Summary:

The LibOracle library contains a bug related to the calculation of basePriceInEth and priceInEth in the getOraclePrice function. Specifically, the calculation assumes that both basePrice and price are positive, which may not always be the case.

Description:

Code Location:
File: LibOracle.sol
Function: getOraclePrice

Details:

In the getOraclePrice function, the following lines calculate basePriceInEth:

uint256 basePriceInEth = basePrice > 0
? uint256(basePrice * Constants.BASE_ORACLE_DECIMALS).inv()
: 0;
and priceInEth:

uint256 priceInEth = uint256(price).div(uint256(basePrice));

These calculations assume that both basePrice and price are positive, which may not always be the case. If basePrice or price is negative, this could result in incorrect or unexpected behavior.

Steps to Reproduce:

• Use a negative value for basePrice or price in an aggregator contract.

• Call the getOraclePrice function with that aggregator address as the asset parameter.

Expected Behavior:

The code should handle negative values of basePrice and price gracefully and provide accurate results for basePriceInEth and priceInEth.

Actual Behavior:

If either basePrice or price is negative, the calculations may produce unexpected or incorrect results.

Proposed Fix:

To address this issue, consider adding appropriate checks or calculations to handle cases where basePrice or price may be negative.