Omniscia vfat Audit

CompoundMarketConnector Manual Review Findings

CompoundMarketConnector Manual Review Findings

CMC-01M: Non-Standard Order of Compound Operations

Description:

Per the Compound integration guidelines, an integrator is instructed to enter a market before interacting with it.

Whilst in this particular case the CErc20Interface::mint call might not fail, it is still non-standard to enter a market after interacting with it.

Impact:

While the current integration will not revert, it still represents a non-standard approach that should be rectified.

Example:

contracts/connectors/CompoundMarketConnector.sol
16function mint(
17    address target,
18    uint256 amount,
19    bytes memory // extraData
20) external payable override {
21    CErc20Interface cToken = CErc20Interface(target);
22    SafeTransferLib.safeApprove(cToken.underlying(), target, amount);
23    uint256 error = cToken.mint(amount);
24    if (error != 0) {
25        revert CompoundActionFailed("mint", error);
26    }
27

28    address[] memory markets = new address[](1);
29    markets[0] = target;
30    uint256[] memory results = ComptrollerInterface(
31        CTokenInterface(target).comptroller()
32    ).enterMarkets(markets);
33    if (results[0] != 0) {
34        revert CompoundActionFailed("enterMarkets", results[0]);
35    }
36}

Recommendation:

We advise the code to enter the market prior to minting the relevant cToken units, ensuring that the integration's steps adhere to best practices.

Alleviation (6ab7af3bb495b817ffec469255ea679b1813eecb):

The order of operations in the CompoundMarketConnector::mint function were re-ordered as advised, ensuring that the contract enters a market prior to minting within it and thus alleviating this exhibit.

Prev

Automation.sol (ANO-M)

Next

ConnectorRegistry.sol (CRY-M)

On this page