Omniscia Moby Audit
FastPriceEvents Static Analysis Findings
FastPriceEvents Static Analysis Findings
FPE-01S: Inexistent Event Emission
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | FastPriceEvents.sol:L20-L22 |
Description:
The linked function adjusts a sensitive contract variable yet does not emit an event for it.
Example:
20function setIsPriceFeed(address _priceFeed, bool _isPriceFeed) external onlyAdmin {21 isPriceFeed[_priceFeed] = _isPriceFeed;22}Recommendation:
We advise an event to be declared and correspondingly emitted to ensure off-chain processes can properly react to this system adjustment.
Alleviation (a8720219a6a97e10b8d9c6a70c6345747f0fdcb3):
The SetIsPriceFeed event was introduced to the codebase and is correspondingly emitted in the FastPriceEvents::setIsPriceFeed function, addressing this exhibit in full.
FPE-02S: Inexistent Initialization Protection of Base Implementation
| Type | Severity | Location |
|---|---|---|
| Language Specific | | FastPriceEvents.sol:L9, L15 |
Description:
The contract is meant to be upgradeable yet does not properly protect its logic deployment from malicious initializations.
Example:
9contract FastPriceEvents is IFastPriceEvents, OwnableUpgradeable, AuthorityUtil {10 mapping (address => bool) public isPriceFeed;11
12 event ModelPriceUpdate(uint256 _optionTokenId, uint256 price, address priceFeed);13 event RiskPremiumUpdate(uint256 _optionTokenId, uint256 riskPremium, uint256 requestIndex, address priceFeed);14
15 function initialize(IOptionsAuthority _authority) external initializer {16 __Ownable_init();17 __AuthorityUtil_init__(_authority);18 }Recommendation:
We advise a constructor to be introduced that either invokes the initializer modifier of the Initializable contract or invokes the Initializable::_disableInitializers function to prevent the base implementation from ever being initialized.
Alleviation (a95db4124c4689f421fc3fd505ffb91173355034):
The Moby team evaluated this exhibit, and opted not to apply the alleviation described.
After discussions with the Moby team, we consider this and its relevant sister exhibits as acknowledged based on the fact that the Moby team will manually invoke the initializer of each implementation contract when needed.
FPE-03S: Suboptimal Event Declarations
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | FastPriceEvents.sol:L12, L13 |
Description:
The referenced event declarations do not have any indexed argument or have less than three indexed arguments that are a primitive type.
Example:
12event ModelPriceUpdate(uint256 _optionTokenId, uint256 price, address priceFeed);Recommendation:
Apart from aiding off-chain integrators in consuming and filtering such events, primitive types that are set as indexed will result in a gas optimization due to reduced memory costs. As such, we advise the indexed keyword to be introduced to up to three different primitive types in total optimizing the referenced event declarations.
Alleviation (a8720219a6a97e10b8d9c6a70c6345747f0fdcb3):
The indexed keyword has been properly introduced to the referenced events, optimizing their emission cost.