search

code-423n4 / 2022-08-olympus-findings

5 stars 4 forks source link

Cushion bond markets are opened at wall price rather than current price #485

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-08-olympus/blob/b5e139d732eb4c07102f149fb9426d356af617aa/src/policies/Operator.sol#L363-L469

Vulnerability details

Impact

Incorrect initial bond market price

Proof of Concept

uint256 initialPrice = range.wall.high.price.mulDiv(bondScale, oracleScale);

uint256 initialPrice = invWallPrice.mulDiv(bondScale, oracleScale);

In the above lines the initial prices are set to the wall price rather than the current price as indicated in documentation

Tools Used

Recommended Mitigation Steps

Initial price should be updated to open bond market at current price rather than wall price

Oighty commented 2 years ago

This is more of a design decision than a bug. However, we did make this change in the code prior to the audit (it didn't get reflected in the repo). @ind-igo not sure how you want to handle.

0xean commented 1 year ago

Going to award as M assuming no additional input from sponsor on the topic.

Oighty commented 1 year ago

It does deviate from the spec so I guess that's appropriate. The system actually would work as-is, but would be less responsive to price movements into the cushions since the bond market would have to decay (which requires waiting) to reach the current market price vs. instantly providing a buy/sell at the current price.