Omniscia Bluejay Finance Audit

TreasuryBondDepository Manual Review Findings

TBD-01M: Inexplicable Capability of Governor Adjustment

Type	Severity	Location
Centralization Concern		TreasuryBondDepository.sol:L135-L138

Description:

The linked function permits the owner of the contract to change the bond governor and thus the policy for each reserve supported by the system.

Example:

packages/contracts/contracts/TreasuryBondDepository.sol

135function setBondGovernor(address _bondGovernor) public override onlyOwner {
136  bondGovernor = IBondGovernor(_bondGovernor);
137  emit UpdatedBondGovernor(_bondGovernor);
138}

Recommendation:

We advise this trait of the system to be re-evaluated and potentially omitted as it introduces a significant centralization attack vector to the system.

Alleviation:

The setBondGovernor function has been removed from the codebase thereby alleviating this exhibit.

Omniscia Bluejay Finance Audit

TreasuryBondDepository Manual Review Findings

TreasuryBondDepository Manual Review Findings

TBD-01M: Inexplicable Capability of Governor Adjustment

Description:

Example:

Recommendation:

Alleviation:

Treasury.sol (TRE-M)

TwapOracle.sol (TOE-M)

On this page