Beanstalk Part 2
Beanstalk
DeFiHardhat
35,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

``getTwap()`` function is not implemented correctly.

0xsandy

Summary

getTwap() function is not implemented correctly which leads to getTwap() function always reverting.

Vulnerability Details

In the getTwap() function,

while (timestamp > t.endTimestamp) {
t.cumulativePrice = t.cumulativePrice.add(uint256(answer).mul(t.lastTimestamp.sub(timestamp)));
roundId -= 1;
t.lastTimestamp = timestamp;
(answer, timestamp) = getRoundData(priceAggregator, roundId);
if (checkForInvalidTimestampOrAnswer(timestamp, answer, t.lastTimestamp, maxTimeout)) {
return 0;
}
}

When the above block of code is executed, the loop will never end as neither timestamp nor t.endTimestamp is updated in the block. Thus, if timestamp > t.endTimestamp is reached and while loop is executed once, the while loop will continue to loop until roundId reverts due to underflow or the whole getTwap() function throws out-of-gas error.

Impact

Any function using getTwap() function of LibChainlinkOracle.sol will revert and cause DOS.

Tools Used

Manual Analysis

Recommendations

Update the while block of getTwap() function such that:

while (timestamp > t.endTimestamp) {
t.cumulativePrice = t.cumulativePrice.add(uint256(answer).mul(t.lastTimestamp.sub(timestamp)));
roundId -= 1;
t.lastTimestamp = timestamp;
(answer, timestamp) = getRoundData(priceAggregator, roundId);
if (checkForInvalidTimestampOrAnswer(timestamp, answer, t.lastTimestamp, maxTimeout)) {
return 0;
}
+ t.endTimestamp = timestamp;
}
Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.