Submission Details
Severity:
Only the first Pump is used from the Well's list
Summary
Though the Well can have several Pumps only the first is invoked.
Vulnerability Details
The LibWellMinting contract ignores the fact that a particular Well can have several Pumps:
function initializeOracle(address well) internal {
AppStorage storage s = LibAppStorage.diamondStorage();
// If pump has not been initialized for `well`, `readCumulativeReserves` will revert.
// Need to handle failure gracefully, so Sunrise does not revert.
Call[] memory pumps = IWell(well).pumps();
try ICumulativePump(pumps[0].target).readCumulativeReserves(
<...>
function twaDeltaB(
address well,
bytes memory lastSnapshot
) internal view returns (int256, bytes memory, uint256[] memory, uint256[] memory) {
AppStorage storage s = LibAppStorage.diamondStorage();
// Try to call `readTwaReserves` and handle failure gracefully, so Sunrise does not revert.
// On failure, reset the Oracle by returning an empty snapshot and a delta B of 0.
Call[] memory pumps = IWell(well).pumps();
try ICumulativePump(pumps[0].target).readTwaReserves(
<...>
function instantaneousDeltaB(address well) internal view returns (int256) {
Call[] memory pumps = IWell(well).pumps();
try IInstantaneousPump(pumps[0].target).readInstantaneousReserves(well,pumps[0].data)
Impact
Loss of precision, default values returning in case of error instead of real values from another Pump.
Tools used
Manual Review
Recommendations
Consider receiving values from all Pumps of the Well to increase precision and avoid zeroes then the first Pump throws.
Prize pool breakdown
Total prize
21,000 USDC
nSLOC
1,10419 USDC / LOC
17,900 USDC
1,000 USDC
2,100 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.