fix(velodrome-v2-plugin): sync to okx + biz-type/strategy attribution (v0.1.4)

[GeoGu360]

Both mig-pre and okx at v0.1.3 but code diverged (9 files). Sync mig-pre to okx + biz-type/strategy attribution. Also rename SUMMARY.md '## How it Works' → '## Quick Start' (mig-pre E151 lint requirement). EVM-012 sweep deferred.

[github-actions]

🔨 Phase 2: Build Verification — ✅ PASSED

Plugin: velodrome-v2-plugin | Language: rust
Source: @

Compiled from developer source code by our CI. Users install our build artifacts.

Build succeeded. Compiled artifact uploaded as workflow artifact.

---

Source integrity: commit SHA `` is the content fingerprint.

[github-actions]

📋 Phase 3: AI Code Review Report — Score: 88/100

Plugin: velodrome-v2-plugin | Recommendation: ✅ Ready to merge

🔗 Reviewed against latest onchainos source code (live from main branch) | Model: claude-opus-4-7 via Anthropic API | Cost: ~516059+5123 tokens

This is an advisory report. It does NOT block merging. Final decision is made by human reviewers.

---

1. Plugin Overview

Field	Value
Name	velodrome-v2-plugin
Version	0.1.4
Category	defi-protocol
Author	GeoGu360 (GeoGu360)
License	MIT
Has Binary	Yes (with build config)
Risk Level	Medium (DeFi write operations on Optimism mainnet)

Summary: A Rust CLI plugin that wraps Velodrome V2 (classic AMM) operations on Optimism — swaps, liquidity provision/removal, position queries, and VELO gauge reward claiming. All on-chain writes are routed through onchainos wallet contract-call for TEE-sandboxed signing.

Target Users: DeFi users on Optimism who want to interact with Velodrome V2 volatile/stable pools through an AI agent.

2. Architecture Analysis

Components:

• Skill (SKILL.md + SUMMARY.md)
• Binary (Rust, 13 source files)

Skill Structure:
SKILL.md includes Pre-flight Dependencies (auto-injected), Quickstart, Pool Types, 7 Commands (quote, swap, pools, positions, add-liquidity, remove-liquidity, claim-rewards), supported tokens table, contract addresses, error handling, security notices, and data trust boundary section.

Data Flow:

1. User invokes plugin command
2. Plugin reads token addresses from hardcoded table or hex input
3. Plugin queries Optimism RPC (optimism-rpc.publicnode.com) via eth_call for read ops (pool addresses, reserves, allowances, decimals, gauge rewards)
4. For writes: builds raw calldata (selectors + ABI-encoded args), then shells out to onchainos wallet contract-call --force for signing/broadcasting
5. Returns JSON result with txHash

Dependencies:

• External RPC: optimism-rpc.publicnode.com (declared in api_calls)
• onchainos CLI (for wallet operations and signing)
• Contracts: Velodrome V2 Router, PoolFactory, Voter (Optimism mainnet)

3. Auto-Detected Permissions

onchainos Commands Used

Command Found	Exists in onchainos CLI	Risk Level	Context
onchainos wallet addresses	Yes (verified in source)	Low	Resolve EVM address for chain 10
onchainos wallet contract-call --force	Yes (verified in source)	High	Approve, swap, add/remove liquidity, claim rewards
onchainos --version	Yes	Low	Pre-flight

Wallet Operations

Operation	Detected?	Where	Risk
Read balance	Yes	rpc.rs (ERC-20 balanceOf, allowance)	Low
Send transaction	Yes	onchainos.rs wallet_contract_call (with --force)	High
Sign message	No		High
Contract call	Yes	All 7 command modules	High

External APIs / URLs

URL / Domain	Purpose	Risk
https://optimism-rpc.publicnode.com	Optimism RPC (eth_call only)	Low
https://api.github.com/repos/okx/plugin-store/contents/skills/velodrome-v2-plugin/plugin.yaml	Auto-injected version check	Low
https://github.com/okx/plugin-store/releases/...	Auto-injected binary download	Low (CI-managed)
https://raw.githubusercontent.com/okx/plugin-store/...	Auto-injected launcher.sh / update-checker.py	Low (CI-managed)

Chains Operated On

Optimism mainnet only (chain ID 10).

