Trail of Bits
Audit Open Original ↗

Opyn Gamma

Type

Security review

Client

Ethereum/EVM

Date

2021-05

Domain

Blockchain

Effort

6 wks

Section

Ethereum/EVM

Trail of Bits's security review of Opyn Gamma (May 2021) identified 17 issues: 6 high, 3 medium, 1 low, and 7 informational.

Findings · 17

  1. 1 Contracts used as dependencies do not track upstream changes Low
  2. 2 TradeCallee does not validate trade orders High
  3. 3 Controller _call function lacks a return statement Informational
  4. 4 Adverse market conditions can eliminate liquidation incentives High
  5. 5 MarginCalculator defines events but never emits them Medium
  6. 6 callRestricted is disabled by default Medium
  7. 7 Architecture can be simplified Informational
  8. 8 Short, long, collateral, and vault data structures may be sparse “arrays” Informational
  9. 9 Error-prone operate function Informational
  10. 10 Stablecoin value is assumed to be constant High
  11. 11 Numerous internal and external assumptions Informational
  12. 12 intToUint returns absolute values High
  13. 13 getProceed returns absolute value of required collateral Medium
  14. 14 Non-ideal handling of arithmetic Informational
  15. 15 Unclear configuration values standards High
  16. 16 Decimals set by Yearn pricer do not relect changes to yToken decimals Informational
  17. 17 yToken exchange rates are fully calculated only during withdrawals High

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related