there is a require statement, which reverts if the price is below certain threshold. As the initial idea of preventing losses if the oracle malfunctions is fine, this could have more consequences to the user.
Proof of Concept
Let's say the price drops below the MINIMUM_OUSG_PRICE, this means this function will always revert as long as the price is low. This will lead to full DoS of most functions: _mint, _redeem, totalSupply, balanceOf, getSharesByROUSG, getROUSGByShares, getOUSGPrice.
As I am aware that the price decrease and oracle malfunction is stated in known issues as Price Decreases - We are aware that an extreme change in the price of SHV could prevent Ondo Finance from accurately reporting the OUSG price in its oracle. We are also aware that the code does not prevent a “negative rebase” in the event that the OUSG price goes down., but my report extends this and introduces almost complete DoS of the protocol.
Tools Used
Manual Review
Recommended Mitigation Steps
Remove the revert when the price is too low and handle the various scenarios better so the users can still use the protocol and redeem whatever they have left.
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/ousgInstantManager.sol#L479-L485
Vulnerability details
Impact
In the
getOUSGPrice
:there is a require statement, which reverts if the price is below certain threshold. As the initial idea of preventing losses if the oracle malfunctions is fine, this could have more consequences to the user.
Proof of Concept
Let's say the price drops below the
MINIMUM_OUSG_PRICE
, this means this function will always revert as long as the price is low. This will lead to full DoS of most functions:_mint
,_redeem
,totalSupply
,balanceOf
,getSharesByROUSG
,getROUSGByShares
,getOUSGPrice
.As I am aware that the price decrease and oracle malfunction is stated in known issues as
Price Decreases - We are aware that an extreme change in the price of SHV could prevent Ondo Finance from accurately reporting the OUSG price in its oracle. We are also aware that the code does not prevent a “negative rebase” in the event that the OUSG price goes down.
, but my report extends this and introduces almost complete DoS of the protocol.Tools Used
Manual Review
Recommended Mitigation Steps
Remove the revert when the price is too low and handle the various scenarios better so the users can still use the protocol and redeem whatever they have left.
Assessed type
DoS