Omniscia Steadefi Audit
JoeOracle Manual Review Findings
JoeOracle Manual Review Findings
JOE-01M: Incorrect Price Utilizations of Formula
| Type | Severity | Location |
|---|---|---|
| Mathematical Operations |  | JoeOracle.sol:L170-L171 |
Description:
The JoeOracle::getLpTokenValue function represents an incorrect implementation of the Alpha Homora V2 fair price formula. In detail, the prices that are meant to be utilized in the lpFairValue assessment are meant to be in 2**112 accuracy while the code uses them in 1e18 accuracy.
Impact:
The present LP token value calculations are incorrect and cause the contract to significantly misbehave.
Example:
154function getLpTokenValue(155 uint256 _amount,156 address _tokenA,157 address _tokenB,158 address _pair159) public view returns (uint256) {160 uint256 totalSupply = IJoePair(_pair).totalSupply();161
162 (uint256 totalReserveA, uint256 totalReserveB) = getLpTokenReserves(163 totalSupply,164 _tokenA,165 _tokenB,166 _pair167 );168
169 uint256 sqrtK = Math.sqrt((totalReserveA * totalReserveB)) * 2**112 / totalSupply;170 uint256 priceA = IChainLinkOracle(chainlinkOracle).consult(_tokenA);171 uint256 priceB = IChainLinkOracle(chainlinkOracle).consult(_tokenB);172 uint256 lpFairValue = sqrtK * 2 * Math.sqrt(priceA) / 2**56 * Math.sqrt(priceB) / 2**56; // in 1e12173 uint256 lpTokenValue = _amount * lpFairValue / SAFE_MULTIPLIER / 1e6; // Divide by 1e6 to return in 1e6174
175 return lpTokenValue;176}Recommendation:
We advise the values reported by the oracle to be properly handled and converted to 2**112 values, similarly to the ChainlinkAdapterOracle::getETHPx of Alpha Homora V2.
Alleviation (4325253d6de0ea91c1e9fb9e01d2e7e98f3d83a9):
The code was significantly updated to reflect Alpha Homora's V2 implementation of fair LP price evaluations, ensuring that the priceA and priceB values are offset to the right numerical accuracy of 2**112 prior to the formula.