Omniscia Moby Audit
PositionValueFeed Static Analysis Findings
PositionValueFeed Static Analysis Findings
PVF-01S: Inexistent Initialization Protection of Base Implementation
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | PositionValueFeed.sol:L8, L27 |
Description:
The contract is meant to be upgradeable yet does not properly protect its logic deployment from malicious initializations.
Example:
8contract PositionValueFeed is IPositionValueFeed, OwnableUpgradeable, AuthorityUtil {9 uint256 public constant PRICE_PRECISION = 10 ** 30;10 uint256 public constant ONE_USD = PRICE_PRECISION;11
12 string public override description;13 14 uint256 public pvLastUpdatedAt;15 uint256 public apvLastUpdatedAt;16
17 mapping (address => uint256) public pv; // vault => Position Value18 mapping (address => bool) public isPvNegative; // vault => whether pv is negative19
20 mapping (address => uint256) public apv; // vault => Absolute Position Value21
22 event FeedPV(address vault, uint256 pv, bool isPvNegative, address updater);23 event FeedAPV(address vault, uint256 apv, address updater);24
25 function initialize(26 IOptionsAuthority _authority27 ) public initializer {Recommendation:
We advise a constructor to be introduced that either invokes the initializer modifier of the Initializable contract or invokes the Initializable::_disableInitializers function to prevent the base implementation from ever being initialized.
Alleviation (a95db4124c4689f421fc3fd505ffb91173355034):
The Moby team evaluated this exhibit, and opted not to apply the alleviation described.
After discussions with the Moby team, we consider this and its relevant sister exhibits as acknowledged based on the fact that the Moby team will manually invoke the initializer of each implementation contract when needed.
PVF-02S: Suboptimal Event Declarations
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | PositionValueFeed.sol:L22, L23 |
Description:
The referenced event declarations do not have any indexed argument or have less than three indexed arguments that are a primitive type.
Example:
22event FeedPV(address vault, uint256 pv, bool isPvNegative, address updater);Recommendation:
Apart from aiding off-chain integrators in consuming and filtering such events, primitive types that are set as indexed will result in a gas optimization due to reduced memory costs. As such, we advise the indexed keyword to be introduced to up to three different primitive types in total optimizing the referenced event declarations.
Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):
The indexed keyword has been introduced to both referenced event declarations per our recommendation, addressing this exhibit.
PVF-03S: Variable Mutability Specifier (Constant)
| Type | Severity | Location |
|---|---|---|
| Gas Optimization | | PositionValueFeed.sol:L12, L31 |
Description:
The linked variable is assigned to only once during its own declaration.
Impact:
12|32|12,31
Example:
12string public override description;Recommendation:
We advise it to be set as constant greatly optimizing its read-access gas cost.
Alleviation (b02fae335f62cc1f5f4236fb4d982ad16a32bd26):
The Moby team evaluated this exhibit but opted to acknowledge it in the current iteration of the codebase