Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Audit fixes #11

Merged
merged 1 commit into from
Jun 17, 2024
Merged

Audit fixes #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,11 @@ To run all tests locally, where `[FORK_URL]` is a valid RPC endpoint for Base:
forge test --fork-url [FORK_URL]
```

## Audit reports

| Auditor | Report link |
|---|---|
| Cantina Managed | [`June 2024`](https://github.com/centrifuge/morpho-market/blob/main/audits/2023-06-cantina.pdf) |

## License
This codebase is licensed under [GNU Lesser General Public License v3.0](https://github.com/centrifuge/liquidity-pools/blob/main/LICENSE).
Binary file added audits/2023-06-cantina.pdf
View file
Open in desktop
Binary file not shown.
6 changes: 6 additions & 0 deletions src/PermissionedERC20Wrapper.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ contract PermissionedERC20Wrapper is Auth, ERC20PermissionedBase {
IAttestationService public attestationService;
IAttestationIndexer public attestationIndexer;

event File(bytes32 indexed what, address data);

constructor(
string memory name_,
string memory symbol_,
Expand All @@ -67,6 +69,7 @@ contract PermissionedERC20Wrapper is Auth, ERC20PermissionedBase {
else if (what == "service") attestationService = IAttestationService(data);
else if (what == "memberlist") memberlist = Memberlist(data);
else revert("PermissionedERC20Wrapper/file-unrecognized-param");
emit File(what, data);
}

// --- Permission checks ---
Expand All @@ -93,6 +96,9 @@ contract PermissionedERC20Wrapper is Auth, ERC20PermissionedBase {

// --- Helpers ---
function recover(address account) public auth returns (uint256) {
if (account == address(this)) {
revert ERC20InvalidReceiver(account);
}
return _recover(account);
}

Expand Down
6 changes: 3 additions & 3 deletions src/VaultOracle.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import {IOracle} from "src/interfaces/IOracle.sol";
import {Auth} from "lib/liquidity-pools/src/Auth.sol";
import {IERC20Metadata} from "lib/openzeppelin-contracts/contracts/token/ERC20/extensions/IERC20Metadata.sol";

interface IERC4626 {
interface IERC7575 {
function share() external view returns (address share);
function asset() external view returns (address asset);
function convertToAssets(uint256 shares) external view returns (uint256 assets);
Expand All @@ -14,7 +14,7 @@ interface IERC4626 {
contract VaultOracle is Auth, IOracle {
uint8 public constant PRICE_DECIMALS = 36;

IERC4626 public vault;
IERC7575 public vault;
uint256 public singleShare;
uint256 public assetScaling;

Expand All @@ -39,7 +39,7 @@ contract VaultOracle is Auth, IOracle {
}

function _updateVault(address vault_) internal {
vault = IERC4626(vault_);
vault = IERC7575(vault_);

uint8 shareDecimals = IERC20Metadata(vault.share()).decimals();
require(shareDecimals < PRICE_DECIMALS, "VaultOracle/share-decimals-too-high");
Expand Down
Loading