The vulnerability arises from a specific sequence of contract function calls during the initialization phase of the MultiFlowPump contract's reserve values. It begins when an external entity, potentially a malicious actor, invokes the update function for the first time. This function is designed to update the reserve values of the contract and is the only external entry point for such updates. Upon execution, the update function checks if the lastTimestamp is zero, indicating that the contract's reserves have not been previously set. If this condition is met, the update function internally calls the _init function to establish the initial reserve values. However, the _init function directly sets these values without applying the capping logic that is encapsulated within the _capReserve function. The _capReserve function is intended to limit the magnitude of reserve changes between updates, but it is not utilized during this initial setup. As a result, the initial reserves can be set to any value without the intended restrictions, potentially allowing a malicious actor to manipulate these values to their advantage, which could adversely affect the contract's future calculations and oracle data integrity.
The absence of a capping mechanism during the initial reserve setting allows for potential manipulation of reserve values, compromising the integrity of subsequent EMA and SMA calculations.
Manual Review
Add range checks for initial reserves in _init.
Introduce a mechanism to initialise the contract with predefined reserve values or employing a multi-step initialization process that includes validation checks or external inputs.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.