Omniscia Moby Audit
OptionsMarket Manual Review Findings
OptionsMarket Manual Review Findings
OMT-01M: Potentially Improper Upgrade of Main Stable Asset
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | OptionsMarket.sol:L50-L55 |
Description:
The OptionsMarket::setMainStableAsset function will permit the mainStableAsset in the system to be updated, however, there are no restrictions as to what it is updated to.
Impact:
It is presently possible to misconfigure the mainStableAsset of the OptionsMarket causing the Vault to misbehave.
Example:
50function setMainStableAsset(address _mainStableAsset) external onlyAdmin {51 require(_mainStableAsset != address(0), "OptionsMarket: Invalid main stable asset");52 mainStableAsset = _mainStableAsset;53
54 emit SetMainStableAsset(_mainStableAsset);55}Recommendation:
We advise a restriction to be imposed, ensuring that the new _mainStableAsset has an IERC20Extended::decimals value equal to the original mainStableAsset thereby permitting existing Vault integrations to function as expected.
Alleviation (b02fae335f):
The Moby team evaluated this exhibit and opted to retain the current behaviour in place as they do not wish to impose any restrictions as to the mainStableAsset configured. As such, we consider this exhibit acknowledged based on the fact that the Moby team is expected to responsibly utilize the OptionsMarket::setMainStableAsset function.
Alleviation (a8720219a6):
After discussions with the Moby team, we concluded that the function represents a desirable business trait in the latest code implementation and thus we consider it as inapplicable in the latest iteration of the code.