Omniscia 0xPhase Audit
CashOracle Manual Review Findings
CashOracle Manual Review Findings
COE-01M: Insecure Calculation of Share Amount
| Type | Severity | Location |
|---|---|---|
| Mathematical Operations |  | CashOracle.sol:L26 |
Description:
The CashOracle::getPrice function currently misbehaves greatly as the accuracy of its prices when a bond asset is consulted contains no decimal places.
Impact:
The CashOracle::getPrice function will yield unusable data points when it is consulted for the price of the bond asset.
Example:
oracle/oracles/cash/CashOracle.sol
18/// @inheritdoc IOracle19function getPrice(20 address asset21) external view override returns (uint256 price) {22 if (asset == address(cash)) return 1 ether;23
24 if (asset == address(bond))25 return26 ShareLib.calculateAmount(1, bond.totalSupply(), bond.totalBalance());27
28 revert("CashOracle: Not a cash asset");29}Recommendation:
We advise the input of ShareLib::calculateAmount to be 1e18, ensuring that CashOracle::getPrice yields an evaluation with 1e18 numerical accuracy akin to the other oracles in the system.
Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):
The code was updated according to our recommendation, ensuring that outputs of the CashOracle::getPrice function yield values with an expectable accuracy.