fix: require slasher to be zero address

ypatil12 · ypatil12 · commit 999b54b1484c · 2025-10-09T12:41:45.000-04:00
diff --git a/src/contracts/core/AllocationManager.sol b/src/contracts/core/AllocationManager.sol
@@ -269,6 +269,7 @@ contract AllocationManager is
     }
 
     /// @inheritdoc IAllocationManager
+    /// @notice This function will be deprecated in Early Q2 2026 in favor of `createOperatorSets` which takes in `CreateSetParamsV2`
     function createOperatorSets(address avs, CreateSetParams[] calldata params) external checkCanCall(avs) {
         createOperatorSets(avs, _convertCreateSetParams(params, avs));
     }
@@ -281,6 +282,16 @@ contract AllocationManager is
         }
     }
 
+    /// @inheritdoc IAllocationManager
+    /// @notice This function will be deprecated in Early Q2 2026 in favor of `createRedistributingOperatorSets` which takes in `CreateSetParamsV2`
+    function createRedistributingOperatorSets(
+        address avs,
+        CreateSetParams[] calldata params,
+        address[] calldata redistributionRecipients
+    ) external checkCanCall(avs) {
+        createRedistributingOperatorSets(avs, _convertCreateSetParams(params, avs), redistributionRecipients);
+    }
+
     /// @inheritdoc IAllocationManager
     function createRedistributingOperatorSets(
         address avs,
@@ -297,15 +308,6 @@ contract AllocationManager is
         }
     }
 
-    /// @inheritdoc IAllocationManager
-    function createRedistributingOperatorSets(
-        address avs,
-        CreateSetParams[] calldata params,
-        address[] calldata redistributionRecipients
-    ) external checkCanCall(avs) {
-        createRedistributingOperatorSets(avs, _convertCreateSetParams(params, avs), redistributionRecipients);
-    }
-
     /// @inheritdoc IAllocationManager
     function addStrategiesToOperatorSet(
         address avs,
@@ -338,9 +340,12 @@ contract AllocationManager is
     }
 
     /// @inheritdoc IAllocationManager
-    function setSlasher(OperatorSet memory operatorSet, address slasher) external checkCanCall(operatorSet.avs) {
+    function updateSlasher(OperatorSet memory operatorSet, address slasher) external checkCanCall(operatorSet.avs) {
         require(_operatorSets[operatorSet.avs].contains(operatorSet.id), InvalidOperatorSet());
-        _setSlasher({operatorSet: operatorSet, slasher: slasher, instantEffectBlock: false});
+        // Prevent updating a slasher if one is not already set
+        // A slasher is set either on operatorSet creation or, for operatorSets created prior to v1.9.0, via `migrateSlashers`
+        require(getSlasher(operatorSet) != address(0), SlasherNotSet());
+        _updateSlasher({operatorSet: operatorSet, slasher: slasher, instantEffectBlock: false});
     }
 
     /// @inheritdoc IAllocationManager
@@ -371,7 +376,7 @@ contract AllocationManager is
                 slasher = slashers[0];
             }
 
-            _setSlasher({operatorSet: operatorSets[i], slasher: slasher, instantEffectBlock: true});
+            _updateSlasher({operatorSet: operatorSets[i], slasher: slasher, instantEffectBlock: true});
         }
     }
 
@@ -528,7 +533,7 @@ contract AllocationManager is
         }
 
         // Update the slasher for the operator set
-        _setSlasher({operatorSet: operatorSet, slasher: params.slasher, instantEffectBlock: true});
+        _updateSlasher({operatorSet: operatorSet, slasher: params.slasher, instantEffectBlock: true});
     }
 
     /**
@@ -772,9 +777,9 @@ contract AllocationManager is
      * @param operatorSet the operator set to update the slasher for
      * @param slasher the new slasher
      * @param instantEffectBlock Whether the new slasher will take effect immediately. Instant if on operatorSet creation or migration function.
-     *        The new slasher will take `ALLOCATION_CONFIGURATION_DELAY` blocks to take effect if called by the `setSlasher` function.
+     *        The new slasher will take `ALLOCATION_CONFIGURATION_DELAY` blocks to take effect if called by the `updateSlasher` function.
      */
-    function _setSlasher(OperatorSet memory operatorSet, address slasher, bool instantEffectBlock) internal {
+    function _updateSlasher(OperatorSet memory operatorSet, address slasher, bool instantEffectBlock) internal {
         // Ensure that the slasher address is not the 0 address, which is used to denote if the slasher is not set
         require(slasher != address(0), InputAddressZero());
 
