DeFiHardhatFoundry
250,000 USDC
View results
Submission Details
Severity: low
Invalid

`LibEthUsdOracle` returns 0 when it should return the price from Chainlink.

Vulnerability Details

When the LibWellMintingfails to fetch the price from the reserves, the usdTokenPriceis set to 0. Let's consider for this case that the BEAN_ETH_WELL has been set to 0.

function setUsdTokenPriceForWell(address well, uint256[] memory ratios) internal {
AppStorage storage s = LibAppStorage.diamondStorage();
// If the reserves length is 0, then {LibWellMinting} failed to compute
// valid manipulation resistant reserves and thus the price is set to 0
// indicating that the oracle failed to compute a valid price this Season.
if (ratios.length == 0) {
@> s.sys.usdTokenPrice[well] = 0; // @audit oracle failed. price set to zero
} else {
(, uint256 j) = getNonBeanTokenAndIndexFromWell(well);
s.sys.usdTokenPrice[well] = ratios[j];
}
}

LibEthUsdOracle has a function getEthUsdPriceFromStorageIfSaved. This function will return 0for the case above. When in fact, it should get the current price from Chainlink.

function getEthUsdPriceFromStorageIfSaved() internal view returns (uint256) {
AppStorage storage s = LibAppStorage.diamondStorage();
uint256 priceInStorage = s.sys.usdTokenPrice[C.BEAN_ETH_WELL]; // @audit should use BEAN_WSTETH_WELL
@> if (priceInStorage == 1) { // @audit - returns 0 when oracle fails due to priceInStorage == 0.
return getEthUsdPrice();
}
return priceInStorage;
}

Impact

  • getEthUsdPriceFromStorageIfSaved will return the 0when it should return the price from Chainlink.

Tools Used

Manual Review

Recommendations

Consider the case of when Oracle fails to get the price from Chainlink.

function getEthUsdPriceFromStorageIfSaved() internal view returns (uint256) {
AppStorage storage s = LibAppStorage.diamondStorage();
uint256 priceInStorage = s.sys.usdTokenPrice[C.BEAN_ETH_WELL];
- if (priceInStorage == 1) {
+ if (priceInStorage <= 1) {
return getEthUsdPrice();
}
return priceInStorage;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.