[Audit] FM_PC_ExternalPrice_Redeeming, LM_ManualExternalPriceSetter_v1, #704
Conversation
Zitzak
force-pushed
the
feature/FM_PC_Oracle_Redeeming_v1
branch
from
dfede6f to
4c9bd6b
Compare
| if (price_ == 0) revert Module__LM_ExternalPriceSetter__InvalidPrice(); | ||
|
|
||
| // Normalize price to internal decimal precision. | ||
| _redemptionPrice = _normalizePrice(price_, _issuanceTokenDecimals); |
There was a problem hiding this comment.
According to the docs above, this should be the _collateralTokenDecimals, not _issuanceTokenDecimals.
There was a problem hiding this comment.
I'm confident the implementation is correct as is.
For redemption, we're pricing 'how many collateral tokens you get for 1 issuance token', so the input price should be in issuance token decimals, as stated in the documentation. This maintains consistency with the pricing model where 1 unit is always denominated in the issuance token.
There was a problem hiding this comment.
Feeds into the conversation about using the collateral price for all calculation see comment
| redemptionAmount_, | ||
| address(token()), | ||
| block.timestamp, | ||
| RedemptionState.PROCESSING |
There was a problem hiding this comment.
The other states don't seem to really be used
There was a problem hiding this comment.
It will be used when integrated with a different module
There was a problem hiding this comment.
An indexer will be used to track state changes and redemption orders which will be visualized within our admin panel.
However the block.timestamp can probably be removed as recommended elsewhere, as those can be retrieved from the event
|
|
||
| // Create and emit the order. | ||
| _createAndEmitOrder( | ||
| _receiver, _depositAmount, collateralRedeemAmount, issuanceFeeAmount |
There was a problem hiding this comment.
issuanceFeeAmount is just one of the fees charged, it's unclear why it does not pass all fees combined
There was a problem hiding this comment.
(jelle:) I thnk it is because the protocolFeeAmount, projectFeeAmount are taken from the collateral, and the issaunceFee from the issuance token.
There was a problem hiding this comment.
You are right (jelle), we charge different fees here. The project fee can only be charged from the collateral while the protocol fee can be charge from issuance and collateral.
The event emitting the fee amount in the _createAndEmitOrder function serves the purpose of giving the project information they need for their users, as well as their admin panel.
However this question did reveal to me that what we should have been passing into the function is not the issuanceFeeAmount (which is part of the protocol fee), but the projectFeeAmount. So turns out to still be a great catch @omega-audits
| public | ||
| override(BondingCurveBase_v1) | ||
| onlyModuleRole(WHITELIST_ROLE) | ||
| buyingIsEnabled |
There was a problem hiding this comment.
buyingisenabled is also checked in super.buyFor, so it could be removed here
There was a problem hiding this comment.
from my point of view, we need it because the function is public and could be called directly.
There was a problem hiding this comment.
I have to agree here with @omega-audits, as calling this function directly, as you're mentioning, will direct to the base buyFor where the modifier is located.
Could you please expand a bit on your point @vendrell46. Thank you
There was a problem hiding this comment.
function buyFor(address _receiver, uint _depositAmount, uint _minAmountOut)
public
virtual
override(BondingCurveBase_v1)
validReceiver(_receiver)
buyingIsEnabled
{
(uint amountIssued, uint collateralFeeAmount) =
_buyOrder(_receiver, _depositAmount, _minAmountOut);
_addVirtualIssuanceAmount(amountIssued);
_addVirtualCollateralAmount(_depositAmount - collateralFeeAmount);
}
```
This is correct this is redundant and should be removed.