diff --git a/src/contracts/interfaces/IAllocationManager.sol b/src/contracts/interfaces/IAllocationManager.sol
@@ -63,6 +63,11 @@ interface IAllocationManagerErrors {
     error ModificationAlreadyPending();
     /// @dev Thrown when an allocation is attempted that exceeds a given operators total allocatable magnitude.
     error InsufficientMagnitude();
+
+    /// SlasherStatus
+
+    /// @dev Thrown when an operator set does not have a slasher set
+    error SlasherNotSet();
 }
 
 interface IAllocationManagerTypes {
@@ -373,6 +378,7 @@ interface IAllocationManager is IAllocationManagerErrors, IAllocationManagerEven
      * @notice Allows an AVS to create new operator sets, defining strategies that the operator set uses
      * @dev Upon creation, the address that can slash the operatorSet is the `avs` address. If you would like to use a different address,
      *      use the `createOperatorSets` method which takes in `CreateSetParamsV2` instead.
+     * @dev THIS FUNCTION WILL BE DEPRECATED IN EARLY Q2 2026 IN FAVOR OF `createOperatorSets` WHICH TAKES IN `CreateSetParamsV2`
      */
     function createOperatorSets(address avs, CreateSetParams[] calldata params) external;
 
@@ -390,6 +396,7 @@ interface IAllocationManager is IAllocationManagerErrors, IAllocationManagerEven
      *      Additionally, emits `RedistributionOperatorSetCreated` event instead of `OperatorSetCreated` for each created operator set.
      * @dev The address that can slash the operatorSet is the `avs` address. If you would like to use a different address,
      *      use the `createOperatorSets` method which takes in `CreateSetParamsV2` instead.
+     * @dev THIS FUNCTION WILL BE DEPRECATED IN EARLY Q2 2026 IN FAVOR OF `createRedistributingOperatorSets` WHICH TAKES IN `CreateSetParamsV2`
      */
     function createRedistributingOperatorSets(
         address avs,
@@ -439,11 +446,14 @@ interface IAllocationManager is IAllocationManagerErrors, IAllocationManagerEven
      * @param operatorSet the operator set to update the slasher for
      * @param slasher the new slasher
      * @dev The new slasher will take effect in DEALLOCATION_DELAY blocks
+     * @dev The slasher can only be updated if it has already been set. The slasher is set either on operatorSet creation or,
+     *      for operatorSets created prior to v1.9.0, via `migrateSlashers`
      * @dev Reverts for:
-     *      - InvalidOperatorSet: The operator set does not exist
      *      - InvalidCaller: The caller cannot update the slasher for the operator set
+     *      - InvalidOperatorSet: The operator set does not exist
+     *      - SlasherNotSet: The slasher has not been set yet
      */
-    function setSlasher(OperatorSet memory operatorSet, address slasher) external;
+    function updateSlasher(OperatorSet memory operatorSet, address slasher) external;
 
     /**
      * @notice Allows any address to migrate the slasher from the permission controller to the ALM
@@ -453,7 +463,7 @@ interface IAllocationManager is IAllocationManagerErrors, IAllocationManagerEven
      * @dev A migration can only be called once for a given operatorSet
      * @dev This function does not revert, it will no-op if:
      *      - The operator set does not exist
-     *      - The operator set has already been migrated
+     *      - The slasherhas already been set, either via migration or creation of the operatorSet
      */
     function migrateSlashers(
         OperatorSet[] memory operatorSets
diff --git a/src/test/harnesses/AllocationManagerHarness.sol b/src/test/harnesses/AllocationManagerHarness.sol
@@ -31,7 +31,7 @@ contract AllocationManagerHarness is AllocationManager {
         return deallocationQueue[operator][strategy].at(index);
     }
 
-    function setSlasherZero(OperatorSet memory operatorSet) external {
+    function setSlasherToZero(OperatorSet memory operatorSet) external {
         _slashers[operatorSet.key()] = SlasherParams(address(0), address(0), 0);
     }
 }
diff --git a/src/test/unit/AllocationManagerUnit.t.sol b/src/test/unit/AllocationManagerUnit.t.sol
@@ -1806,7 +1806,7 @@ contract AllocationManagerUnitTests_SlashOperator is AllocationManagerUnitTests
         // Update the slasher
         address appointee1 = address(0x1);
         cheats.prank(defaultAVS);
-        allocationManager.setSlasher(defaultOperatorSet, appointee1);
+        allocationManager.updateSlasher(defaultOperatorSet, appointee1);
 
