fix: add BigInt-aware template evaluation for slippage calculations

[will-dz]

• Add support for mathematical operations in template variables (multiplication, division, addition, subtraction)
• Detect BigInt strings (>15 digits) and perform precision-preserving calculations
• Support common slippage values (0.1%, 0.5%, 1%, 5%) with exact fraction handling
• Add comprehensive unit tests for BigInt template math operations
• Enables direct slippage calculation in template expressions like: {{contractRead1.data.quoteExactInputSingle.amountOut * settings.uniswapv3_pool.slippage}}

---

Note

Adds BigInt-precise math to template evaluation in VM (supporting */+- and slippage), with comprehensive unit tests.

• Template Evaluation (VM core/taskengine/vm.go):
  • Add BigInt-aware math for *, /, +, - in template variable resolution with precision/rounding constants and recursion depth limits.
  • Detect and parse math expressions, including safe handling of subtraction and operator precedence.
  • Identify BigInt-like strings and perform precision-preserving calculations; special handling for common slippage values (0.999, 0.995, 0.99, 0.95).
  • Extend variable path resolution with depth-tracked recursion and safe evaluation helpers; precompiled regexes and strconv usage.
• Tests (core/taskengine/vm_template_bigint_math_test.go):
  • Add unit tests covering multiplication, division (incl. zero/divisor cases), addition, subtraction, edge cases (small/very large BigInt, non-BigInt), and a real Uniswap slippage scenario.

^{Written by Cursor Bugbot for commit 241fe13. Configure here.}

[Copilot]

Pull request overview

This PR adds BigInt-aware template evaluation to support mathematical operations in template expressions, specifically targeting slippage calculations for Uniswap v3 operations. The implementation enables direct calculations like {{contractRead1.data.quoteExactInputSingle.amountOut * settings.uniswapv3_pool.slippage}} while preserving precision for large integer values.

Key changes:

• Added mathematical operation detection and parsing for multiplication, division, addition, and subtraction in template expressions
• Implemented BigInt detection (strings >15 digits) with precision-preserving arithmetic using Go's math/big package
• Added special handling for common slippage values (0.999, 0.995, 0.99, 0.95) to avoid floating-point precision errors

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 13 comments.

File	Description
core/taskengine/vm.go	Adds core BigInt math evaluation functions (detectMathematicalOperation, parseMathExpression, isBigIntString, evaluateBigIntMath, evaluateVariablePath) and integrates BigInt-aware math into the existing resolveVariablePath method
core/taskengine/vm_template_bigint_math_test.go	Comprehensive test suite covering multiplication with various slippage values, division by floats, and edge cases including very large BigInt values and fallback scenarios

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The evaluateVariablePath function bypasses security validation by not calling ValidateCodeInjection on the varPath parameter. This creates a potential security vulnerability where malicious code could be injected through the right operand of a mathematical expression, since this function is called from evaluateBigIntMath in the default case. The comment acknowledges this ("without security validation (already validated)"), but the validation only happens for the initial expression, not for resolved variable paths that might contain injection attempts.

[Copilot]

The variable 'resultBig' is declared here and shadows the 'resultBig' variable declared at line 52 in the same test function. While this works due to the nested scope of the if statement at line 50, it can lead to confusion. Consider using a different variable name like 'resultBigVerify' or 'resultForComparison' to make the code clearer.

Suggested change

	resultBig := new(big.Int)
	if _, ok1 := originalBig.SetString("3030137700988171", 10); ok1 {
	if _, ok2 := resultBig.SetString(result, 10); ok2 {
	if resultBig.Cmp(originalBig) >= 0 {
	resultBigVerify := new(big.Int)
	if _, ok1 := originalBig.SetString("3030137700988171", 10); ok1 {
	if _, ok2 := resultBigVerify.SetString(result, 10); ok2 {
	if resultBigVerify.Cmp(originalBig) >= 0 {

[Copilot]

Converting int64 and int types to float64 can result in precision loss for large integers (integers larger than 2^53). If the right operand is a large integer that should be treated as BigInt, this conversion will lose precision. The code should preserve integer types when dealing with BigInt operations, or at least check if the integer is too large for safe float64 conversion.

Suggested change

	rightValue = float64(val)
	case int:
	rightValue = float64(val)
	rightValue = strconv.FormatInt(val, 10)
	case int:
	rightValue = strconv.Itoa(val)

[Copilot]

The regex error from MatchString is silently ignored. Consider either handling the error properly or using a pre-compiled regex pattern as a package-level variable.

[Copilot]

The test is using an incorrect precision factor compared to the implementation. The test uses a multiplier of 9950 with divisor 10000 (4 decimal places precision), but the actual implementation in vm.go uses 99500 with divisor 100000 (5 decimal places precision) for the 0.995 slippage value. This inconsistency means the test's expected value doesn't match what the implementation actually produces.