…20Issuance_Blacklist * Contract structure defined * removed IFundingManager extension * IFundingManager_v1 needed * extended IRedeemingBondingCurveBase_v1 as well * ExternalPriceSetter, blacklist, Oracle and interfaces added * formatting files and adapting to the code of conduct * ManualExternalPriceSetter_v1 modified as LM * added fees checks, paymentOrder to the process and defined role for blacklist * managing roles, renaming, and removing unneeded things * whitelist logic removed, blacklist fixes * missing logic implemented * blacklist fixes and custom error added * switched from role to mapping for blacklist manager * moved blacklist files to external, modified sell, and more context added * PAYMENT_QUEUE_ROLE added, _sellOrder overriden * emit_timestamp(IssuancePriceSet,RedemptionPriceSet),NatSpec * fix: remove collateral transfer & collateral check - The function `handleCollateralTokensAfterSell` was still expecting to transfer collateral, which would revert in the current implementation. - The _sellOrder` function had a conditional check which would let the contract revert given there will not be any collateral in the contract * style: run make fmt for formating * small fixes and documentation added * docs added for issuance and redemption setters * Rename ERC20Issuance_blacklist_v1.sol to ERC20Issuance_Blacklist_v1.sol * Rename IERC20Issuance_blacklist_v1.sol to IERC20Issuance_Blacklist_v1.sol * fixed executeRedemptionQueue, docs and renaming * formatting natspec * feat: add treasury collateral withdraw * Fix fmt * fix: typo * fix: fmt * fix: remove oracle from init * fixed natspec * modifier moved * feat: update openRedemptionAmount * Update src/external/token/ERC20Issuance_Blacklist_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/external/token/ERC20Issuance_Blacklist_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * applied suggestions * Update src/external/token/ERC20Issuance_Blacklist_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/external/token/ERC20Issuance_Blacklist_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/external/token/ERC20Issuance_Blacklist_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * formatting * Update src/modules/fundingManager/oracle/interfaces/IFM_PC_ExternalPrice_Redeeming_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * formatting * Update src/modules/fundingManager/oracle/FM_PC_ExternalPrice_Redeeming_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * formatting * Modifier buyingIsEnabled and sellingIsEnabled added * formatting, updating code from parent and adding interface check * Update src/external/token/ERC20Issuance_Blacklist_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/external/token/ERC20Issuance_Blacklist_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/modules/fundingManager/oracle/interfaces/ILM_ManualExternalPriceSetter_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/modules/fundingManager/oracle/interfaces/ILM_ManualExternalPriceSetter_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/modules/fundingManager/oracle/interfaces/IOraclePrice_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/modules/fundingManager/oracle/interfaces/IOraclePrice_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/external/token/interfaces/IERC20Issuance_Blacklist_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/external/token/interfaces/IERC20Issuance_Blacklist_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/external/token/interfaces/IERC20Issuance_Blacklist_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/external/token/interfaces/IERC20Issuance_Blacklist_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/modules/fundingManager/oracle/FM_PC_ExternalPrice_Redeeming_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/modules/fundingManager/oracle/FM_PC_ExternalPrice_Redeeming_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/modules/fundingManager/oracle/FM_PC_ExternalPrice_Redeeming_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/modules/fundingManager/oracle/FM_PC_ExternalPrice_Redeeming_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/modules/fundingManager/oracle/LM_ManualExternalPriceSetter_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * Update src/modules/fundingManager/oracle/LM_ManualExternalPriceSetter_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * formatting * formatting * moved constants * changed notice to dev * adding named returned variable * modifier renamed and buyingIsEnabled added to buy * return named variables to interface * formatting * fix: revert during deployment * fix issue with authorization * fix: interface check * interface natspec same as contract * line too long fixed * removed dot from title * _ensureTokenBalance overriden * remove function * fix fmt * Update src/modules/fundingManager/oracle/interfaces/IOraclePrice_v1.sol Co-authored-by: Marvin Kruse <[email protected]> * fix: Move LM_ManualPriceSetter into LM folder --------- Co-authored-by: scab24 <[email protected]> Co-authored-by: Zitzak <[email protected]> Co-authored-by: Marvin <[email protected]> Co-authored-by: Marvin Kruse <[email protected]> Co-authored-by: Sergio <[email protected]>
* Remove unnecessary safety check * Abstract projectFeeCollected * Create tests * Fmt * Update src/modules/fundingManager/bondingCurve/interfaces/IRedeemingBondingCurveBase_v1.sol Co-authored-by: Marvin <[email protected]> * Add check to _handleCollateralTokensAfterSell * Revert "Add check to _handleCollateralTokensAfterSell" This reverts commit 32f9bb3. * Readd the check but only for projectCollateralFeeCollected * Update IFM_BC_Bancor_Redeeming_VirtualSupply_v1.sol * fmt * Apply comment suggestions from code review Co-authored-by: Marvin Kruse <[email protected]> * Rename Error * Apply suggestions from code review * Fix: Resolve version mismatches * Chore: Resolve formatting issue --------- Co-authored-by: Marvin <[email protected]> Co-authored-by: Marvin Kruse <[email protected]>
* fix: decimal conversion error * fix: add 10^tokenDecimal
Co-authored-by: Marvin Kruse <[email protected]>
Zitzak
force-pushed
the
feature/FM_PC_Oracle_Redeeming_v1
branch
from
a979f51 to
dd17de3
Compare
Zitzak
force-pushed
the
feature/FM_PC_Oracle_Redeeming_v1
branch
from
dd17de3 to
587247c
Compare
What needs to be audit.
The contracts that need to be audited are