No valid WETH address provided in StableOracleDAI constructor

Summary

No valid WETH address provided in StableOracleDAI constructor, TODO still in the code!

Vulnerability Detail

TODO needs doing!

contract StableOracleDAI is IStableOracle {
    AggregatorV3Interface priceFeedDAIETH;
    IStaticOracle DAIEthOracle;
    IStableOracle ethOracle;

    constructor() {
        priceFeedDAIETH = AggregatorV3Interface(
            0x773616E4d11A78F511299002da57A0a94577F1f4
        );
        DAIEthOracle = IStaticOracle(
            0x982152A6C7f732Ec7C9EA998dDD9Ebde00Dfa16e
        );
	// @audit - no valid address provided, TODO still in the code
        ethOracle = IStableOracle(0x0000000000000000000000000000000000000000); // TODO: WETH oracle price
    }

This is used in getPriceUSD():

uint256 wethPriceUSD = ethOracle.getPriceUSD();

Impact

ethOracle.getPriceUSD() won't work as expected.

Code Snippet

See above

Tool used

Manual Review

Recommendation

Provide the correct address. In the future consider running a recursive grep for "TODO" in the codebase before submitting for audit.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

030.md

030.md

No valid WETH address provided in StableOracleDAI constructor

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

030.md

Latest commit

History

030.md

File metadata and controls

No valid WETH address provided in StableOracleDAI constructor

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation