DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Submission Details
Severity: high
Invalid

Reused Oracle Instance Vulnerability in Oracle Contract

Summary

The Oracle.sol contract in the provided codebase exhibits a high-severity vulnerability related to the reuse of an Oracle. This vulnerability may lead to inaccurate tracking of Delta B in available pools, potentially impacting the reliability of the system.

Vulnerability Details

The Oracle contract lacks a clear separation of concerns in terms of tracking the Delta B in available pools. Specifically, the contract seems to be reusing the same Oracle instance across different functionalities or components of the system. This reuse may introduce inconsistencies and unintended side effects in the tracking mechanism, as there is no apparent isolation or scoping of the Oracle's state.

(contracts/beanstalk/sun/SeasonFacet/Oracle.sol#17-27)

function stepOracle() internal returns (int256 deltaB) {
deltaB = LibWellMinting.capture(C.BEAN_ETH_WELL);
s.season.timestamp = block.timestamp;
}

Impact

The impact of this vulnerability is significant as it can result in inaccurate calculations and tracking of Delta B. If the same Oracle instance is shared among different functionalities, changes in one part of the system may unintentionally affect the Oracle's state, leading to incorrect data and potentially disrupting the intended behavior of the contract.

Tools Used

Manual review.

Recommendations

To address this vulnerability, it is recommended to refactor the Oracle contract to ensure proper scoping and isolation of Oracle instances. Each functionality or component of the system that relies on the Oracle should have its own dedicated instance to prevent unintended interactions.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.