DittoETH

Summary

The createLimitShort() function uses the getSavedOrSpotOraclePrice() function to fetch the oracle price for a given asset. However, the getSavedOrSpotOraclePrice() function may return saved price data that is up to 15 minutes old, which could potentially lead to the use of outdated price data in createLimitShort().

Vulnerability Details

The getSavedOrSpotOraclePrice() function checks if the saved price data is less than 15 minutes old. If it is, the function returns the saved price. Otherwise, it fetches the latest price from the oracle. This logic is designed to optimize gas costs, as fetching data from an oracle can be expensive.

However, this could potentially lead to the use of outdated price data if the price of the asset is highly volatile and changes significantly within 15 minutes. This outdated price data is then used in createLimitShort() to determine whether to add a new short order or to match the incoming short order with existing orders.

Impact

The potential impact of this vulnerability includes incorrect decisions in the createLimitShort() function due to the use of outdated price data. This could lead to short orders being incorrectly added to the order book or matched with existing orders, potentially resulting in financial loss or other adverse effects.

Tools Used

manual Review

Recommendations

To mitigate this vulnerability, it is recommended to:

Regularly update the saved price data to ensure that it reflects the current market price. This could be done, for example, by triggering an update whenever a new order is created or matched.

Implement validation checks in getSavedOrSpotOraclePrice() to ensure that the price data is valid and up-to-date. This could include, for example, comparing the saved price against a reference price or against the latest price from the oracle.

Consider reducing the 15-minute THRESHOLD:

if (LibOrders.getOffsetTime() - getTime(asset) < 5 minutes) {
return getPrice(asset);
} else {
return getOraclePrice(asset);
}