Omniscia Gravita Protocol Audit
AdminContract Manual Review Findings
AdminContract Manual Review Findings
ACT-01M: Improper Reset Functionality
| Type | Severity | Location |
|---|---|---|
| Centralization Concern |  | AdminContract.sol:L279-L281 |
Description:
The AdminContract::setAsDefault function permits the configuration of a collateral to be re-set to its default values, a trait that should not be accessible to a centralized party.
Example:
279function setAsDefault(address _collateral) external onlyOwner {280 _setAsDefault(_collateral);281}Recommendation:
We advise this function to either be omitted from the codebase or locked behind the long timelock to avoid improper resets of collateral configurations.
Alleviation:
The default values of a collateral parameterization have been relocated to the AdminContract::addNewCollateral function instead, ensuring that these default values cannot be adjusted and that they are applied in a trustless fashion to each new collateral rather than being set by a centralized entity. As such, this exhibit has been alleviated as no AdminContract::setAsDefault or similar mechanism is present in the codebase.
ACT-02M: Improper Permission of Collateral Activation
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | AdminContract.sol:L273-L277 |
Description:
The AdminContract::sanitizeParameters function permits any EIP-20 asset to be configured within the Gravita Protocol, a trait that is highly undesirable.
Impact:
While a collateral would still need an oracle to be configured for it to behave properly, the ability to arbitrarily configure a collateral to its default values is an ill-advised trait that can be exploited under ideal conditions, such as an oracle being initialized prior to the collateral being configured by a timelock vote.
Example:
273function sanitizeParameters(address _collateral) external {274 if (!collateralParams[_collateral].hasCollateralConfigured) {275 _setAsDefault(_collateral);276 }277}Recommendation:
We advise the code to disallow such an initialization, instead ensuring that the collateral has already been configured wherever it is invoked (i.e. BorrowerOperations::openVessel).
Alleviation:
The AdminContract::sanitizeParameters function has been omitted from the codebase entirely and the BorrowerOperations::openVessel function that was utilizing it now ensures that the _asset is active at the AdminContract instance, rendering this exhibit fully alleviated.
ACT-03M: Improper Capability of Gas Compensation Adjustment
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | AdminContract.sol:L376-L388 |
Description:
The gas compensation that is provided for Vessels is an integral part of the protocol and must not change throughout an asset's lifetime as it will retroactively affect existing vessels, potentially causing them to acquire higher / smaller collateral values than expected.
Impact:
All debt-related functions (i.e. GravitaBase::_getCompositeDebt, VesselManagerOperations::_liquidateNormalMode, etc.) will be significantly affected by a downward / upward movement in the gas compensation to a point whereby the system's accounting will become inaccurate and over-track / under-track the debt of existing vessels.
Example:
376function setDebtTokenGasCompensation(377 address _collateral,378 uint256 gasCompensation379)380 public381 override382 longTimelockOnly383 safeCheck("Gas Compensation", _collateral, gasCompensation, 1 ether, 400 ether)384{385 uint256 oldGasComp = collateralParams[_collateral].debtTokenGasCompensation;386 collateralParams[_collateral].debtTokenGasCompensation = gasCompensation;387 emit GasCompensationChanged(oldGasComp, gasCompensation);388}Recommendation:
We advise this function to be omitted and configuration of the debtTokenGasCompensation to solely be permitted during an asset's initialization in the system.
Alleviation:
Our recommended course of action has been applied fully, removing the AdminContract::setDebtTokenGasCompensation function from the system entirely and permitting configuration of this value solely during a collateral's inclusion to the system via AdminContract::addNewCollateral.