Omniscia vfat Audit

AerodromeGaugeRegistry Manual Review Findings

AerodromeGaugeRegistry Manual Review Findings

AGR-01M: Potentially Weak Gauge Validation

Description:

The Aerodrome system permits a gauge to be killed temporarily, meaning that contracts will not be able to perform deposits to it.

Impact:

The present behavior will result in a transaction failure during the deposit operation by the AerodromeGaugeConnector::deposit function, thereby resulting in no tangible impact to the overall system. As such, an informational severity was deemed appropriate.

Example:

contracts/connectors/aerodrome/AerodromeGaugeRegistry.sol
34function connectorOf(
35    address target
36) external view override returns (address) {
37    if (voter.isGauge(target)) {
38        address pair = voter.poolForGauge(target);
39        if (v2PairFactory.isPool(pair)) {
40            return address(v2GaugeConnector);
41        }
42        if (slipstreamPairFactory.isPool(pair)) {
43            return address(slipstreamGaugeConnector);
44        }
45    }
46

47    return address(0);
48}

Recommendation:

The current system does not permit a level of granularity to allow certain capabilities of a connector to be available, rendering an alleviation to this exhibit to be tricky.

We advise this trait to either be documented in the codebase and acknowledged, or the system to permit a different connector per interaction type to be yielded so as to allow further granularity and ensure the gauge is alive if a deposit is being attempted.

Alleviation (6ab7af3bb495b817ffec469255ea679b1813eecb):

The vfat team evaluated this exhibit and opted to acknowledge this behaviour as they do not consider deposit failures to be undesired when a gauge has been disabled, and they consider withdrawals and claim operations to still be accessible for such gauges.

Prev

ZapLib.sol (ZLB-S)

Next

Automation.sol (ANO-M)

On this page