Overall Permission Summary

The plugin reads on-chain state via Optimism public RPC and broadcasts write transactions (approve, swap, addLiquidity, removeLiquidity, getReward) via onchainos wallet contract-call --force. It cannot read private keys (TEE-sandboxed signing). All token approvals are bounded to the exact required amount — no type(uint256).max. Recipient on swaps is always the connected wallet (no third-party recipient). All writes require explicit --confirm flag, with structured preview output before broadcast.

4. onchainos API Compliance

Does this plugin use onchainos CLI for all on-chain write operations?

Yes — all writes go through onchainos wallet contract-call.

On-Chain Write Operations (MUST use onchainos)

Operation	Uses onchainos?	Self-implements?	Detail
Wallet signing	✅	No	Via wallet contract-call
Transaction broadcasting	✅	No	Via wallet contract-call
DEX swap execution	✅	No	swap.rs builds calldata, onchainos signs
Token approval	✅	No	All approvals via contract-call
Contract calls	✅	No	All 7 commands route through onchainos
Token transfers	N/A	No	Not used

Data Queries (allowed to use external sources)

Data Source	API/Service Used	Purpose
optimism-rpc.publicnode.com	JSON-RPC eth_call	Pool lookups, reserves, balances, allowances, gauge earned

External APIs / Libraries Detected

• reqwest (HTTP client for RPC calls)
• Direct JSON-RPC to a single public endpoint, declared in api_calls

Verdict: ✅ Fully Compliant

5. Security Assessment

Static Rule Scan

Rule ID	Severity	Title	Matched?	Detail
M03	MEDIUM	third-party-content	No	Only one declared external endpoint (optimism-rpc.publicnode.com); used for RPC queries only, content is structured JSON-RPC
M07	MEDIUM	missing-untrusted-data-boundary	No	SKILL.md includes explicit "Data Trust Boundary" section declaring all API/RPC data as untrusted
M08	MEDIUM	external-data-field-passthrough	No	Each command's display section explicitly enumerates allowed fields (e.g., "Display: txHash (abbreviated), amountIn and amountOutMin (UI units with token symbol), stable")
H05	INFO	direct-financial	Yes	Plugin performs DEX swap execution; expected for a DeFi plugin

LLM Judge Analysis

Judge	Severity	Detected	Confidence	Evidence
L-PINJ	CRITICAL	No	0.95	No prompt injection patterns; CLI args are structured
L-MALI	CRITICAL	No	0.9	Behavior matches stated purpose (Velodrome V2 AMM operations)
L-MEMA	HIGH	No	0.95	No memory file writes
L-IINJ	INFO	Yes	0.95	Single declared endpoint (optimism-rpc.publicnode.com); boundary declared in SKILL.md → INFO
L-AEXE	INFO	No	0.9	Every write requires explicit --confirm; preview gate emits structured JSON before any wallet calls
L-FINA	INFO	Yes	0.95	Write+confirmation gate, balance/allowance pre-checks, bounded approvals; routed through TEE → INFO
L-FISO	N/A	N/A	N/A

Toxic Flow Detection

No toxic flows detected. TF006 (M07/M08 + H05) does NOT trigger because untrusted-data boundary is declared and field passthrough is enumerated in display rules.

Prompt Injection Scan

Reviewed source code and SKILL.md for instruction override / hidden behavior / base64 / invisible chars / system tag injection.

Result: ✅ Clean

Dangerous Operations Check

Plugin performs swaps, liquidity provision, and contract calls. Each command has:

1. A preview gate that emits structured JSON if --confirm is missing
2. Bounded approvals (exact amount, never unlimited)
3. Pool existence verification before write ops
4. Slippage protection (default 0.5%)
5. Recipient is always the connected wallet

Result: ✅ Safe

Data Exfiltration Risk

Single declared external endpoint (Optimism public RPC) used only for eth_call. No environment variables read, no SSH/AWS paths accessed, no curl-to-attacker patterns.

Result: ✅ No Risk

Overall Security Rating: 🟢 Low Risk

6. Source Code Security

Language & Build Config

Rust, entry point src/main.rs, binary name velodrome-v2-plugin.

Dependency Analysis

• clap v4 — well-maintained CLI parser
• tokio v1 — async runtime
• reqwest v0.12 — HTTP client
• serde / serde_json v1 — serialization
• anyhow v1 — error handling
• hex v0.4 — hex encoding

All standard, well-maintained crates. No suspicious or unmaintained deps.