         // Warp to just before the effect block of the slasher - fail to slash
         cheats.roll(block.number + ALLOCATION_CONFIGURATION_DELAY);
@@ -4224,9 +4224,9 @@ contract AllocationManagerUnitTests_createRedistributingOperatorSetsV2 is Alloca
     }
 }
 
-contract AllocationManagerUnitTests_SetSlasher is AllocationManagerUnitTests, IPermissionControllerErrors {
+contract AllocationManagerUnitTests_updateSlasher is AllocationManagerUnitTests, IPermissionControllerErrors {
     /// -----------------------------------------------------------------------
-    /// setSlasher() + getSlasher() + getPendingSlasher()
+    /// updateSlasher() + getSlasher() + getPendingSlasher()
     /// -----------------------------------------------------------------------
 
     /// @dev Thrown when the caller is not allowed to call a function on behalf of an account.
@@ -4242,13 +4242,36 @@ contract AllocationManagerUnitTests_SetSlasher is AllocationManagerUnitTests, IP
 
         cheats.prank(caller);
         cheats.expectRevert(InvalidPermissions.selector);
-        allocationManager.setSlasher(defaultOperatorSet, r.Address());
+        allocationManager.updateSlasher(defaultOperatorSet, r.Address());
+    }
+
+    function test_revert_invalidOperatorSet() public {
+        cheats.prank(defaultAVS);
+        cheats.expectRevert(InvalidOperatorSet.selector);
+        allocationManager.updateSlasher(OperatorSet(defaultAVS, 1), defaultAVS);
+    }
+
+    function test_revert_slasherNotSet() public {
+        cheats.prank(defaultAVS);
+
+        // Zero out the slasher address
+        allocationManager.setSlasherToZero(defaultOperatorSet);
+
+        cheats.prank(defaultAVS);
+        cheats.expectRevert(SlasherNotSet.selector);
+        allocationManager.updateSlasher(defaultOperatorSet, defaultAVS);
+    }
+
+    function test_revert_slasherZeroAddress() public {
+        cheats.prank(defaultAVS);
+        cheats.expectRevert(IPausable.InputAddressZero.selector);
+        allocationManager.updateSlasher(defaultOperatorSet, address(0));
     }
 
     function test_slasher_boundary(Randomness r) public rand(r) {
         address slasher = r.Address();
         cheats.prank(defaultAVS);
-        allocationManager.setSlasher(defaultOperatorSet, slasher);
+        allocationManager.updateSlasher(defaultOperatorSet, slasher);
         uint32 effectBlock = uint32(block.number + ALLOCATION_CONFIGURATION_DELAY + 1);
 
         // Warp to the allocation config delay - the slasher should still be the defaultAVS and the pending slasher should be the new slasher
@@ -4266,15 +4289,15 @@ contract AllocationManagerUnitTests_SetSlasher is AllocationManagerUnitTests, IP
         assertEq(returnedEffectBlock, 0, "effect block should be 0");
     }
 
-    function testFuzz_setSlasher(Randomness r) public rand(r) {
+    function testFuzz_updateSlasher(Randomness r) public rand(r) {
         address slasher = r.Address();
 
         // Set slasher
         cheats.expectEmit(true, true, true, true, address(allocationManager));
         uint32 effectBlock = uint32(block.number + ALLOCATION_CONFIGURATION_DELAY + 1);
         emit SlasherUpdated(defaultOperatorSet, slasher, effectBlock);
         cheats.prank(defaultAVS);
-        allocationManager.setSlasher(defaultOperatorSet, slasher);
+        allocationManager.updateSlasher(defaultOperatorSet, slasher);
 
         // Check values after set
         (address returnedSlasher) = allocationManager.getSlasher(defaultOperatorSet);
@@ -4294,13 +4317,13 @@ contract AllocationManagerUnitTests_SetSlasher is AllocationManagerUnitTests, IP
         assertEq(returnedEffectBlock, 0, "effect block should be 0");
     }
 
-    function test_fuzz_setSlasher_multipleTimesWithinConfigurationDelay(Randomness r) public rand(r) {
+    function test_fuzz_updateSlasher_multipleTimesWithinConfigurationDelay(Randomness r) public rand(r) {
         address firstSlasher = r.Address();
         address secondSlasher = r.Address();
 
         // Set slasher
         cheats.prank(defaultAVS);
-        allocationManager.setSlasher(defaultOperatorSet, firstSlasher);
+        allocationManager.updateSlasher(defaultOperatorSet, firstSlasher);
         (address pendingSlasher,) = allocationManager.getPendingSlasher(defaultOperatorSet);
         assertEq(pendingSlasher, firstSlasher, "pending slasher should be the first slasher");
 
