DeFiHardhatFoundry
250,000 USDC
View results
Submission Details
Severity: low
Invalid

LibUniswapOracle reverts on SafeCast instead of returning 0

Vulnerability Details

Oracles are supposed to return 0 instead of reverting to not halt execution of critical functions.

However now it does SafeCast which reverts in case of failure:

function consult(
address pool,
uint32 secondsAgo
) internal view returns (bool success, int24 arithmeticMeanTick) {
require(secondsAgo != 0, "BP");
uint32[] memory secondsAgos = new uint32[](2);
secondsAgos[0] = secondsAgo;
secondsAgos[1] = 0;
try IUniswapV3Pool(pool).observe(secondsAgos) returns (
int56[] memory tickCumulatives,
uint160[] memory
) {
int56 tickCumulativesDelta = tickCumulatives[1] - tickCumulatives[0];
@> arithmeticMeanTick = SafeCast.toInt24(
int256(tickCumulativesDelta / int56(uint56(secondsAgo)))
);
// Always round to negative infinity
if (tickCumulativesDelta < 0 && (tickCumulativesDelta % int56(uint56(secondsAgo)) != 0))
arithmeticMeanTick--;
success = true;
} catch {}
}

Tools Used

Manual Review

Recommendations

Return 0 instead of revert.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.