DeFiHardhatFoundry
250,000 USDC
View results
Submission Details
Severity: high
Valid

LibChainlinkOracle can't use TWAP

Summary

Condition is reversed. Now it uses instant price when lookback is specified and uses TWAP with zero lookback (equal to instant price).

Vulnerability Details

Here you can see that condition is reversed:

function getTokenPrice(
address priceAggregatorAddress,
uint256 maxTimeout,
uint256 lookback
) internal view returns (uint256 price) {
return
@> lookback > 0
@> ? getPrice(priceAggregatorAddress, maxTimeout)
@> : getTwap(priceAggregatorAddress, maxTimeout, lookback);
}

Impact

LibChainlinkOracle.getTokenPrice() always returns current price even when lookback is specified. Core mechanism of using Chainlink TWAP doesn't work.

Tools Used

Manual Review

Recommendations

Reverse logic

function getTokenPrice(
address priceAggregatorAddress,
uint256 maxTimeout,
uint256 lookback
) internal view returns (uint256 price) {
return
lookback > 0
- ? getPrice(priceAggregatorAddress, maxTimeout)
- : getTwap(priceAggregatorAddress, maxTimeout, lookback);
+ ? getTwap(priceAggregatorAddress, maxTimeout, lookback);
+ : getPrice(priceAggregatorAddress, maxTimeout)
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

getTokenPrice never gives TWAP

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.