Skip to content

feat(b20): cap supply cap at uint128.max#164

Merged
ilikesymmetry merged 1 commit into
mainfrom
feat/b20-max-supply-cap
Jun 11, 2026
Merged

feat(b20): cap supply cap at uint128.max#164
ilikesymmetry merged 1 commit into
mainfrom
feat/b20-max-supply-cap

Conversation

@ilikesymmetry

@ilikesymmetry ilikesymmetry commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

Introduces an upper bound on the B-20 supply cap: it may never be set above type(uint128).max. Because mint already rejects any totalSupply above the cap, this also guarantees totalSupply can never exceed type(uint128).max.

type(uint128).max becomes the new unbounded ("no cap") sentinel, replacing type(uint256).max.

No new error: the existing InvalidSupplyCap is reused for the above-maximum case (its scope now covers both out-of-range directions — below current supply and above the maximum).

Changes

  • B20Constants: added MAX_SUPPLY_CAP = type(uint128).max as the canonical ceiling / unbounded sentinel, alongside the existing MAX_* limits.
  • IB20: InvalidSupplyCap notice broadened to cover both out-of-range directions; supplyCap() / updateSupplyCap() natspec updated for the uint128.max ceiling.
  • MockB20: mirrors MAX_SUPPLY_CAP from B20Constants; updateSupplyCap reverts InvalidSupplyCap when newSupplyCap < currentSupply || newSupplyCap > MAX_SUPPLY_CAP.
  • MockB20Factory: writes the default bootstrap cap as B20Constants.MAX_SUPPLY_CAP.

Tests

  • test_updateSupplyCap_revert_aboveMaximum (expects InvalidSupplyCap) and test_updateSupplyCap_success_atMaximum (inclusive boundary).
  • test_createB20_success_assetSupplyCapDefaultsToMax: asserts a factory-created token's supplyCap() is seeded to MAX_SUPPLY_CAP at creation (paired surface + slot, fuzzed caller/salt). The surface assertion runs against the real precompile under LIVE_PRECOMPILES, so fork mode catches a precompile that fails to seed the cap at creation.
  • Bounded minted/setup amounts to B20Constants.MAX_SUPPLY_CAP (replacing hardcoded type(uint128).max) across the mint / transfer / transferFrom / burn / burnBlocked / memo / storage suites, so the ceiling is referenced through a single named constant.

Result: 625 pass / 0 fail / 4 skipped (pre-existing LIVE_PRECOMPILES-gated). forge fmt clean. MockB20.sol 100% coverage; overall branch coverage 100%.

Note on Rust parity

base-std mirrors the Rust precompile. This adds a uint128.max supply-cap ceiling that should be confirmed against the Rust implementation before merge — if Rust does not enforce the same ceiling, the fork tests will diverge.

@github-actions

github-actions Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown

Interface Coverage

✅ All interface functions have test coverage.

@github-actions

github-actions Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown

📊 Forge Coverage (src/lib/)

🟡 ≥95% across all metrics — some metrics below 99%.

File Lines Stmts Branches Funcs
🟢 B20FactoryLib.sol 100.00% 100.00% 100.00% 100.00%
🔴 test/lib/ForceFeeder.sol 0.00% 0.00% 100.00% 0.00%
🔴 test/lib/PrecompileProbe.sol 0.00% 0.00% 0.00% 0.00%
🟢 MockActivationRegistry.sol 100.00% 100.00% 100.00% 100.00%
🟢 MockActivationRegistryStorage.sol 100.00% 100.00% 100.00% 100.00%
🟢 MockB20.sol 100.00% 100.00% 100.00% 100.00%
🟢 MockB20Asset.sol 100.00% 100.00% 100.00% 100.00%
🟡 MockB20Factory.sol 98.96% 99.10% 100.00% 100.00%
🟢 MockB20Stablecoin.sol 100.00% 100.00% 100.00% 100.00%
🟢 MockB20Storage.sol 100.00% 100.00% 100.00% 100.00%
🟢 MockPolicyRegistry.sol 100.00% 100.00% 100.00% 100.00%
🟢 MockPolicyRegistryStorage.sol 100.00% 100.00% 100.00% 100.00%
Total 96.69% 97.23% 98.39% 96.89%

Full report: download artifact. To browse locally: make coverage (runs forge coverage + genhtml + opens the HTML report).

