Omniscia Kanpeki Finance Audit

CollateralizationManager Manual Review Findings

CMR-01M: Improper Sanitization of Ratios

Type	Severity	Location
Input Sanitization	Minor	CollateralizationManager.sol:L74-L78

Description:

The setRatios function does not properly sanitize all values of the Ratio structs it sets.

Example:

contracts/managers/CollateralizationManager.sol

64function setRatios (address[] calldata tokens, Ratio[] calldata ratios) external onlyOwner
65{
66  require(tokens.length == ratios.length, "!=");
67
68  for (uint256 i = 0; i < ratios.length; i++)
69  {
70    address token = tokens[i];
71    Ratio memory ratio = ratios[i];
72
73    require(token != address(0), "0 addr");
74    // 12500 = 125% ... in basis point
75    require(ratio.init >= 12500, "!valid init");
76    require(ratio.liquidation >= 12000 && ratio.liquidation <= 14500, "!valid liq");
77
78    _ratio[token] = ratio;
79  }
80}

Recommendation:

We advise it to also validate that the ratio.liquidation is always less-than the ratio.init as otherwise debts would be immediately underwater.

Alleviation:

Our recommendation was applied to the codebase by extending the existing require check sanitizing the liquidation parameters.

Omniscia Kanpeki Finance Audit

CollateralizationManager Manual Review Findings

CollateralizationManager Manual Review Findings

CMR-01M: Improper Sanitization of Ratios

Description:

Example:

Recommendation:

Alleviation:

BorrowManager.sol (BMR-M)

ContractRegistry.sol (CRY-M)

On this page