Ojo Network

Introduction

Ojo built a time-weighted-average-price (TWAP) oracle that converts Pendle Principal Tokens (PT) to their underlying asset. The contract surfaces prices in Morpho’s standard oracle interface so PT collateral can plug directly into Morpho markets.

Why Did They Need an Audit?

If the oracle mis-scales decimals or reads stale data, Morpho would mis-price PT collateral. Ojo asked Three Sigma for a one-day security sweep focused on:

• correct decimal handling for Pendle markets,
• safe deployment/initialisation checks,
• robust access control on owner-only functions.

Scope of the Engagement

• File audited: OjoPTOraclePriceAdapter.sol
• Team: 1 auditor - 1 day
• Chain: Ethereum

Results and Findings

Informational Suggestions

Enforce 18-decimals markets

• Description: The adapter assumes the PT market mints tokens with 18 decimals. Pendle could, in theory, list markets with a different precision.
• Resolution: The constructor now queries market.decimals() and reverts unless the value equals 18 (commits 1b9e9ed, b216be3, e64e52a).

Ensure Pendle oracle is initialised

• Description: getPtToAssetRate() reverts inside Pendle’s oracle if the TWAP hasn’t been bootstrapped with at least one update. Deploying the adapter against an un-initialised oracle would brick price queries.
• Resolution: A pre-flight check verifies the Pendle oracle’s initialisation flag at deployment and reverts otherwise (same commits as above).

In conclusion

Three Sigma’s rapid assessment uncovered no security vulnerabilities; only two defensive checks were recommended and implemented. With decimal-validation and oracle-initialisation guards in place, Ojo’s PT TWAP feed is ready for production use in Morpho markets.