QA Report #115
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Hubble QA Report
Unless otherwise noted, manual auditing and testing were done using Visual Studio Code and Remix. The audit was done from February 17-23, 2022 by ye0lde through code4rena.
Overall, I found the code to be clear to follow and read. I'd recommend the team improve the supporting documentation to give a better overall understanding of the protocol.
price
insetStablePrice
(Oracle.sol)getTwapPrice
(AMM.sol)getUnderlyingTwapPrice
(Oracle.sol)Findings
L-1 - No validation of parameter
price
insetStablePrice
(Oracle.sol)Impact
The
setStablePrice
function does not do any validation of theprice
parameter before settingstablePrice[underlying] = price
. While this is a governance function, oncestablePrice[underlying]
is set to any non-zero value this overrides any aggregator calls made to access the current price by functiongetUnderlyingPrice
andgetUnderlyingTwapPrice
.underlying
is checked but not theprice
itself.Proof of Concept
setStablePrice
is here:https://github.com/code-423n4/2022-02-hubble/blob/ed1d885d5dbc2eae24e43c3ecbf291a0f5a52765/contracts/Oracle.sol#L169-L172
Recommended Mitigation Steps
Consider adding a check for
price > 0
L-2 - Unsafe type cast in
getTwapPrice
(AMM.sol)Impact
getTwapPrice
performs an unsafe type cast to uint128 without checking if the value actually fits into 128 bits. This typecast doesn't seem to directly lead to an exploit but safe typecasts should still be implemented for additional security.Proof of Concept
The type cast is here:
https://github.com/code-423n4/2022-02-hubble/blob/ed1d885d5dbc2eae24e43c3ecbf291a0f5a52765/contracts/AMM.sol#L392
Recommended Mitigation Steps
I suggest the following change:
NC-1 - Typo in
getUnderlyingTwapPrice
(Oracle.sol)Impact
Code clarity
Proof of Concept
The typo is here:
https://github.com/code-423n4/2022-02-hubble/blob/ed1d885d5dbc2eae24e43c3ecbf291a0f5a52765/contracts/Oracle.sol#L53
Recommended Mitigation Steps
Change
form
tofrom
.The text was updated successfully, but these errors were encountered: