The Oracle.sol contract in the provided codebase exhibits a high-severity vulnerability related to the reuse of an Oracle. This vulnerability may lead to inaccurate tracking of Delta B in available pools, potentially impacting the reliability of the system.
The Oracle contract lacks a clear separation of concerns in terms of tracking the Delta B in available pools. Specifically, the contract seems to be reusing the same Oracle instance across different functionalities or components of the system. This reuse may introduce inconsistencies and unintended side effects in the tracking mechanism, as there is no apparent isolation or scoping of the Oracle's state.
(contracts/beanstalk/sun/SeasonFacet/Oracle.sol#17-27)
The impact of this vulnerability is significant as it can result in inaccurate calculations and tracking of Delta B. If the same Oracle instance is shared among different functionalities, changes in one part of the system may unintentionally affect the Oracle's state, leading to incorrect data and potentially disrupting the intended behavior of the contract.
Manual review.
To address this vulnerability, it is recommended to refactor the Oracle contract to ensure proper scoping and isolation of Oracle instances. Each functionality or component of the system that relies on the Oracle should have its own dedicated instance to prevent unintended interactions.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.