Mixed-decimals math without explicit scaling

Ondo Finance's assessment for RD-F-017 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Code4rena Apr 2024 H-01: OUSGInstantManager calculates OUSG to mint based on USDC quantity (6 decimals) without checking USDC's current price — a cross-decimal pricing assumption bug. Classified High severity, marked resolved.

Sources #

Audit
https://code4rena.com/reports/2024-03-ondo-financeretrieved 2026-04-28

Methodology #

Determine whether shared numerator/denominator arithmetic operates over tokens with different decimals without WAD/RAY normalization or explicit decimal-adjustment.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol ondo-finance factor RD-F-017 score yellow collected_at 2026-05-14 12:01:55