Origin Dollar

Findings · 23

1. 1 Invalid vaultBufer could revert allocate Low
2. 2 OUSD.changeSupply should require rebasingCreditsPerToken > 0 High
3. 3 SafeMath is recommended in OUSD._executeTransfer Informational
4. 4 Transfers could silently fail without safeTransfer Informational
5. 5 Proxies are only partially EIP-1967-compliant Informational
6. 6 Queued transactions cannot be canceled High
7. 7 Unused code could cause problems in future Undetermined
8. 8 Proposal transactions can be executed separately and block Proposal.execute call High
9. 9 Proposals could allow Timelock.admin takeover High
10. 10 Reentrancy and untrusted contract call in mintMultiple High
11. 11 Of-by-one minDrift/maxDrift causes unexpected revert Low
12. 12 Unsafe last array element removal poses future risk Undetermined
13. 13 Strategy targetWeight can be set for non-existent strategy Low
14. 14 Lack of minimum redeem value might lead to less return than expected Medium
15. 15 withdraw allows redeemer to withdraw accidentally sent tokens Low
16. 16 Variable shadowing from OUSD to ERC20 Low
17. 17 VaultCore.rebase functions have no return statements Low
18. 18 Multiple contracts are missing inheritances Informational
19. 19 Lack of return value checks can lead to unexpected results High
20. 20 External calls in loop can lead to denial of service High
21. 21 No events for critical operations Informational
22. 22 OUSD allows users to transfer more tokens than expected High
23. 23 OUSD total supply can be arbitrary, even smaller than user balances High

Findings extracted from the published report PDF. See the full report below for details and remediation.