Omniscia Olympus DAO Audit

sOlympusERC20 Manual Review Findings

sOlympusERC20 Manual Review Findings

OEC-01M: Potentially Incorrect Extrapolation of Rebase

TypeSeverityLocation
Logical FaultMediumsOlympusERC20.sol:L122

Description:

The rebase function will extrapolate the rebaseAmount should a non-zero amount of circulatingSupply be returned as the calculation performed multiplies the profit by the _totalSupply and divides it by the circulatingSupply_, the latter of which is guaranteed to be greater than the former thus causing the profit_ to be increased.

Example:

contracts/sOlympusERC20.sol
108/**
109    @notice increases rOHM supply to increase staking balances relative to profit_
110    @param profit_ uint256
111    @return uint256
112 */
113function rebase( uint256 profit_, uint epoch_ ) public onlyStakingContract() returns ( uint256 ) {
114    uint256 rebaseAmount;
115    uint256 circulatingSupply_ = circulatingSupply();
116

117    if ( profit_ == 0 ) {
118        emit LogSupply( epoch_, block.timestamp, _totalSupply );
119        emit LogRebase( epoch_, 0, index() );
120        return _totalSupply;
121    } else if ( circulatingSupply_ > 0 ){
122        rebaseAmount = profit_.mul( _totalSupply ).div( circulatingSupply_ );
123    } else {
124        rebaseAmount = profit_;
125    }
126

127    _totalSupply = _totalSupply.add( rebaseAmount );
128

129    if ( _totalSupply > MAX_SUPPLY ) {
130        _totalSupply = MAX_SUPPLY;
131    }
132

133    _gonsPerFragment = TOTAL_GONS.div( _totalSupply );
134

135    _storeRebase( circulatingSupply_, profit_, epoch_ );
136

137    return _totalSupply;
138}

Recommendation:

We advise this trait to be carefully assessed and if desired to be properly documented as it can cause disproportionate profits to be calculated.

Alleviation:

The Olympus DAO team considered this exhibit, identified it as desired behaviour but opted not to apply any remediation for it.

Prev

gOHM.sol (OHM-M)

Next

BondDepository.sol (BDY-C)

On this page