Omniscia Astrolab DAO Audit
PythUtils Code Style Findings
PythUtils Code Style Findings
PUS-01C: Ineffectual Usage of Safe Arithmetics
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | PythUtils.sol:L33, L34 |
Description:
The linked mathematical operation is guaranteed to be performed safely by surrounding conditionals evaluated in either require checks or if-else constructs.
Example:
31// debase pyth feed decimals to target decimals32return _targetDecimals >= feedDecimals ?33 basePrice * 10 ** uint32(_targetDecimals - feedDecimals) :34 basePrice / 10 ** uint32(feedDecimals - _targetDecimals);Recommendation:
Given that safe arithmetics are toggled on by default in pragma versions of 0.8.X, we advise the linked statement to be wrapped in an unchecked code block thereby optimizing its execution cost.
Alleviation (59b75fbee1):
The relevant statement has been significantly refactored and now lives under the PythProvider::_toUsdBp, wrapped in an unchecked code block.
We do not consider the present unchecked code block introduced to be safe, as it relies on an _invert flag instead of the actual relation between the variables subtracted thus rendering this exhibit not validated to highlight the fact of this insecurity.
Alleviation (efbeab6478):
The Astrolab DAO team opted to revert the unchecked code block's introduction, ensuring that the statements are performed safely yet inefficiently per their original implementation.
As such, we consider this exhibit acknowledged as the Astrolab DAO team does not intend to apply the optimization properly.
PUS-02C: Repetitive Value Literal
| Type | Severity | Location |
|---|---|---|
| Code Style | | PythUtils.sol:L70, L71 |
Description:
The linked value literal is repeated across the codebase multiple times.
Example:
70return getPriceUsd(_pyth, _feeds[0], _validities[0], 18)Recommendation:
We advise it to be set to a constant variable instead optimizing the legibility of the codebase.
Alleviation (59b75fbee1d8f3dee807c928f18be41c58b904e1):
The referenced value literal now lives under the PriceProvider implementation and specifically the USD_DECIMALS constant variable, addressing this exhibit.