Omniscia Myso Finance Audit
VoteCompartment Manual Review Findings
VoteCompartment Manual Review Findings
VCT-01M: Potential Increase of Usability
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | VoteCompartment.sol:L21 |
Description:
The VoteCompartment::delegate function will permit only a loan's borrower to invoke its delegation mechanism, thereby disallowing other authorized modules such as the callbackAddr of VoteCompartment::transferCollFromCompartment to delegate the voting power of the compartment.
Impact:
While automatic strategies are expected to integrate with the Myso Finance protocol, delegation of voting power usually does not affect the operation of these strategies as they focus on maximizing profit rather than utility of the tokens they manage. As such, we consider this exhibit of "informational" severity.
Example:
17function delegate(address _delegatee) external {18 DataTypesPeerToPeer.Loan memory loan = ILenderVaultImpl(vaultAddr).loan(19 loanIdx20 );21 if (msg.sender != loan.borrower) {22 revert Errors.InvalidSender();23 }24 if (_delegatee == address(0)) {25 revert Errors.InvalidDelegatee();26 }27 IVotes(loan.collToken).delegate(_delegatee);28}Recommendation:
We advise the logic of VoteCompartment::delegate to allow delegation to be performed by either a loan's borrower or an authorized party of the borrower. This can be achieved via multiple approaches, including ECDSA signatures, a typical approve workflow with approval stored on VoteCompartment, adjustment of the DataTypesPeerToPeer.Loan structure to include authorized members, and more.
Alleviation (c740f7c6b5ebd365618fd2d7ea77370599e1ca11):
The Myso Finance team opted to apply the second approach we recommended, introducing an approvedDelegator mapping to the VoteCompartment that is set by the loan's borrower and is authorized to invoke the VoteCompartment::delegate function.
VCT-02M: Inexistent Validation of Post-Call State
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | VoteCompartment.sol:L27 |
Description:
The VoteCompartment::delegate function permits a state-mutating call to be performed to an external token of arbitrary nature.
Impact:
As an example, a delegation fee may be triggered each time an IVotes::delegate operation is performed, permitting the user to siphon their collateral balance and thus render their debt unserviceable.
Example:
17function delegate(address _delegatee) external {18 DataTypesPeerToPeer.Loan memory loan = ILenderVaultImpl(vaultAddr).loan(19 loanIdx20 );21 if (msg.sender != loan.borrower) {22 revert Errors.InvalidSender();23 }24 if (_delegatee == address(0)) {25 revert Errors.InvalidDelegatee();26 }27 IVotes(loan.collToken).delegate(_delegatee);28}Recommendation:
As a safety precaution, we advise the loan.collToken balance to be stored before the IVotes::delegate call and to be queried after it, ensuring that the post-call balance is either greater or equal to the pre-call balance. This will ensure that the IVotes::delegate call does not mutate the compartment's balance in a potentially negative way for the Myso Finance protocol and the debt's funder.
Alleviation (c740f7c6b5ebd365618fd2d7ea77370599e1ca11):
The VoteCompartment::delegate function has been properly updated to validate the pre- and post-call balances, preventing the collateral balance of the contract from being reduced during a delegation call and thus alleviating this exhibit.