Description

The function _manuallyPushRate is used to manually set the rate of a token in the PID controller by the admin. This function could set the rates and iTerm value in the controller without any validation logic, like clamps.

function _manuallyPushRate(address token, uint64 target, uint64 current, uint256 amount) internal virtual override {
    super._manuallyPushRate(token, target, current, amount);

    // Reinitialize the PID controller to avoid a large jump in the output rate with the next update.
    initializePid(token);
}

function initializePid(address token) internal virtual {
    PidState storage pidState = pidData[token].state;
    BufferMetadata storage meta = rateBufferMetadata[token];

    (int256 input, int256 err) = getSignedInputAndError(token);

    pidState.lastInput = input;
    pidState.lastError = err;
    if (meta.size > 0) {
        // We have a past rate, so set the iTerm to it to avoid a large jump.
        // We don't need to clamp this because the last rate was already clamped.
        pidState.iTerm = int256(uint256(getLatestRate(token).current));
    }
}

Impact

The admin has the ability to update rates, and the next rate calculation relies on iTerm. There is a risk that the admin could inadvertently adjust the rate of the future with an incorrect iTerm.

Recommendations

Ensure that users who use this contract acknowledge and accept the risks associated with manually setting the rate.

Remediation

Adrastia provided the following response to this finding:

Note that it's intended that Adrastia clients will be the ones with the sole privilege to manually push rates and set the config. It's ultimately up to them if they want to make use of this function, or if they want to adjust the permissioning of the system.

If so, the Adrastia web app has multi-stage UI dialogs to assist administrators, with formatting and validations to reduce the likeliness of human error.