Omniscia Moby Audit

SpotPriceFeed Manual Review Findings

SpotPriceFeed Manual Review Findings

SPF-01M: Improper Omission of Code

Description:

The referenced code block is meant to be active in a production environment and has been commented out due to a missing on-chain implementation.

Impact:

All TODO related adjustments will be marked as informational given that they present "known-issues".

Example:

contracts/oracles/SpotPriceFeed.sol
93function favorFastPrice(/* address _token */) public view returns (bool) {
94 if (isSpreadEnabled) {
95 return false;
96 }
97
98 // TODO: enable when onchain oracle is ready
99 // (/* uint256 prevRefPrice */, /* uint256 refTime */, uint256 cumulativeRefDelta, uint256 cumulativeFastDelta) = getPriceData(_token);
100 // if (cumulativeFastDelta > cumulativeRefDelta && cumulativeFastDelta.sub(cumulativeRefDelta) > maxCumulativeDeltaDiffs[_token]) {
101 // // force a spread if the cumulative delta for the fast price feed exceeds the cumulative delta
102 // // for the Chainlink price feed by the maxCumulativeDeltaDiff allowed
103 // return false;
104 // }
105
106 return true;
107}

Recommendation:

We advise the Moby team to evaluate whether the on-chain implementation will be ready by the time the code is deployed, and to uncomment the referenced code block for proper validation.

Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):

The relevant code has been omitted instead of being uncommented as the on-chain oracle is not ready yet.