Suggested change

	multiplier := big.NewInt(9950) // 0.995 * 10000
	resultBig := new(big.Int).Mul(bigValue, multiplier)
	resultBig.Div(resultBig, big.NewInt(10000))
	multiplier := big.NewInt(99500) // 0.995 * 100000
	resultBig := new(big.Int).Mul(bigValue, multiplier)
	resultBig.Div(resultBig, big.NewInt(100000))

[Copilot]

The test suite is missing test coverage for addition and subtraction operations with BigInt values. While the implementation in vm.go includes support for "+" and "-" operators, there are no corresponding test cases to verify their correctness, especially considering the bug in the float handling logic for these operations.

[Copilot]

The division test only covers division by float values. There is no test coverage for BigInt division by another BigInt (integer division), which is an important use case that should be tested to ensure correctness, especially for potential division by zero scenarios.

[Copilot]

The regex error from MatchString is silently ignored. While this regex pattern is unlikely to fail compilation, it's better practice to either handle the error properly or compile the regex once as a package-level variable to guarantee correctness at startup. The same issue exists at line 1757.

[Copilot]

The VM instance is shared across all sub-tests in TestBigIntTemplateMath_Multiplication, which means the sub-tests are not isolated and modify the same vm.vars map. If tests run in parallel or if one test fails and leaves the VM in an unexpected state, it could affect other tests. Consider creating a new VM instance for each sub-test or resetting vm.vars at the beginning of each sub-test.

[cursor]

This PR is being reviewed by Cursor Bugbot

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Bug: Rounding fails for negative float operands in BigInt math

The rounding logic using + bigIntRoundingOffset (0.5) only works correctly for positive floats. For negative floats, this approach produces off-by-one errors. For example, -0.3 * 100000 + 0.5 = -29999.5 truncates to -29999 instead of the correct -30000. The fix requires checking the sign and subtracting 0.5 for negative values, or using math.Round().

Additional Locations (2)

• core/taskengine/vm.go#L1945-L1957
• core/taskengine/vm.go#L1928-L1929

 

[cursor]

Bug: BigInt string converted to lossy float64 before evaluation

When rightValue is a string in resolveVariablePathWithDepth, the code converts it to float64 via strconv.ParseFloat before passing to evaluateBigIntMath. This loses precision for large integer strings that could be parsed as BigInt. The evaluateBigIntMath function has proper BigInt string handling at lines 1847-1851, but this preprocessing bypasses it by converting to float64 first. Large integer string operands like "99999999999999999999" will have incorrect calculation results.

 

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 14 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Similar to the multiplication case, the rounding offset for division only works correctly for positive divisors. Negative divisors will experience incorrect rounding behavior. Additionally, the same issue exists in the addition (line 1946) and subtraction (line 1957) cases. Consider implementing a sign-aware rounding function.

[Copilot]

The division by zero test expects graceful handling but accepts any non-error result, including valid numbers (line 247). This is too permissive and doesn't verify that the function actually handles division by zero correctly. The test should assert specific expected behavior (e.g., return empty string, "undefined", or verify no panic occurs with a specific fallback value).

[Copilot]

Missing test coverage for negative BigInt values. The implementation supports negative numbers (regex includes optional minus sign), but there are no tests verifying operations with negative BigInts (e.g., negative * positive, negative + negative, etc.).

[Copilot]

The rounding offset bigIntRoundingOffset (0.5) is added to perform rounding to nearest integer, but this only works correctly for positive numbers. For negative multipliers, adding 0.5 will round in the wrong direction (e.g., -1.6 + 0.5 = -1.1, truncates to -1 instead of -2). Consider using a conditional rounding approach or Math.Round equivalent that handles negative numbers correctly.

[Copilot]

The rightOperand is not validated for code injection before being passed to evaluateVariablePath. While evaluateVariablePath does perform validation, the right operand could also be parsed as a literal number (line 2066), which bypasses validation. If the parsing fails, a malicious input could potentially exploit the unvalidated path. Ensure validation occurs before any evaluation or parsing attempt.

[Copilot]

Missing test coverage for operator precedence (e.g., "{{a + b * c}}" should evaluate multiplication before addition) and chained operations (e.g., "{{a - b - c}}"). These are important edge cases for the mathematical expression parser, especially given the right-to-left parsing in the implementation.

[Copilot]

The recursive call to evaluateBigIntMath inside the default case could lead to infinite recursion if the resolved value is neither a recognized type nor resolves to a valid type. There is no depth tracking for this recursion, which differs from the depth tracking in resolveVariablePathWithDepth. Consider adding a depth parameter to evaluateBigIntMath or removing this recursive call to prevent potential stack overflow.

[Copilot]

The constant name bigIntPrecisionScale could be more descriptive. Consider renaming it to something like bigIntDecimalPrecisionScale or bigIntFixedPointScale to clarify that it represents a fixed-point scaling factor for decimal precision (5 decimal places).

[Copilot]

The bigIntMathSubtractionRegex is compiled at package initialization, but bigIntStringRegex is compiled at the same time. While regex compilation is efficient, consider whether these patterns could be simplified. The subtraction regex \s-\s is quite simple and could be replaced with a string-based check using strings.Contains for better performance, especially if this code is called frequently.

[chrisli30]

This approach is too specialized and should not be included in the general contract_write node. Discarding it.