Ondo Finance - grearlake's results

Lines of code

https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/ousgInstantManager.sol#L63 https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/ousgInstantManager.sol#L479-#L485

Vulnerability details

Vulnerability detail

In ousgInstantManager contract, MINIMUM_OUSG_PRICE variable is constant variable:

    uint256 public constant MINIMUM_OUSG_PRICE = 105e18;

It is used to check if actual price of ousg is below it or not, if yes, it will revert:

function getOUSGPrice() public view returns (uint256 price) {
    (price, ) = oracle.getPriceData();
    require(
        price > MINIMUM_OUSG_PRICE,
        "OUSGInstantManager::getOUSGPrice: Price unexpectedly low"
    );
}

The problem is variable MINIMUM_OUSG_PRICE is constant, it can not be changed, so it mean if the price is under 105e18, function will revert.

To convert ousg token to usdc token, function redeem() need to be called, and it will call _redeem() function:

function _redeem(uint256 ousgAmountIn) internal returns (uint256 usdcAmountOut) {
    require(
        IERC20Metadata(address(usdc)).decimals() == 6,
        "OUSGInstantManager::_redeem: USDC decimals must be 6"
    );
    require(
        IERC20Metadata(address(buidl)).decimals() == 6,
        "OUSGInstantManager::_redeem: BUIDL decimals must be 6"
    );
    uint256 ousgPrice = getOUSGPrice();  // <---
    uint256 usdcAmountToRedeem = _getRedemptionAmount(ousgAmountIn, ousgPrice);
        .  .  .  .  .  .
}

As there is no guarantee that price of ousg is always bigger than 105e18, which is about 105$, as showed at here, there is a time that price of ousg token is 96.83$, which is lower than 105$. So when ousg price down, or worse, crash, there is no way for user to withdraw usdc.

Impact

User are not able to withdraw usdc when ousg price down below MINIMUM_OUSG_PRICE

Tools Used

Manual review

Recommended Mitigation Steps

MINIMUM_OUSG_PRICE variable should be able to be changed by admin.

Assessed type

Other