Omniscia KlimaDAO Audit
KlimaBondingCalculator_v2 Manual Review Findings
KlimaBondingCalculator_v2 Manual Review Findings
KBC-01M: Incorrect Markdown Calculation
| Type | Severity | Location |
|---|---|---|
| Mathematical Operations | Major | KlimaBondingCalculator_v2.sol:L312 |
Description:
The markdown calculation performs an incorrect mathematical operation in case the first token of the pair is the USDC address as the decimals of KLIMA differ from that of USDC by 3 units.
Example:
303function markdown( address _pair ) external view returns ( uint ) {304 ( uint reserve0, uint reserve1, ) = IUniswapV2Pair( _pair ).getReserves();305
306 uint reserve;307 if ( IUniswapV2Pair( _pair ).token0() == KLIMA || IUniswapV2Pair( _pair ).token0() == USDC ) {308 reserve = reserve1;309 } else {310 reserve = reserve0;311 }312 return reserve.mul( 2 * ( 10 ** IERC20( KLIMA ).decimals() ) ).div( getTotalValue( _pair ) );313}Recommendation:
We strongly advise the calculation to use the proper unit offset depending on which token is being used as the paired asset.
Alleviation:
The KlimaDAO team stated that the code performs as intended and that the debt ratios in the bond account account for this discrepancy.
KBC-02M: Improper Token Assumption
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Medium | KlimaBondingCalculator_v2.sol:L307, L309 |
Description:
The markdown function assumes that if the first token is neither KLIMA nor USDC, the second token will be which may not be the case if the Uniswap pair is completely unrelated.
Example:
303function markdown( address _pair ) external view returns ( uint ) {304 ( uint reserve0, uint reserve1, ) = IUniswapV2Pair( _pair ).getReserves();305
306 uint reserve;307 if ( IUniswapV2Pair( _pair ).token0() == KLIMA || IUniswapV2Pair( _pair ).token0() == USDC ) {308 reserve = reserve1;309 } else {310 reserve = reserve0;311 }312 return reserve.mul( 2 * ( 10 ** IERC20( KLIMA ).decimals() ) ).div( getTotalValue( _pair ) );313}Recommendation:
We advise the token1 of the pair to be validated properly to ensure correct execution of the markdown function.
Alleviation:
The KlimaDAO team stated that the code performs as intended and that no validation of the paired asset is necessary.
KBC-03M: Ambiguous Dual Token Support
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | KlimaBondingCalculator_v2.sol:L307, L312 |
Description:
The support of two tokens for assessing the markdown is ambiguous as it does not have clearly defined behaviour in case both USDC and KLIMA are part of a Uniswap pair.
Example:
303function markdown( address _pair ) external view returns ( uint ) {304 ( uint reserve0, uint reserve1, ) = IUniswapV2Pair( _pair ).getReserves();305
306 uint reserve;307 if ( IUniswapV2Pair( _pair ).token0() == KLIMA || IUniswapV2Pair( _pair ).token0() == USDC ) {308 reserve = reserve1;309 } else {310 reserve = reserve0;311 }312 return reserve.mul( 2 * ( 10 ** IERC20( KLIMA ).decimals() ) ).div( getTotalValue( _pair ) );313}Recommendation:
We advise this portion of the codebase to be expanded upon to clearly define all logic paths as it can lead to unexpected behaviour.
Alleviation:
The KlimaDAO team stated that the code performs as intended and that the support of two tokens is by design.