Omniscia Euler Finance Audit
SDaiOracle Manual Review Findings
SDaiOracle Manual Review Findings
SDO-01M: Insecure Usage of Outdated Interest Rate Accumulator
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | SDaiOracle.sol:L37, L39 |
Description:
The IPot::chi member is meant to indicate the latest interest rate accumulator, however, the SDaiOracle::_getQuote function integrates with it incorrectly as the IPot::rho value (the last time the interest accumulator was updated) may not match the current timestamp.
Impact:
The SDaiOracle::_getQuote function will constantly over-value the DAI asset in relation to the sDAI asset due to not calculating an up-to-date cumulative interest rate value from the dsrPot.
Example:
29/// @notice Get a quote by querying the exchange rate from the DSR Pot contract.30/// @dev Calls `chi`, the interest rate accumulator, to get the exchange rate.31/// @param inAmount The amount of `base` to convert.32/// @param base The token that is being priced. Either `sDai` or `dai`.33/// @param quote The token that is the unit of account. Either `dai` or `sDai`.34/// @return The converted amount.35function _getQuote(uint256 inAmount, address base, address quote) internal view override returns (uint256) {36 if (base == sDai && quote == dai) {37 return inAmount * IPot(dsrPot).chi() / 1e27;38 } else if (base == dai && quote == sDai) {39 return inAmount * 1e27 / IPot(dsrPot).chi();40 }41 revert Errors.PriceOracle_NotSupported(base, quote);42}Recommendation:
As invoking IPot::drip is impossible due to the function being state-mutating, we advise the statements within the pot's IPot::drip function to be replicated locally to calculate the latest up-to-date cumulative interest rate (chi) value.
To achieve this, the calculation rmul(rpow(dsr, now - rho, ONE), chi) needs to be replicated locally by fetching the IPot::dsr, IPot::rho, and IPot::chi values from the dsrPot and performing the WadRayMath based calculations.
Alleviation:
The accurate exchange rate between the DAI and sDAI assets is now calculated via the newly introduced SDaiOracle::_getExchangeRate function using the Solady library for performing the rpow operation, effectively alleviating this exhibit per our recommendation.