DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Wrong heartbeat used

0xepley

Summary

Wrong heartbeat used for the condition if oracle == baseOracle

Vulnerability Details

In the function getOraclePrice() of LibOracle.sol we can see that if the oracle == baseOracle then baseOracleCircuitBreaker() will be called. Now in this function if we look then we can see that the hearbeat of 2 hours has been used but instead the hearbeat if 1h. You can see it here.

Note: it is been mentioned in the known issues that the heatbeat has been intentionally set at 2h but this heartbeat is wrong and can cause wrong price, so it is recommended to use the one which is being used at chainlink

Impact

Using wrong HeartBeat can cause the wrong price to be used.

Tools Used

Manual Review

Recommendations

It is recommended to use correct heartBeat

Updates

Lead Judging Commences

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.