@@ -4312,7 +4335,7 @@ contract AllocationManagerUnitTests_SetSlasher is AllocationManagerUnitTests, IP
         uint32 secondSlasherEffectBlock = uint32(block.number + ALLOCATION_CONFIGURATION_DELAY + 1);
         emit SlasherUpdated(defaultOperatorSet, secondSlasher, secondSlasherEffectBlock);
         cheats.prank(defaultAVS);
-        allocationManager.setSlasher(defaultOperatorSet, secondSlasher);
+        allocationManager.updateSlasher(defaultOperatorSet, secondSlasher);
 
         // Warp to effect block of first slasher
         cheats.roll(block.number + 1);
@@ -4336,14 +4359,14 @@ contract AllocationManagerUnitTests_SetSlasher is AllocationManagerUnitTests, IP
 
         // Set Slasher
         cheats.prank(defaultAVS);
-        allocationManager.setSlasher(defaultOperatorSet, firstSlasher);
+        allocationManager.updateSlasher(defaultOperatorSet, firstSlasher);
 
         // Warp to effect block of first slasher
         cheats.roll(block.number + ALLOCATION_CONFIGURATION_DELAY + 1);
 
         // Set slasher again
         cheats.prank(defaultAVS);
-        allocationManager.setSlasher(defaultOperatorSet, secondSlasher);
+        allocationManager.updateSlasher(defaultOperatorSet, secondSlasher);
 
         // Assert that first slasher is the current slasher
         (address returnedSlasher) = allocationManager.getSlasher(defaultOperatorSet);
@@ -4374,7 +4397,7 @@ contract AllocationManagerUnitTests_migrateSlashers is AllocationManagerUnitTest
 
         // Manually set the slasher of the defaultAVS to be address(0)
         // Given that the slasher is already set to the defaultAVS, we need to manually update so that the `migrateSlashers` function will not noop
-        allocationManager.setSlasherZero(defaultOperatorSet);
+        allocationManager.setSlasherToZero(defaultOperatorSet);
     }
 
     function test_noop_invalidOperatorSet() public {
@@ -4492,28 +4515,6 @@ contract AllocationManagerUnitTests_migrateSlashers is AllocationManagerUnitTest
         _assertNothingPending(defaultOperatorSet);
     }
 
-    /**
-     * @notice Test for when an AVS sets the slasher first and then a migration occurs
-     * @dev This is a known race condition. Migration will take precedence over setting a slasher
-     *      via `setSlasher`. The operatorSet should wait until the migration is complete before setting a slasher.
-     */
-    function test_setSlasher_migrate() public {
-        // Set the slasher
-        cheats.prank(defaultAVS);
-        allocationManager.setSlasher(defaultOperatorSet, appointee1);
-
-        // Set the slasher in the permission controller
-        cheats.prank(defaultAVS);
-        permissionController.setAppointee(defaultAVS, appointee2, address(allocationManager), allocationManager.slashOperator.selector);
-
-        // Migrate the slasher
-        allocationManager.migrateSlashers(defaultOperatorSet.toArray());
-
-        // The slasher should be set to the second appointee
-        assertEq(allocationManager.getSlasher(defaultOperatorSet), appointee2, "slasher should be the second appointee");
-        _assertNothingPending(defaultOperatorSet);
-    }
-
     function testFuzz_migrateSlashers_Correctness(Randomness r) public rand(r) {
         address avs = r.Address();
         uint numOpSets = r.Uint256(1, FUZZ_MAX_OP_SETS);
@@ -4536,7 +4537,7 @@ contract AllocationManagerUnitTests_migrateSlashers is AllocationManagerUnitTest
 
         // Set slashers to zero address on all previously create opSets so we can migrate them
         for (uint i = 0; i < numOpSets; ++i) {
-            allocationManager.setSlasherZero(operatorSets[i]);
+            allocationManager.setSlasherToZero(operatorSets[i]);
         }
 
         // Expect event emits

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ contract AllocationManagerHarness is AllocationManager {`
`31`	`31`	`return deallocationQueue[operator][strategy].at(index);`
`32`	`32`	`}`
`33`	`33`
`34`		`- function setSlasherZero(OperatorSet memory operatorSet) external {`
	`34`	`+ function setSlasherToZero(OperatorSet memory operatorSet) external {`
`35`	`35`	`_slashers[operatorSet.key()] = SlasherParams(address(0), address(0), 0);`
`36`	`36`	`}`
`37`	`37`	`}`