[OFT-03M] Restriction of Functionality

[0xfornax]

OFT-03M: Restriction of Functionality

Type	Severity	Location
Standard Conformity		OFTV2.sol:L24

Description:

The LayerZero Omnichain Fungible Token standard (OFTV2) contains a significant limitation in the sense that the token is limited by the number of decimals it may boast.

The Gravita Debt Token that the GravitaProxy will interface with already has 18 decimals, meaning that at most 18 tokens will be transferrable (Reference).

Impact:

As the GravitaDebtToken that the OFTV2 system will introduce cross-chain capabilities to has already been deployed and contains 18 decimal points, the maximum value that could be transferred in a single message is 18 units which would not be realistically useful in a production environment.

Example:

constructor(string memory _name, string memory _symbol, uint8 _sharedDecimals, address _lzEndpoint) ERC20(_name, _symbol) BaseOFTWithFee(_sharedDecimals, _lzEndpoint) {
    uint8 decimals = decimals();
    require(_sharedDecimals <= decimals, "OFT: sharedDecimals must be <= decimals");
    ld2sdRate = 10 ** (decimals - _sharedDecimals);
}

Recommendation:

We advise this trait to be evaluated and an alternative cross-chain system to be utilized. The code could extrapolate decimals and thus bypass the limitation (i.e. truncating the least-significant digits), however, in its current state it will be relatively unusable in a production environment.

[0xfornax]

From the Layer Zero explanation "It is recommended to use a smaller shared decimal point on all chains so that your token can have a larger balance. For example, if the decimal point is 18, then you can not have more than approximately 18 * 10^18 tokens bounded by the uint64.max"

We have also defined sharedDecimals as a constant with value 6. This would allow the OFT token to have 12 extra zeros, supporting values up to 1 trillion GRAI.