerator
   (ATTACK_REQUESTED -> UNDER_ATTACK); raises on non-testnet. Adds the
   `mock_registry_moderator_address` resolver, a `_boa` loader, and emits the
   `MOCK_REGISTRY_MODERATOR_ABI` (the gen_abi ARTIFACTS map was missing
   `registryModerator`, so the ABI was never generated — the root cause).

2. verify_contract vyper version — it sent a bare `v0.4.3`, but the explorer's
   Sourcify verifier needs the full `0.4.3+commit.<hash>` (and no leading `v`) to
   fetch the compiler; a bare version 404s ("Failed fetching vyper 0.4.3 for
   platform linux"). Vyper verification never worked. Add `_resolve_vyper_version`
   to derive the full version from the vyper releases mirror (as the explorer UI does).

3. query ABI duplication — `ATTACK_REGISTRY_QUERY_ABI` concatenated hand-written
   copies of getAgreementState/getAgreementForContract/isTopLevelContractUnderAttack
   onto an ATTACK_REGISTRY_ABI that (after regeneration) already contains them,
   so boa raised "Ambiguous call to getAgreementState". It's now an alias.

All three verified live on testnet (approve -> UNDER_ATTACK; MockToken verified;
check_state returns UNDER_ATTACK). ruff clean, 33 tests pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant