Omniscia Moby Audit
SpotPriceFeed Manual Review Findings
SpotPriceFeed Manual Review Findings
SPF-01M: Improper Omission of Code
Type | Severity | Location |
---|---|---|
Logical Fault | SpotPriceFeed.sol:L99-L104 |
Description:
The referenced code block is meant to be active in a production environment and has been commented out due to a missing on-chain implementation.
Impact:
All TODO
related adjustments will be marked as informational given that they present "known-issues".
Example:
contracts/oracles/SpotPriceFeed.sol
93function favorFastPrice(/* address _token */) public view returns (bool) {94 if (isSpreadEnabled) {95 return false;96 }97
98 // TODO: enable when onchain oracle is ready99 // (/* uint256 prevRefPrice */, /* uint256 refTime */, uint256 cumulativeRefDelta, uint256 cumulativeFastDelta) = getPriceData(_token);100 // if (cumulativeFastDelta > cumulativeRefDelta && cumulativeFastDelta.sub(cumulativeRefDelta) > maxCumulativeDeltaDiffs[_token]) {101 // // force a spread if the cumulative delta for the fast price feed exceeds the cumulative delta102 // // for the Chainlink price feed by the maxCumulativeDeltaDiff allowed103 // return false;104 // }105
106 return true;107}
Recommendation:
We advise the Moby team to evaluate whether the on-chain implementation will be ready by the time the code is deployed, and to uncomment the referenced code block for proper validation.
Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):
The relevant code has been omitted instead of being uncommented as the on-chain oracle is not ready yet.