Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Circuit DAO>High findings>Outlier resolution--logic bugs
GeneralOverview
Findings
Critical (4)
High (7)Incorrect STATUTES_MAX_IDX for statutes mutationMistakes in auction-collateral calculationsOutlier resolution--logic bugsUnverified solution parameters in announcer_registry could lead to loss of rewardsUnverified solution parameters in recharge_win could lead to loss of tokensMissing timestamp validation in collateral vaultUnverified MIN_DEPOSIT value
Medium (1)
Low (1)
Informational (3)
DiscussionVote aggregationTreasury-ring correctness relies on governanceConfusion of atom-announcer identityOracle-resolution votingTest code coverage
DesignDesign overviewThe statues coinGovernanceAtom announcerAnnouncer registryOracleTreasuryRecharge auctionSurplus auctionCollateral vaultSavings vaultBYC and CRT
Audit ResultsAssessment Results
Category: Coding Mistakes

Outlier resolution--logic bugs

High Severity
High Impact
High Likelihood

Note: This issue was independently raised by the Voltage Technologies Ltd. team during

the review period.

Description

The following issues were discovered in the oracle resolution puzzle:

  1. As we explain in section ref, the oracle coin stores price data with the oldest price at the head. However, the resolution operation appends the newest price to the head.

prices (if price_to_apply
  (c price_to_apply PRICES)
  PRICES
)

  1. Additionally, the outcome of the resolution vote is improperly accounted for when determining the price. If, after maturity, the current_decision_bool is false, the price_to_apply should be empty, but the puzzle is using the price from the OUTLIER_INFO instead.

Impact

This means that the oracle coin's accounting can be broken if an outlier resolution vote occurs.

Recommendations

The issues discussed above are already fixed by the Circuit DAO team as follows:

  1. They added the new price_to_apply at the end of the PRICES.

  2. They added an if condition to correctly set the price_to_apply value.

Remediation

This issue has been acknowledged by Voltage Technologies Ltd., and a fix was implemented in commit cef2f579.

Zellic © 2025Back to top ↑