Address feedback #2 (#419)

* close_bid_wall should return funds to authority always

* set bid wall fee recipient to metadao multisig vault everywhere

* add min_amount_out to bid wall sell instruction

* disallow zero output amount after fees

* prevent LP position hijack/freeze

* prevent supplying wrong multisig when initializing proposal

* prevent overcharging by 1 atom in provide_liquidity

* apply min_liquidity slippage parameter to both first and subsequent lp provisioning

* replace unreachable with proper errors

* change comment to point to correct implementation reference

* prevent launch front-running by merging instructions into single transaction

* remove MAX_PREMINE from launchpad v7

* Disallow oracle changes while in Unlocking state to prevent TWAP corruption.

* adjust liquidity provision logic when position is a new account

* When a Proposal is Rejected by the Market The Squads Proposal Should Be Closed

* prevent dao parameters being upadted during active futarchy markets

* split_tokens and merge_tokens should verify question is unresolved

* bid wall quote amount debits rounding

* minor rename

* slight rename for internal consistency

* ensure conditional liquidities are always greater than zero

* ensure max_base_amount is a positive nonzero integer when providing liquidity

* short-circuit arbitrage when it doesn't yield results

* refactor seeds and invariants into constants

* explicitly prevent silent truncation in pass thresholds

* ensure max twap change is nonzero

* rename variable & comments to reflect actual situation

* disallow empty spending limit members and duplicate spending limit members

* box dao account where applicable

Author: pileks

programs/futarchy/src/instructions/admin_approve_execute_multisig_proposal.rs

@@ -77,7 +77,7 @@ impl<'info, 'c: 'info> AdminApproveExecuteMultisigProposal<'info> {
 
         let dao_nonce = &dao.nonce.to_le_bytes();
         let dao_creator_key = &dao.dao_creator.as_ref();
-        let dao_seeds = &[b"dao".as_ref(), dao_creator_key, dao_nonce, &[dao.pda_bump]];
+        let dao_seeds = &[SEED_DAO, dao_creator_key, dao_nonce, &[dao.pda_bump]];
         let dao_signer = &[&dao_seeds[..]];
 
         // Approve the proposal

programs/futarchy/src/instructions/collect_fees.rs

@@ -17,7 +17,7 @@ pub mod metadao_admin {
 #[event_cpi]
 pub struct CollectFees<'info> {
     #[account(mut)]
-    pub dao: Account<'info, Dao>,
+    pub dao: Box<Account<'info, Dao>>,
     pub admin: Signer<'info>,
     #[account(mut, associated_token::mint = dao.base_mint, associated_token::authority = metadao_multisig_vault::ID)]
     pub base_token_account: Account<'info, TokenAccount>,
@@ -68,7 +68,7 @@ impl CollectFees<'_> {
         let dao_creator = dao.dao_creator;
         let nonce = dao.nonce.to_le_bytes();
         let signer_seeds = &[
-            b"dao".as_ref(),
+            SEED_DAO,
             dao_creator.as_ref(),
             nonce.as_ref(),
             &[dao.pda_bump],

programs/futarchy/src/instructions/collect_meteora_damm_fees.rs

@@ -238,7 +238,7 @@ impl CollectMeteoraDammFees<'_> {
         let dao_nonce = &ctx.accounts.dao.nonce.to_le_bytes();
         let dao_creator_key = ctx.accounts.dao.dao_creator.as_ref();
         let dao_seeds = &[
-            b"dao".as_ref(),
+            SEED_DAO,
             dao_creator_key,
             dao_nonce,
             &[ctx.accounts.dao.pda_bump],

programs/futarchy/src/instructions/conditional_swap.rs

@@ -166,7 +166,7 @@ impl ConditionalSwap<'_> {
         let dao_creator = dao.dao_creator;
         let nonce = dao.nonce.to_le_bytes();
         let signer_seeds = &[
-            b"dao".as_ref(),
+            SEED_DAO,
             dao_creator.as_ref(),
             nonce.as_ref(),
             &[dao.pda_bump],

programs/futarchy/src/instructions/execute_spending_limit_change.rs

@@ -73,7 +73,7 @@ impl<'info, 'c: 'info> ExecuteSpendingLimitChange<'info> {
 
         let dao_nonce = &dao.nonce.to_le_bytes();
         let dao_creator_key = &dao.dao_creator.as_ref();
-        let dao_seeds = &[b"dao".as_ref(), dao_creator_key, dao_nonce, &[dao.pda_bump]];
+        let dao_seeds = &[SEED_DAO, dao_creator_key, dao_nonce, &[dao.pda_bump]];
         let dao_signer = &[&dao_seeds[..]];
 
