DAFI Manual Review Findings

DAF-01M: Inconsistent Token Support

Description:

The setdToken function does not support adding tokens whose pair is based on the ETH price instead of the USD price as the assignment of the currentPrice is done directly via multiplication of the yielded price with 10**10, indicating that the function expects a price reported with 8 decimal places. Additionally, the rebase function would not invoke a rebase operation on newly added tokens.

Example:

Copy
203function setdToken(string calldata _type, uint256 _baseLinePrice, IToken _address, IoffTokens _mainAddress) external onlyDAFIPlatform{
204    bytes32 __type = stringToBytes32(_type);
205    dTokenDetails[__type].baseLinePrice = _baseLinePrice;
206    dTokenDetails[__type].currentPrice = (uint256(price.getLatestPrice(__type))).mul(10000000000);
207    dTokenDetails[__type].tokenAddress = _address;
208    dTokenDetails[__type].mainAddress = _mainAddress;
209}

Recommendation:

We advise these segments to be revised at a system level as most tokens are based on the ETH price rather than the USD price when relying on on-chain measurements and the system should either support or not support the addition of new tokens within it.

Alleviation:

The currentPrice update from the setdToken function was omitted thus alleviating this exhibit.

DAF-02M: Incorrect Demand Factor History

Description:

The updateDemandFactorHistory accepts the old demandFactor instead of the newly calculated one.

Example:

Copy
164dataContract.updateDemandFactorHistory(_type,dTokenDetails[_type].demandFactor,uint256(now));
165
166platformToken.rebase(demandFactor);
167
168dTokenDetails[_type].demandFactor = demandFactor;

Recommendation:

We advise that this is closely evaluated to be correct behaviour as it can lead to incorrect measurements.

Alleviation:

This was indeed assessed to be correct behaviour and as such, this exhibit can be considered null.

DAF-03M: Incorrect If Structure

Description:

The code within all cases of the if-else structure perform the exact same statements.

Example:

Copy
88if(__type == dETH){
89    offToken = dTokenDetails[__type].mainAddress;
90    require (_balance <= offToken.balanceOf(_beneficiary),"Not enough balance");
91    dataContract.setIfTokenMinted(_beneficiary,__type);
92}
93else if (__type == dLINK){
94    offToken = dTokenDetails[__type].mainAddress;
95    require (_balance <= offToken.balanceOf(_beneficiary),"Not enough balance");
96    dataContract.setIfTokenMinted(_beneficiary,__type);
97    
98}
99else if (__type == dBTC){
100    offToken = dTokenDetails[__type].mainAddress;
101    require (_balance <= offToken.balanceOf(_beneficiary),"Not enough balance");
102    dataContract.setIfTokenMinted(_beneficiary,__type);
103}
104else if (__type == dAAVE){
105    offToken = dTokenDetails[__type].mainAddress;
106    require (_balance <= offToken.balanceOf(_beneficiary),"Not enough balance");
107    dataContract.setIfTokenMinted(_beneficiary,__type);
108}

Recommendation:

We advise the structure to be omitted from the codebase and replaced by the statements directly as in the current state, a new __type will not fall in the if clauses and the balance as well as whether it has been minted in the past won't be properly evaluated.

Alleviation:

The codebase was adjusted to handle the dBTC token differently from the rest of the tokens to account for its less than 18 decimals. However, the behaviour for the rest of the tokens was grouped into the same else clause thus alleviating this exhibit.

DAF-04M: Redundant Usage of Storage

Description:

The platformToken and offToken contract level variables are always overwritten before being utilized.

Example:

Copy
85

Recommendation:

We advise them to be replaced by in-memory variables in the respective functions to avoid the unnecessary gas cost associated with them and to prevent data synchrosity issues in future implementations.

Alleviation:

The contract-level variable declarations were removed from the codebase in favor of in-memory declarations, greatly optimizing the gas costs of the contract.