Closed c4-bot-4 closed 5 months ago
Consider QA.
The edge case where price == MINIMUM_OUSG_PRICE
does not have a worth to consider impact.
0xRobocop marked the issue as insufficient quality report
0xRobocop marked the issue as primary issue
3docSec changed the severity to QA (Quality Assurance)
Edge case with inconsequential impact
3docSec marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L479-L486
Vulnerability details
Impact
In
getOUSGPrice
, a sanity check is performed on the price returned from the oracle to ensure it is not below the minimum price. The check uses>
instead of>=
which causes it to revert when the price is equal to the minimum.Proof of Concept
https://github.com/code-423n4/2024-03-ondo-finance/blob/78779c30bebfd46e6f416b03066c55d587e8b30b/contracts/ousg/ousgInstantManager.sol#L479-L486
Tools Used
Manual Review
Recommended Mitigation Steps
Replace
>
with>=
Assessed type
Invalid Validation