@ilikesymmetry ilikesymmetry force-pushed the feat/b20-max-supply-cap branch from 69fe3be to fc9da12 Compare June 11, 2026 15:00
@github-actions

github-actions Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown

⚠️ Fork tests: 6 failed, 613 passed

These failures indicate divergences where base/base needs to catch up to the base-std spec. This check is advisory and does not block merging.

Failing tests
  • test_createB20_success_assetSupplyCapDefaultsToMax(address,bytes32): fresh token supply cap must be MAX_SUPPLY_CAP: 115792089237316195423570985008687907853269984665640564039457584007913129639935 != 340282366920938463463374607431768211455; counterexample: calldata=0x3ed196a00000000000000000000000002910293c7718e076e828390aef05af92d5444b7697843c68c58286699d96b7187b8a9004522d4c6aa63bcd6707dbc4992d75dd62 args=[0x2910293C7718e076E828390aeF05aF92D5444B76, 0x97843c68c58286699d96b7187b8a9004522d4c6aa63bcd6707dbc4992d75dd62]
  • test_updateSupplyCap_revert_aboveMaximum(uint256): next call did not revert as expected; counterexample: calldata=0x9901da480000000000000000000000000000000000000000000000003078aff61b307e1c args=[3492734982578798108 [3.492e18]]
    [FAIL: fresh token must start with unbounded cap: 115792089237316195423570985008687907853269984665640564039457584007913129639935 != 340282366920938463463374607431768211455] test_supplyCap_success_returnsCreationCap() (gas: 10663)

@ilikesymmetry ilikesymmetry changed the title feat(b20): cap supply cap at uint128.max via SupplyCapAboveMaximum feat(b20): cap supply cap at uint128.max Jun 11, 2026
@ilikesymmetry ilikesymmetry force-pushed the feat/b20-max-supply-cap branch from fc9da12 to f16f362 Compare June 11, 2026 15:11
@ilikesymmetry @claude
feat(b20): cap supply cap at uint128.max
f44597c 
Introduce an upper bound on the B-20 supply cap: it may never be set
above type(uint128).max. Because mint rejects any totalSupply above the
cap, this also bounds totalSupply to type(uint128).max.

- B20Constants: add MAX_SUPPLY_CAP = type(uint128).max as the canonical
  ceiling (and unbounded sentinel), alongside the existing MAX_* limits.
- IB20: document the ceiling on supplyCap() / updateSupplyCap(), with
  uint128.max now the unbounded ("no cap") sentinel. InvalidSupplyCap is
  reused for the above-maximum case (its notice now covers both
  out-of-range directions); no new error.
- MockB20: mirror MAX_SUPPLY_CAP from B20Constants and reject
  newSupplyCap < currentSupply || newSupplyCap > MAX_SUPPLY_CAP with
  InvalidSupplyCap.
- MockB20Factory: write the default bootstrap cap as
  B20Constants.MAX_SUPPLY_CAP.

Tests: add the above-maximum revert (InvalidSupplyCap), the inclusive
at-maximum boundary, and a factory-creation test asserting a fresh
token's supplyCap is seeded to MAX_SUPPLY_CAP (surface + slot, fuzzed
caller/salt) so fork mode catches a precompile that misses it. Bound
minted amounts to B20Constants.MAX_SUPPLY_CAP across the
mint/transfer/burn/memo/storage suites (replacing hardcoded
type(uint128).max) so the ceiling is referenced via a single constant.

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>
@ilikesymmetry ilikesymmetry force-pushed the feat/b20-max-supply-cap branch from f16f362 to f44597c Compare June 11, 2026 15:18
@ilikesymmetry ilikesymmetry marked this pull request as ready for review June 11, 2026 15:21
@ilikesymmetry ilikesymmetry merged commit 9b246ae into main Jun 11, 2026
10 checks passed
@ilikesymmetry ilikesymmetry deleted the feat/b20-max-supply-cap branch June 11, 2026 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@refcell refcell refcell approved these changes

@stevieraykatz stevieraykatz Awaiting requested review from stevieraykatz stevieraykatz is a code owner

@amiecorso amiecorso Awaiting requested review from amiecorso amiecorso is a code owner

@eric-ships eric-ships Awaiting requested review from eric-ships eric-ships is a code owner

@rayyan224 rayyan224 Awaiting requested review from rayyan224 rayyan224 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ilikesymmetry @refcell