Code Safety Audit

Check	Result	Detail
Hardcoded secrets (API keys, private keys, mnemonics)	✅	None found
Network requests to undeclared endpoints	✅	Only optimism-rpc.publicnode.com (declared in plugin.yaml)
File system access outside plugin scope	✅	None
Dynamic code execution (eval, exec, shell commands)	✅	Only Command::new("onchainos") for legitimate CLI integration
Environment variable access beyond declared env	✅	Only CARGO_PKG_NAME at compile time
Build scripts with side effects (build.rs, postinstall)	✅	No build.rs
Unsafe code blocks (Rust) / CGO (Go)	✅	No unsafe blocks

Does SKILL.md accurately describe what the source code does?

Yes. SKILL.md command list (quote, swap, pools, positions, add-liquidity, remove-liquidity, claim-rewards) matches src/commands/ modules exactly. Selectors documented in SKILL.md match those in src/config.rs. Contract addresses match.

Verdict: ✅ Source Safe

7. Code Review

Quality Score: 88/100

Dimension	Score	Notes
Completeness (pre-flight, commands, error handling)	23/25	All 7 commands documented with params/output/flow; pre-flight auto-injected; comprehensive error table
Clarity (descriptions, no ambiguity)	22/25	Clear pool type explanation; volatile vs stable distinction well-documented
Security Awareness (confirmations, slippage, limits)	23/25	Preview gate before any write; bounded approvals; slippage default; balance checks; data trust boundary section
Skill Routing (defers correctly, no overreach)	13/15	Routes to okx-defi-portfolio, okx-dex-swap, okx-dex-token correctly
Formatting (markdown, tables, code blocks)	9/10	Well-structured tables and code examples

Strengths

• Comprehensive --confirm gate on every write command with structured JSON preview
• Explicit "Data Trust Boundary" section addresses M07 directly
• Bounded approvals (exact amount, never unlimited) — actively rejects unlimited approval anti-pattern
• Display rules enumerate specific fields per command (mitigates M08)
• All write ops route through onchainos wallet contract-call --force — no self-implemented signing

Issues Found

• 🔵 Minor: Pre-flight version-check displays LOCAL_VER="0.1.3" while plugin.yaml declares version: "0.1.4" — minor version drift in the auto-injected block (CI will likely correct on next publish)
• 🔵 Minor: add-liquidity parse_human_amount is called twice on args.amount_b_desired (lines 51 and 58 of add_liquidity.rs) — second call uses raw value, redundant but not a bug

8. Language Check

File	Language Detected	English?
SKILL.md	English	✅
SUMMARY.md	English	✅

9. SUMMARY.md Review

Check	Result
File exists	✅
Written in English	✅
Has Overview section	✅
Has Prerequisites section	✅
Has Quick Start section	✅
Character count ≤ 17,000	✅ 1654 chars

11. Recommendations

1. Synchronize the auto-injected pre-flight LOCAL_VER with plugin.yaml version (cosmetic; CI may auto-fix).
2. Remove redundant parse_human_amount call in add_liquidity.rs line 51 (the value is reparsed at line 58).
3. Consider adding a --max-slippage cap or warning in add-liquidity when amount_b_min/amount_a_min are 0 (currently silently allows zero-min, which is risky for highly volatile pools — though slippage param is on swap only).
4. The hardcoded COMMON_PAIRS list in positions.rs could miss user pools — already mitigated by --pool and --token-a/--token-b overrides; consider documenting the limitation more prominently.

12. Reviewer Summary

One-line verdict: Well-structured Velodrome V2 plugin with strong security hygiene (preview gates, bounded approvals, declared trust boundaries) and full onchainos compliance.

Merge recommendation: ✅ Ready to merge

Blockers (if any):

No blockers found.

Suggested non-blocking improvements: align auto-injected LOCAL_VER with plugin.yaml version on next CI publish; remove the redundant parse_human_amount call in add-liquidity.

---

Generated by Claude AI via Anthropic API — review the full report before approving.

[plugin-store-bot]

✅ Phase 4: Publish Complete

Plugins: velodrome-v2-plugin

• ✅ Build: 9 architectures compiled
• ✅ Release: GitHub Release created
• ✅ Pre-flight: injected into SKILL.md
• ✅ Registry: registry.json updated
• ✅ Merged to main

View workflow run

---

Published by Plugin Store CI