Omniscia Steer Protocol Audit
MultiPositionLiquidityManager Manual Review Findings
MultiPositionLiquidityManager Manual Review Findings
MPL-01M: Adjustment of Function Interface
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | MultiPositionLiquidityManager.sol:L47-L55 |
Description:
The MultiPositionLiquidityManager::getPositions function was yielding a different data type in its previous implementation which will result in all integrators of the contract to fail when decoding the newly yielded data points.
Impact:
The severity of this exhibit is unquantifiable and should be evaluated by the Steer Protocol team directly.
Example:
46/// @dev Get current positions held by the vault47function getPositions()48 external49 view50 returns (LiquidityPositions[] memory)51{52 LiquidityPositions[] memory _positions = positions;53
54 return (_positions);55}Recommendation:
We advise this adjustment to be evaluated by validating that no integrator relies on the previous function signature of the MultiPositionLiquidityManager::getPositions function, and that no on-chain calls occur to the function from potentially unknown function integrators.
As a straightforward solution, we advise the original function to be retained in a backward-compatible manner and a new function to be introduced that yields the new LiquidityPositions[] structure.
Alleviation (6513a21a002d422e298719b22f73a4559dfd4663):
The code was updated to internally utilize the NewLiquidityPositions structure but to re-construct the legacy LiquidityPositions structure whenever the MultiPositionLiquidityManager::getPositions function is invoked, alleviating this exhibit.
MPL-02M: Adjustment of Storage Structure
| Type | Severity | Location |
|---|---|---|
| Language Specific | | MultiPositionLiquidityManager.sol:L29-L33, L42 |
Description:
The referenced storage structure (LiquidityPositions) appears to have changed from the previous audit round as its entries are no longer dynamic arrays and the data point itself has been converted to a dynamic array instead.
Impact:
The severity of this exhibit is unquantifiable and should be evaluated from the Steer Protocol team.
Example:
29struct LiquidityPositions {30 int24 lowerTick;31 int24 upperTick;32 uint16 relativeWeight;33}34
35struct TendLiquidityPositions {36 int24[] lowerTick;37 int24[] upperTick;38 uint16[] relativeWeight;39}40// Storage41
42LiquidityPositions[] internal positions;Recommendation:
We advise the structure and variable to be re-instated to their previous format, preventing data corruption in the positions dynamic array.
Alleviation (6513a21a002d422e298719b22f73a4559dfd4663):
The original LiquidityPositions entry has been re-instated to the relevant data location, ensuring that the data order of the contracts is correct thus alleviating this exhibit.