search

code-423n4 / 2024-03-ondo-finance-findings

5 stars 6 forks source link

Oracle sanity check incorrectly uses > instead of >= #338

Closed c4-bot-4 closed 5 months ago

c4-bot-4 commented 6 months ago

Lines of code

https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L479-L486

Vulnerability details

Impact

In getOUSGPrice, a sanity check is performed on the price returned from the oracle to ensure it is not below the minimum price. The check uses > instead of >= which causes it to revert when the price is equal to the minimum.

Proof of Concept

https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L479-L486

require(
      price > MINIMUM_OUSG_PRICE,
      "OUSGInstantManager::getOUSGPrice: Price unexpectedly low"
    );

Tools Used

Manual Review

Recommended Mitigation Steps

Replace > with >=

require(
      price >= MINIMUM_OUSG_PRICE,
      "OUSGInstantManager::getOUSGPrice: Price unexpectedly low"
    );

Assessed type

Invalid Validation

0xRobocop commented 6 months ago

Consider QA.

The edge case where price == MINIMUM_OUSG_PRICE does not have a worth to consider impact.

c4-pre-sort commented 6 months ago

0xRobocop marked the issue as insufficient quality report

c4-pre-sort commented 6 months ago

0xRobocop marked the issue as primary issue

c4-judge commented 6 months ago

3docSec changed the severity to QA (Quality Assurance)

3docSec commented 6 months ago

Edge case with inconsequential impact

c4-judge commented 6 months ago

3docSec marked the issue as grade-b