The ousgInstantManager.sol could get DoSed if the price of the OUSG ever becomes lower than 105e18

[c4-bot-6]

Lines of code

https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/ousgInstantManager.sol#L479-L485

Vulnerability details

Impact

The contract could become practically unusable since the getOUSGPrice function is being called in _mint and _redeem functions which are the main functions of the contract.

Proof of Concept

The vulnerability arises from the require check in the getOUSGPrice function.

function getOUSGPrice() public view returns (uint256 price) {
    (price, ) = oracle.getPriceData();
    require(
      price > MINIMUM_OUSG_PRICE,
      "OUSGInstantManager::getOUSGPrice: Price unexpectedly low"
    );
  }

In a scenario where the price of the OUSG token falls below MINIMUM_OUSG_PRICE (105e18).

Tools Used

Manual Review

Recommended Mitigation Steps

Implement a setter for MINIMUM_OUSG_PRICE.

Assessed type

DoS

[0xRobocop]

Consider QA. Price is set by ondo itself.

[c4-pre-sort]

0xRobocop marked the issue as primary issue

[c4-pre-sort]

0xRobocop marked the issue as insufficient quality report

[c4-pre-sort]

0xRobocop marked the issue as sufficient quality report

[c4-sponsor]

cameronclifton (sponsor) disputed

[cameronclifton]

See other response related to this issue.

[3docSec]

The Oracle price is set by the team and does not follow normal market fluctuations - this significantly mitigates risk. However, the recommended mitigation of implementing a setter makes sense, so this group makes for a good QA finding.

[c4-judge]

3docSec changed the severity to QA (Quality Assurance)

[c4-judge]

3docSec marked the issue as grade-b

[cameronclifton]

There would not be a situation in which we would want to allow instant mints or redemptoins at a price lower than MINIMUM_OUSG_PRICE.