Omniscia Moby Audit
OlpManager Static Analysis Findings
OlpManager Static Analysis Findings
OMR-01S: Illegible Numeric Value Representation
| Type | Severity | Location |
|---|---|---|
| Code Style |  | OlpManager.sol:L25 |
Description:
The linked representation of a numeric literal is sub-optimally represented decreasing the legibility of the codebase.
Example:
25uint256 public constant BASIS_POINTS_DIVISOR = 10000;Recommendation:
To properly illustrate the value's purpose, we advise the following guidelines to be followed.
For values meant to depict fractions with a base of 1e18, we advise fractions to be utilized directly (i.e. 1e17 becomes 0.1e18) as they are supported.
For values meant to represent a percentage base, we advise each value to utilize the underscore (_) separator to discern the percentage decimal (i.e. 10000 becomes 100_00, 300 becomes 3_00 and so on).
Finally, for large numeric values we simply advise the underscore character to be utilized again to represent them (i.e. 1000000 becomes 1_000_000).
Alleviation (a8720219a6a97e10b8d9c6a70c6345747f0fdcb3):
The referenced value literal has been updated in its representation to 100_00 in accordance with the recommendation's underscore style, addressing this exhibit.
OMR-02S: Inexistent Event Emissions
| Type | Severity | Location |
|---|---|---|
| Language Specific | | OlpManager.sol:L87-L89, L91-L93, L95-L97, L99-L101, L103-L105, L107-L110, L112-L115 |
Description:
The linked functions adjust sensitive contract variables yet do not emit an event for it.
Example:
87function setVault(address _vault) external onlyAdmin {88 vault = IVault(_vault);89}Recommendation:
We advise an event to be declared and correspondingly emitted for each function to ensure off-chain processes can properly react to this system adjustment.
Alleviation (a8720219a6a97e10b8d9c6a70c6345747f0fdcb3):
The SetVault, SetVaultUtils, SetVaultPriceFeed, SetInPrivateMode, SetHandler, SetCooldownDuration, and SetAumAdjustment events were introduced to the codebase and are correspondingly emitted in the OlpManager::setVault, OlpManager::setVaultUtils, OlpManager::setVaultPriceFeed, OlpManager::setInPrivateMode, OlpManager::setHandler, OlpManager::setCooldownDuration, and OlpManager::setAumAdjustment functions respectively, addressing this exhibit in full.
OMR-03S: Suboptimal Event Declarations
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | OlpManager.sol:L45-L53, L55-L63 |
Description:
The referenced event declarations do not have any indexed argument or have less than three indexed arguments that are a primitive type.
Example:
45event AddLiquidity(46 address account,47 address token,48 uint256 amount,49 uint256 aumInUsdg,50 uint256 olpSupply,51 uint256 usdgAmount,52 uint256 mintAmount53);Recommendation:
Apart from aiding off-chain integrators in consuming and filtering such events, primitive types that are set as indexed will result in a gas optimization due to reduced memory costs. As such, we advise the indexed keyword to be introduced to up to three different primitive types in total optimizing the referenced event declarations.
Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):
The indexed keyword has been introduced to both referenced event declarations per our recommendation, addressing this exhibit.
OMR-04S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | OlpManager.sol:L65-L85, L87-L89, L91-L93, L95-L97, L103-L105 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
65function initialize(66 address _vault,67 address _vaultUtils,68 address _vaultPriceFeed,69 address _usdg,70 address _olp,71 uint256 _cooldownDuration,72 IOptionsAuthority _authority73) external initializer {74 __Ownable_init();75 __ReentrancyGuard_init();76 __AuthorityUtil_init__(_authority);77
78 vault = IVault(_vault);79 vaultUtils = IVaultUtils(_vaultUtils);80 vaultPriceFeed = IVaultPriceFeed(_vaultPriceFeed);81
82 usdg = _usdg;83 olp = _olp;84 cooldownDuration = _cooldownDuration;85}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):
All input argument(s) of the MintableBaseToken::initialize, MintableBaseToken::setVault, MintableBaseToken::setVaultUtils, MintableBaseToken::setVaultPriceFeed, and MintableBaseToken::setHandler functions are adequately sanitized as non-zero in the latest in-scope revision of the codebase, addressing this exhibit.