         squads_multisig_program::cpi::vault_transaction_execute(

programs/futarchy/src/instructions/finalize_proposal.rs

@@ -109,7 +109,7 @@ impl FinalizeProposal<'_> {
 
         let squads_proposal_key = squads_proposal.key();
         let proposal_seeds = &[
-            b"proposal",
+            SEED_PROPOSAL,
             squads_proposal_key.as_ref(),
             &[proposal.pda_bump],
         ];
@@ -142,7 +142,8 @@ impl FinalizeProposal<'_> {
         let threshold_bps = if proposal.is_team_sponsored {
             dao.team_sponsored_pass_threshold_bps
         } else {
-            dao.pass_threshold_bps as i16
+            // Thanks to invariants this will never error - still it's better to be safe here.
+            i16::try_from(dao.pass_threshold_bps).map_err(|_| FutarchyError::CastingOverflow)?
         };
 
         // this can't overflow because each twap can only be MAX_PRICE (~1e31),
@@ -175,7 +176,7 @@ impl FinalizeProposal<'_> {
 
         let dao_nonce = &dao.nonce.to_le_bytes();
         let dao_creator_key = &dao.dao_creator.as_ref();
-        let dao_seeds = &[b"dao".as_ref(), dao_creator_key, dao_nonce, &[dao.pda_bump]];
+        let dao_seeds = &[SEED_DAO, dao_creator_key, dao_nonce, &[dao.pda_bump]];
         let dao_signer = &[&dao_seeds[..]];
 
         if new_proposal_state == ProposalState::Passed {

programs/futarchy/src/instructions/initialize_dao.rs

@@ -27,7 +27,7 @@ pub struct InitializeDao<'info> {
     #[account(
         init,
         payer = payer,
-        seeds = [b"dao", dao_creator.key().as_ref(), params.nonce.to_le_bytes().as_ref()],
+        seeds = [SEED_DAO, dao_creator.key().as_ref(), params.nonce.to_le_bytes().as_ref()],
         bump,
         space = 8 + Dao::INIT_SPACE,
     )]
@@ -90,7 +90,7 @@ impl InitializeDao<'_> {
 
         let creator_key = ctx.accounts.dao_creator.key();
         let dao_seeds = &[
-            b"dao".as_ref(),
+            SEED_DAO,
             creator_key.as_ref(),
             &nonce.to_le_bytes(),
             &[ctx.bumps.dao],

programs/futarchy/src/instructions/initialize_proposal.rs

@@ -7,7 +7,7 @@ pub struct InitializeProposal<'info> {
         init,
         payer = payer,
         space = 8 + Proposal::INIT_SPACE,
-        seeds = [b"proposal", squads_proposal.key().as_ref()],
+        seeds = [SEED_PROPOSAL, squads_proposal.key().as_ref()],
         bump
     )]
     pub proposal: Box<Account<'info, Proposal>>,

programs/futarchy/src/instructions/launch_proposal.rs

@@ -105,6 +105,11 @@ impl LaunchProposal<'_> {
         let base_to_lp = spot.base_reserves / 2;
         let quote_to_lp = spot.quote_reserves / 2;
 
+        // Prevent launching proposals with zero reserves, which would permanently
+        // freeze the DAO (no swaps possible, finalize_proposal fails, no recovery path)
+        require_gt!(base_to_lp, 0, FutarchyError::InsufficientLiquidity);
+        require_gt!(quote_to_lp, 0, FutarchyError::InsufficientLiquidity);
+
         spot.base_reserves -= base_to_lp;
         spot.quote_reserves -= quote_to_lp;
 

programs/futarchy/src/instructions/provide_liquidity.rs

@@ -50,7 +50,7 @@ pub struct ProvideLiquidity<'info> {
     #[account(
         init_if_needed,
         payer = payer,
-        seeds = [b"amm_position", dao.key().as_ref(), params.position_authority.key().as_ref()],
+        seeds = [SEED_AMM_POSITION, dao.key().as_ref(), params.position_authority.key().as_ref()],
         bump,
         space = 8 + AmmPosition::INIT_SPACE,
     )]
@@ -119,6 +119,7 @@ impl ProvideLiquidity<'_> {
         } else {
             // equivalent to $0.1 if the quote is USDC, here for rounding
             require_gte!(quote_amount, MIN_QUOTE_LIQUIDITY);
+            require_gt!(max_base_amount, 0);
 
             let base_amount = max_base_amount;