Closed c4-bot-2 closed 3 months ago
0xRobocop marked the issue as duplicate of #69
0xRobocop marked the issue as duplicate of #41
0xRobocop marked the issue as duplicate of #144
3docSec marked the issue as unsatisfactory: Out of scope
3docSec marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/rOUSG.sol#L378-L380
Vulnerability details
Impact
Unlike the
getOUSGPrice
function inOUSGInstantManager
, thegetOUSGPrice
inROUSG
lacks a sanity check for unexpectedly low prices. The lack of this check allowsROUSG
to still work if the oracle returns a zero or unexpectedly low price.Proof of Concept
In OUSGInstantManager
getOUSGPrice
has a sanity check to ensure that the price is not below a threshold.https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L479-L485
However
ROUSG
is lacking this sanity check.https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/rOUSG.sol#L378-L380
Tools Used
Manual Review
Recommended Mitigation Steps
Add the sanity check to
ROUSG
, if a minimum is not desired then just ensure it is above zero in case the oracle is not returning a price. Ideally this would be the same function as used in OUSGInstantManager which can be inherited from a common contract to avoid code duplication.Assessed type
Oracle