Enforce fair FIFO queue ordering on-chain

m-Peter · m-Peter · commit ac78f2e6fdfb · 2026-02-03T17:20:41.000+02:00
diff --git a/solidity/src/FlowYieldVaultsRequests.sol b/solidity/src/FlowYieldVaultsRequests.sol
@@ -167,16 +167,69 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
     /// @notice All requests indexed by request ID
     mapping(uint256 => Request) public requests;
 
-    /// @notice Array of pending request IDs awaiting processing (FIFO order)
-    uint256[] public pendingRequestIds;
-
-    /// @notice Index of request ID in global pending array (for O(1) lookup)
-    mapping(uint256 => uint256) private _requestIndexInGlobalArray;
-
     /// @notice Index of yieldVaultId in user's yieldVaultsByUser array (for O(1) removal)
     /// @dev Internal visibility allows test helpers to properly initialize state
     mapping(address => mapping(uint64 => uint256)) internal _yieldVaultIndexInUserArray;
 
+    mapping(uint256 => uint256) queue;
+    uint256 first = 1;
+    uint256 last = 1;
+
+    function _enqueue(uint256 requestId) internal {
+        // empty queue
+        if (first == last) {
+            queue[first] = requestId;
+        } else {
+            queue[last] = requestId;
+        }
+        last += 1;
+    }
+
+    function _dequeue() internal returns (uint256) {
+        require(last > first);
+
+        uint256 requestId;
+        requestId = queue[first];
+
+        delete queue[first];
+        first += 1;
+
+        return requestId;
+    }
+
+    function _drop(uint256 requestId) internal {
+        bool slide = false;
+        for (uint256 i = first; i <= last;) {
+            if (queue[i] == requestId) {
+                delete queue[i];
+                slide = true;
+            }
+
+            if (slide) {
+                queue[i] = queue[i+1];
+            }
+
+            unchecked {
+                ++i;
+            }
+        }
+
+        last -= 1;
+    }
+
+    function _peek() internal view returns (uint256) {
+        require(last > first);
+
+        uint256 requestId;
+        requestId = queue[first];
+
+        return requestId;
+    }
+
+    function _queueLength() internal view returns (uint256) {
+        return last - first;
+    }
+
     // ============================================
     // Errors
     // ============================================
@@ -728,6 +781,7 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
 
                 // Remove from pending queues (both global and user-specific)
                 _removePendingRequest(requestId);
+                _drop(requestId);
 
                 emit RequestProcessed(
                     requestId,
@@ -929,6 +983,7 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
             userPendingRequestCount[request.user]--;
         }
         _removePendingRequest(requestId);
+        _drop(requestId);
 
         // === REFUND HANDLING (pull pattern) ===
         // For CREATE/DEPOSIT requests, move funds from pendingUserBalances to claimableRefunds
@@ -1008,9 +1063,11 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
      *      - Funds will be bridged back from Cadence in completeProcessing
      *
      *      The PROCESSING status prevents request cancellation and double-processing.
-     * @param requestId The unique identifier of the request to start processing.
+     * @param a The unique identifier of the request to start processing.
      */
-    function startProcessing(uint256 requestId) external onlyAuthorizedCOA nonReentrant {
+    function startProcessing(uint256 a) external onlyAuthorizedCOA nonReentrant {
+        // Pick the request at the front of the queue, for processing
+        uint256 requestId = _peek();
         Request storage request = requests[requestId];
 
         // === VALIDATION ===
@@ -1094,17 +1151,19 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
      *      - Successful CLOSE: Unregisters YieldVault ownership
      *
      *      For all other cases (success, WITHDRAW/CLOSE), msg.value must be 0.
-     * @param requestId The unique identifier of the request to complete.
+     * @param a The unique identifier of the request to complete.
      * @param success True if the Cadence operation succeeded, false otherwise.
      * @param yieldVaultId The YieldVault Id from Cadence (for CREATE: newly assigned; for others: existing).
      * @param message Human-readable status message or error description.
      */
     function completeProcessing(
-        uint256 requestId,
+        uint256 a,
         bool success,
         uint64 yieldVaultId,
         string calldata message
     ) external payable onlyAuthorizedCOA nonReentrant {
+        // Pick the request at the front of the queue, for processing
+        uint256 requestId = _peek();
         Request storage request = requests[requestId];
 
