Omniscia Tangible Audit

UsdUsdOracle Static Analysis Findings

UsdUsdOracle Static Analysis Findings

UUO-01S: Multiple Top-Level Declarations

Description:

The referenced file contains multiple top-level declarations that decrease the legibility of the codebase.

Example:

contracts/priceOracles/UsdUsdOracle.sol
9contract Owned {
10 address public owner;
11 address private pendingOwner;
12
13 event OwnershipTransferRequested(address indexed from, address indexed to);
14 event OwnershipTransferred(address indexed from, address indexed to);
15
16 constructor() {
17 owner = msg.sender;
18 }
19
20 /**
21 * @dev Allows an owner to begin transferring ownership to a new address,
22 * pending.
23 */
24 function transferOwnership(address _to) external onlyOwner {
25 pendingOwner = _to;
26
27 emit OwnershipTransferRequested(owner, _to);
28 }
29
30 /**
31 * @dev Allows an ownership transfer to be completed by the recipient.
32 */
33 function acceptOwnership() external {
34 require(msg.sender == pendingOwner, "Must be proposed owner");
35
36 address oldOwner = owner;
37 owner = msg.sender;
38 pendingOwner = address(0);
39
40 emit OwnershipTransferred(oldOwner, msg.sender);
41 }
42
43 /**
44 * @dev Reverts if called by anyone other than the contract owner.
45 */
46 modifier onlyOwner() {
47 require(msg.sender == owner, "Only callable by owner");
48 _;
49 }
50}
51
52interface AggregatorInterface {
53 function latestAnswer() external view returns (int256);
54
55 function latestTimestamp() external view returns (uint256);
56
57 function latestRound() external view returns (uint256);
58
59 function getAnswer(uint256 roundId) external view returns (int256);
60
61 function getTimestamp(uint256 roundId) external view returns (uint256);
62
63 event AnswerUpdated(int256 indexed current, uint256 indexed roundId, uint256 updatedAt);
64 event NewRound(uint256 indexed roundId, address indexed startedBy, uint256 startedAt);
65}
66
67interface AggregatorV3Interface {
68 function decimals() external view returns (uint8);
69
70 function description() external view returns (string memory);
71
72 function version() external view returns (uint256);
73
74 // getRoundData and latestRoundData should both raise "No data present"
75 // if they do not have data to report, instead of returning unset values
76 // which could be misinterpreted as actual reported values.
77 function getRoundData(
78 uint80 _roundId
79 )
80 external
81 view
82 returns (
83 uint80 roundId,
84 int256 answer,
85 uint256 startedAt,
86 uint256 updatedAt,
87 uint80 answeredInRound
88 );
89
90 function latestRoundData()
91 external
92 view
93 returns (
94 uint80 roundId,
95 int256 answer,
96 uint256 startedAt,
97 uint256 updatedAt,
98 uint80 answeredInRound
99 );
100}
101
102interface AggregatorV2V3Interface is AggregatorInterface, AggregatorV3Interface {}
103
104/**
105 * @title External Access Controlled Aggregator Proxy
106 * @notice A trusted proxy for updating where current answers are read from
107 * @notice This contract provides a consistent address for the
108 * Aggregator and AggregatorV3Interface but delegates where it reads from to the owner, who is
109 * trusted to update it.
110 * @notice Only access enabled addresses are allowed to access getters for
111 * aggregated answers and round information.
112 */
113contract UsdUsdOracle is AggregatorV2V3Interface, Owned {

Recommendation:

We advise all highlighted top-level declarations to be split into their respective code files, avoiding unnecessary imports as well as increasing the legibility of the codebase.

Alleviation (2ad448279d9e8e4b6edd94bcd2eb22129b6f7357):

The Tangible team specified that this implementation matches the deployed instances of Chainlink and that they wish to not perform any additional changes on it beyond what's needed for the purposes of Tangible. As such, we consider this exhibit safely acknowledged.