Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong docs on UsdOracle #84

Open
code423n4 opened this issue Apr 20, 2021 · 2 comments
Open

Wrong docs on UsdOracle #84

code423n4 opened this issue Apr 20, 2021 · 2 comments
Labels
0 (Non-critical) bug Something isn't working resolved sponsor confirmed

Comments

@code423n4
Copy link
Contributor

Handle

@cmichelio

Vulnerability details

Vulnerability Details

The UsdOracle.sol contract states:

UsdOracle is a constant price oracle feed that always returns 1 USD in USDC precision.

The USDC precision is 6, but the oracle returns a precision of 8, so the comment does not match the code.

Impact

A wrong precision on the oracle contract could lead to inflated/deflated prices.

Recommended Mitigation Steps

It seems that the current contract code assumes a precision of 8 instead of 6 and works correctly.
Clarify if the documentation is wrong or the code needs to be updated.
If further development is done and the comment is assumed to be correct, one might use 100 times the actual USDC token balance.
@code423n4 code423n4 added 1 (Low Risk) bug Something isn't working labels Apr 20, 2021
code423n4 added a commit that referenced this issue Apr 20, 2021
@code423n4
@cmichelio issue #84
389974d
@lucas-manuel
Copy link
Collaborator

Informational, will address

deluca-mike added a commit to maple-labs/maple-core that referenced this issue Apr 27, 2021
@deluca-mike
chore: PR Review #2
6622d6b 
- Fixed some missed spacing
- Fixed bad NatSpec comment ending (,)
- Fixed equation alignement
- Wrong docs on UsdOracle (code-423n4/2021-04-maple-findings#84)
lucas-manuel pushed a commit to maple-labs/maple-core that referenced this issue Apr 27, 2021
@deluca-mike
chore: Comments, Spelling, and NatSpec cleanup (SC-2083) (#375)
479b396 
* refactor: More gas optimizations

- Use local variables to reduce storage access
- Use return variables when legible and possible
- if (exitCase) exit, so that large code can be done unindented, and smaller jumpdest
- --x and ++x are sometimes better, since there is no intermediate variable on the stack

* chore: PR Review fixes

- Revert saving context variable locally
- Fix allignment

* refactor: More gas optimizations

- Use local variables to reduce storage access
- Use return variables when legible and possible
- if (exitCase) exit, so that large code can be done unindented, and smaller jumpdest
- --x and ++x are sometimes better, since there is no intermediate variable on the stack

* chore: PR Review fixes

- Revert saving context variable locally
- Fix allignment

* chore: Comments, Spelling, and NatSpec cleanup

* chore: Rebase and PR Review

- Reverted exitswapExternAmountOut
- fixed more incorrect formatting
- https://app.clubhouse.io/maplefinance/story/2083/maple-core-natspec-sweep-for-spelling-correct-comments

* chore: Rebase updates

* chore: Normalize checking functions

* chore: PR Review #2

- Fixed some missed spacing
- Fixed bad NatSpec comment ending (,)
- Fixed equation alignement
- Wrong docs on UsdOracle (code-423n4/2021-04-maple-findings#84)
@deluca-mike
Copy link
Collaborator

Resolved in code comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0 (Non-critical) bug Something isn't working resolved sponsor confirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Arachnid @deluca-mike @lucas-manuel @code423n4