nevillehuang
commented
10 months ago Invalid, it is presumed that functions will be integrated appropriately with correct inputs, there is no need for additional complexity, given also submodules are not called directly by user as mentioned in #96.
bareli
medium
Interface Assumptions
Summary
Interface Assumptions: The contract assumes that any address passed to getPriceFromUnderlying as asset_ conforms to the ERC4626 standard. If an incorrect address is passed, the behavior is unpredictable.
Vulnerability Detail
ERC4626 asset = ERC4626(asset_);
Impact
Code Snippet
https://github.com/sherlock-audit/2023-11-olympus/blob/main/bophades/src/modules/PRICE/submodules/feeds/ERC4626Price.sol#L97
Tool used
Manual Review
Recommendation
we should verify the address whether it is compatible with ERC4626