Omniscia Kanpeki Finance Audit
CollateralizationManager Manual Review Findings
CollateralizationManager Manual Review Findings
CMR-01M: Improper Sanitization of Ratios
Type | Severity | Location |
---|---|---|
Input Sanitization | Minor | CollateralizationManager.sol:L74-L78 |
Description:
The setRatios
function does not properly sanitize all values of the Ratio
structs it sets.
Example:
contracts/managers/CollateralizationManager.sol
64function setRatios (address[] calldata tokens, Ratio[] calldata ratios) external onlyOwner65{66 require(tokens.length == ratios.length, "!=");67
68 for (uint256 i = 0; i < ratios.length; i++)69 {70 address token = tokens[i];71 Ratio memory ratio = ratios[i];72
73 require(token != address(0), "0 addr");74 // 12500 = 125% ... in basis point75 require(ratio.init >= 12500, "!valid init");76 require(ratio.liquidation >= 12000 && ratio.liquidation <= 14500, "!valid liq");77
78 _ratio[token] = ratio;79 }80}
Recommendation:
We advise it to also validate that the ratio.liquidation
is always less-than the ratio.init
as otherwise debts would be immediately underwater.
Alleviation:
Our recommendation was applied to the codebase by extending the existing require
check sanitizing the liquidation parameters.