Introduction
Ojo provides an exchange-rate oracle for Mellow-curated Liquid Restaking Tokens (LRTs).
Unlike simple “1 LRT = 1 underlying asset” feeds, Ojo’s oracle divides the vault’s total asset value by total shares, outputting a Morpho-compatible price even when the vault holds several base tokens.
Why Did They Need an Audit?
Because Morpho markets rely on the feed to set collateral factors, any mis-scaled answer could under- or over-value an entire asset class. Ojo asked Three Sigma for a fast turn-around review to ensure:
- correct decimal scaling for every vault,
- graceful behaviour if the vault later adds multiple base assets,
- safe ownership and updater permissions.
Scope of the Engagement
- Files audited:
CloneFactory.sol, MellowPriceFeed.sol - Timeline: 16 Oct 2024 – 17 Oct 2024
- Team: 1 auditor - 2 days
- Chain: Ethereum
Audit Date: 2024-10-16
Language: Solidity
Type: Code Audit
Results and Findings
Notable Low-Severity Issues
Hard-coded 18-decimals scaling
- Description:
MellowPriceFeed multiplied the raw Q96 ratio by 1 e18 regardless of the priceFeedDecimals stored in the constructor. Vaults requiring, e.g., 6-dec feeds would have returned values off by 1e12. - Resolution: Replaced the constant with
10**priceFeedDecimals (commit ad88fe1).
Unclear behaviour if vault adds more base tokens
- Description: The current vault holds exactly one asset, so
getTargetRatiosX96() always returns 1e18. If the vault ever diversifies, the price-feed’s ratio could shift unexpectedly. - Resolution: team documented the oracle’s expected behaviour and will deploy a new feed per multi-asset vault (commit
065a63f).
In conclusion
Three Sigma’s rapid review confirmed Ojo’s oracle is sound after a minor decimal-scaling fix and clearer documentation on future multi-asset support. With these adjustments in place, Morpho markets can safely rely on Ojo’s exchange-rate feed for LRT collateralisation.