         // === VALIDATION ===
@@ -1181,6 +1240,7 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
             userPendingRequestCount[request.user]--;
         }
         _removePendingRequest(requestId);
+        _dequeue();
 
         emit RequestProcessed(requestId, request.user, request.requestType, newStatus, yieldVaultId, message);
     }
@@ -1222,12 +1282,19 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
     /// @notice Gets the count of pending requests
     /// @return Number of pending requests
     function getPendingRequestCount() external view returns (uint256) {
-        return pendingRequestIds.length;
+        return _queueLength();
     }
 
     /// @notice Gets all pending request IDs
     /// @return Array of pending request IDs
     function getPendingRequestIds() external view returns (uint256[] memory) {
+        uint256[] memory pendingRequestIds = new uint256[](_queueLength());
+        for (uint256 i = first; i <= last;) {
+            pendingRequestIds[i] = queue[i];
+            unchecked {
+                ++i;
+            }
+        }
         return pendingRequestIds;
     }
 
@@ -1266,7 +1333,7 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
             string[] memory strategyIdentifiers
         )
     {
-        if (startIndex >= pendingRequestIds.length) {
+        if (startIndex >= _queueLength()) {
             return (
                 new uint256[](0),
                 new address[](0),
@@ -1282,7 +1349,7 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
             );
         }
 
-        uint256 remaining = pendingRequestIds.length - startIndex;
+        uint256 remaining = _queueLength() - startIndex;
         uint256 size = count == 0
             ? remaining
             : (count < remaining ? count : remaining);
@@ -1299,8 +1366,8 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
         vaultIdentifiers = new string[](size);
         strategyIdentifiers = new string[](size);
 
-        for (uint256 i = 0; i < size; ) {
-            Request memory req = requests[pendingRequestIds[startIndex + i]];
+        for (uint256 i = 0; i < size;) {
+            Request memory req = requests[queue[first + startIndex + i]];
             ids[i] = req.id;
             users[i] = req.user;
             requestTypes[i] = uint8(req.requestType);
@@ -1672,8 +1739,7 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
         });
 
         // Add to global pending queue with index tracking for O(1) lookup
-        _requestIndexInGlobalArray[requestId] = pendingRequestIds.length;
-        pendingRequestIds.push(requestId);
+        _enqueue(requestId);
         userPendingRequestCount[msg.sender]++;
 
         // Add to user's pending array with index tracking for O(1) removal
@@ -1719,29 +1785,6 @@ contract FlowYieldVaultsRequests is ReentrancyGuard, Ownable2Step {
      * @param requestId The request ID to remove from pending queues.
      */
     function _removePendingRequest(uint256 requestId) internal {
-        // === GLOBAL PENDING ARRAY REMOVAL ===
-        // Uses O(1) lookup + O(n) shift to maintain FIFO order
-        // FIFO order is critical for DeFi fairness - requests must be processed in submission order
-        uint256 indexInGlobal = _requestIndexInGlobalArray[requestId];
-        uint256 globalLength = pendingRequestIds.length;
-
-        // Safety check: verify element exists at expected index
-        if (globalLength > 0 && indexInGlobal < globalLength && pendingRequestIds[indexInGlobal] == requestId) {
-            // Shift all subsequent elements left to maintain FIFO order
-            for (uint256 j = indexInGlobal; j < globalLength - 1; ) {
-                pendingRequestIds[j] = pendingRequestIds[j + 1];
-                // Update index mapping for each shifted element
-                _requestIndexInGlobalArray[pendingRequestIds[j]] = j;
-                unchecked {
-                    ++j;
-                }
-            }
-            // Remove the last element (now duplicated or the one to remove)
-            pendingRequestIds.pop();
-            // Clean up index mapping
-            delete _requestIndexInGlobalArray[requestId];
-        }
-
         // === USER PENDING ARRAY REMOVAL ===
         // Uses swap-and-pop for O(1) removal (order doesn't affect FIFO processing)
         address user = requests[requestId].user;
