Omniscia Olympus DAO Audit
StandardBondingCalculator Manual Review Findings
StandardBondingCalculator Manual Review Findings
SBC-01M: Inexistent Validation of Pair Tokens
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Major | StandardBondingCalculator.sol:L50-L60 |
Description:
The markdown function incorrectly assumes that if the token0 of a pair is not the OHM address, token1 will be so which may not be the case.
Example:
50function markdown( address _pair ) external view override returns ( uint ) {51 ( uint reserve0, uint reserve1, ) = IUniswapV2Pair( _pair ).getReserves();52
53 uint reserve;54 if ( IUniswapV2Pair( _pair ).token0() == address( OHM ) ) {55 reserve = reserve1;56 } else {57 reserve = reserve0;58 }59 return reserve.mul( 2 * ( 10 ** IERC20Metadata(address(OHM)).decimals() ) ).div( getTotalValue( _pair ) );60}Recommendation:
We advise a require check to be introduced in the else chain of the if clause that mandates token1 to be the OHM address.
Alleviation:
A require check was introduced in the else case that mandates token1 to be equivalent to OHM thereby alleviating this exhibit.
SBC-02M: Incorrect Usage of SafeMath Library
| Type | Severity | Location |
|---|---|---|
| Language Specific | Minor | StandardBondingCalculator.sol:L5, L21 |
Description:
The using SafeMath for uint112 statement is ineffectual as all SafeMath operations that will be performed on the uint112 data type will indirectly cast the value to a uint256 and yield the uint256 result which if casted to a uint112 can still overflow.
Example:
21using SafeMath for uint112;Recommendation:
We advise either the SafeMath library implementation to be expanded to support the uint112 data type or the using statement to be omitted should it be considered unnecessary in the codebase and replaced by uint256 casts to uint112 variables that are used in these calculations.
Alleviation:
The ineffectual using * for statement was omitted from the codebase.