Omniscia Vendor Finance Audit

VendorOracle Manual Review Findings

VOE-01M: Centralized Control of Price Reported

Type	Severity	Location
Centralization Concern		VendorOracle.sol:L84-L86

Description:

The pegs mechanism of the contract permits the owner to re-direct the price calculations of a particular asset to a different one with no restrictions.

Impact:

It is currently possible for the owner to "arbitrarily" set the price calculations of all assets that are queried through the oracle feed.

Example:

contracts/VendorOracle.sol

84function setPeg(address _base, address _peg) external onlyOwner {
85    pegs[_base] = _peg;
86}

Recommendation:

We advise the pegging mechanism to be exposed solely for the wrapped assets in the constructor and to not be exposed as an invoke-able method given that it significantly affects the integrity of the oracle system.

Alleviation:

The setPeg function has been omitted from the codebase thereby eliminating a significant centralization risk and alleviating this exhibit.

Omniscia Vendor Finance Audit

VendorOracle Manual Review Findings

VendorOracle Manual Review Findings

VOE-01M: Centralized Control of Price Reported

Description:

Impact:

Example:

Recommendation:

Alleviation:

VendorLicenseEngine.sol (VLE-M)

VendorPoolFactory.sol (VPF-M)

On this page